Securityhub
Functions
The `AWS::SecurityHub::AutomationRule` resource specifies an automation rule based on input parameters. For more information, see Automation rules in the User Guide.
The AWS::SecurityHub::ConfigurationPolicy resource represents the Central Configuration Policy in your account.
The `AWS::SecurityHub::DelegatedAdmin` resource designates the delegated ASHlong administrator account for an organization. You must enable the integration between ASH and AOlong before you can designate a delegated ASH administrator. Only the management account for an organization can designate the delegated ASH administrator account. For more information, see Designating the delegated administrator in the User Guide. To change the delegated administrator account, remove the current delegated administrator account, and then designate the new account. To designate multiple delegated administrators in different organizations and AWS-Regions, we recommend using mappings. Tags aren't supported for this resource.
The `AWS::SecurityHub::FindingAggregator` resource enables cross-Region aggregation. When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see Cross-Region aggregation in the User Guide This resource must be created in the Region that you want to designate as your aggregation Region. Cross-Region aggregation is also a prerequisite for using central configuration in ASH.
The AWS::SecurityHub::Hub resource represents the implementation of the AWS Security Hub service in your account. One hub resource is created for each Region in which you enable Security Hub.
The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings.
The AWS::SecurityHub::OrganizationConfiguration resource represents the configuration of your organization in Security Hub. Only the Security Hub administrator account can create Organization Configuration resource in each region and can opt-in to Central Configuration only in the aggregation region of FindingAggregator.
The AWS::SecurityHub::PolicyAssociation resource represents the AWS Security Hub Central Configuration Policy associations in your Target. Only the AWS Security Hub delegated administrator can create the resouce from the home region.
The AWS::SecurityHub::ProductSubscription resource represents a subscription to a service that is allowed to generate findings for your Security Hub account. One product subscription resource is created for each product enabled.
A security control in Security Hub describes a security best practice related to a specific resource.
The `AWS::SecurityHub::Standard` resource specifies the enablement of a security standard. The standard is identified by the `StandardsArn` property. To view a list of ASH standards and their Amazon Resource Names (ARNs), use the DescribeStandards API operation. You must create a separate `AWS::SecurityHub::Standard` resource for each standard that you want to enable. For more information about ASH standards, see standards reference in the User Guide.