AWS Security Hub (securityhub)

Additions

Actions

• ConnectorRegistrationsV2
  
  • Description:  Grants permission to complete the OAuth 2.0 authorization code flow based on input parameters
  • Access:  Write
  • Resources: 

    Name: connectorv2

    Required: Yes

• CreateAggregatorV2
  
  • Description:  Grants permission to create an aggregatorV2, which configures data aggregation across Regions
  • Access:  Write
• CreateAutomationRuleV2
  
  • Description:  Grants permission to create an automation rule V2 based on input parameters
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• CreateConnectorV2
  
  • Description:  Grants permission to create a connector V2 based on input parameters
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• CreateTicketV2
  
  • Description:  Grants permission to create ticket for a selected OCSF finding
  • Access:  Write
  • Resources: 

    Name: hub

    Required: No

    Name: hubv2

    Required: No

• DeleteAggregatorV2
  
  • Description:  Grants permission to delete an aggregatorV2, which configures data aggregation across Regions
  • Access:  Write
  • Resources: 

    Name: aggregatorv2

    Required: Yes

• DeleteAutomationRuleV2
  
  • Description:  Grants permission to delete an automation rule V2 in Security Hub
  • Access:  Write
  • Resources: 

    Name: automation-rulev2

    Required: Yes

• DeleteConnectorV2
  
  • Description:  Grants permission to delete a connector V2 in Security Hub
  • Access:  Write
  • Resources: 

    Name: connectorv2

    Required: Yes

• DescribeProductsV2
  
  • Description:  Grants permission to retrieve information about the available Security Hub V2 product integrations
  • Access:  Read
  • Resources: 

    Name: hubv2

    Required: No

• DescribeSecurityHubV2
  
  • Description:  Grants permission to retrieve information about the hub V2 resource in your account
  • Access:  Read
• DisableSecurityHubV2
  
  • Description:  Grants permission to disable Security Hub V2
  • Access:  Write
• EnableSecurityHubV2
  
  • Description:  Grants permission to enable Security Hub V2
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• GetAggregatorV2
  
  • Description:  Grants permission to retrieve details for an aggregatorV2, which configures data aggregation across Regions
  • Access:  Read
  • Resources: 

    Name: aggregatorv2

    Required: Yes

• GetAutomationRuleV2
  
  • Description:  Grants permission to retrieve details for an automation rule V2 from Security Hub based on rule Amazon Resource Name (ARN)
  • Access:  Read
  • Resources: 

    Name: automation-rulev2

    Required: Yes

• GetConnectorV2
  
  • Description:  Grants permission to retrieve details for a connector V2 from Security Hub based on connector id
  • Access:  Read
  • Resources: 

    Name: connectorv2

    Required: Yes

• GetResourceStatisticsV2
  
  • Description:  Grants permission to retrieve aggregate statistics about resources
  • Access:  Read
  • Resources: 

    Name: hubv2

    Required: No

• GetResourcesV2
  
  • Description:  Grants permission to retrieve a list of resources
  • Access:  Read
  • Resources: 

    Name: hubv2

    Required: No

• ListAggregatorV2s
  
  • Description:  Grants permission to retrieve a list of aggregatorsV2, which configures data aggregation across Regions
  • Access:  List
• ListAutomationRulesV2
  
  • Description:  Grants permission to retrieve a list of automation rules V2 and their metadata for the calling account from Security Hub
  • Access:  List
• ListConnectorsV2
  
  • Description:  Grants permission to retrieve a list of connectors V2 and their metadata for the calling account from Security Hub
  • Access:  List
• UpdateAggregatorV2
  
  • Description:  Grants permission to update an aggregatorV2, which configures data aggregation across Regions
  • Access:  Write
  • Resources: 

    Name: aggregatorv2

    Required: Yes

• UpdateAutomationRuleV2
  
  • Description:  Grants permission to update an automation rule V2 in Security Hub based on rule Amazon Resource Name (ARN) and input parameters
  • Access:  Write
  • Resources: 

    Name: automation-rulev2

    Required: Yes

• UpdateConnectorV2
  
  • Description:  Grants permission to update a connector V2 in Security Hub based on connector id and input parameters
  • Access:  Write
  • Resources: 

    Name: connectorv2

    Required: Yes

Resources

• hubv2
  
  • Arn:  arn:${Partition}:securityhub:${Region}:${Account}:hubv2/${HubV2Id}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• aggregatorv2
  
  • Arn:  arn:${Partition}:securityhub:${Region}:${Account}:aggregatorv2/${AggregatorV2Id}
• automation-rulev2
  
  • Arn:  arn:${Partition}:securityhub:${Region}:${Account}:automation-rulev2/${AutomationRuleV2Id}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• connectorv2
  
  • Arn:  arn:${Partition}:securityhub:${Region}:${Account}:connectorv2/${ConnectorV2Id}
  • Conditions: 

    aws:ResourceTag/${TagKey}

Conditions

• securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}
  
  • Description:  Filters access by the specified fields and values in the request
  • Type:  String

Updates

Actions

• BatchUpdateFindings
  
  Resources
  
  • ＋ hubv2
  Conditions
  
  • ＋ securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}
• GetConfigurationPolicy
  
  Dependents
  
  • ＋ organizations:DeregisterDelegatedAdministrator
  • ＋ organizations:ListDelegatedAdministrators
• GetFreeTrialEndDate
  
  Dependents
  
  • ＋ organizations:ListAWSServiceAccessForOrganization
  • ＋ organizations:ListDelegatedAdministrators
• GetInsightResults
  
  Resources
  
  • ＋ hubv2
• ListControlEvaluationSummaries
  
  Resources
  
  • ＋ hubv2