Package-level declarations

A date range unit for the date filter.

The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:

Whether the rule is active after it is created. If this parameter is equal to `ENABLED`, ASH applies the rule to findings and finding updates after the rule is created.

Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.

The severity value of the finding. The allowed values are the following.

The rule action updates the `VerificationState` field of a finding.

The condition to apply to a string value when filtering Security Hub findings.

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to `SUPPRESSED` or `RESOLVED` does not prevent a new finding for the same issue. The allowed values are the following.

Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.

Whether the delegated Security Hub administrator is set for the organization.

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. In CFN, the options for this property are as follows:

A date range unit for the date filter.

The condition to apply to the key value when filtering Security Hub findings with a map filter.

The condition to apply to a string value when filtering Security Hub findings.

Whether to automatically enable Security Hub default standards in new member accounts when they join the organization.

Indicates whether the organization uses local or central configuration.

Describes whether central configuration could be enabled as the ConfigurationType for the organization.

The current status of the association between the specified target and the configuration

Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent

Indicates whether the target is an AWS account, organizational unit, or the organization root

Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior. When ValueType is set equal to DEFAULT , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ValueType is set equal to DEFAULT , Security Hub ignores user-provided input for the Value field. When ValueType is set equal to CUSTOM , the Value field can't be empty.