AWS SecurityHub

2022/04/25 - AWS SecurityHub - 2 updated api methods

Changes  Security Hub now lets you opt-out of auto-enabling the defaults standards (CIS and FSBP) in accounts that are auto-enabled with Security Hub via Security Hub's integration with AWS Organizations.

DescribeOrganizationConfiguration (updated) Link ¶
Changes (response) 
{'AutoEnableStandards': 'NONE | DEFAULT'}

Returns information about the Organizations configuration for Security Hub. Can only be called from a Security Hub administrator account.

See also: AWS API Documentation

Request Syntax

client.describe_organization_configuration()
rtype

dict

returns

Response Syntax

{
    'AutoEnable': True|False,
    'MemberAccountLimitReached': True|False,
    'AutoEnableStandards': 'NONE'|'DEFAULT'
}

Response Structure

  • (dict) --

    • AutoEnable (boolean) --

      Whether to automatically enable Security Hub for new accounts in the organization.

      If set to true , then Security Hub is enabled for new accounts. If set to false, then new accounts are not added automatically.

    • MemberAccountLimitReached (boolean) --

      Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.

    • AutoEnableStandards (string) --

      Whether to automatically enable Security Hub default standards for new member accounts in the organization.

      The default value of this parameter is equal to DEFAULT .

      If equal to DEFAULT , then Security Hub default standards are automatically enabled for new member accounts. If equal to NONE , then default standards are not automatically enabled for new member accounts.

UpdateOrganizationConfiguration (updated) Link ¶
Changes (request) 
{'AutoEnableStandards': 'NONE | DEFAULT'}

Used to update the configuration related to Organizations. Can only be called from a Security Hub administrator account.

See also: AWS API Documentation

Request Syntax

client.update_organization_configuration(
    AutoEnable=True|False,
    AutoEnableStandards='NONE'|'DEFAULT'
)
type AutoEnable

boolean

param AutoEnable

[REQUIRED]

Whether to automatically enable Security Hub for new accounts in the organization.

By default, this is false , and new accounts are not added automatically.

To automatically enable Security Hub for new accounts, set this to true .

type AutoEnableStandards

string

param AutoEnableStandards

Whether to automatically enable Security Hub default standards for new member accounts in the organization.

By default, this parameter is equal to DEFAULT , and new member accounts are automatically enabled with default Security Hub standards.

To opt out of enabling default standards for new member accounts, set this parameter equal to NONE .

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --