docs(client-securityhub): Documentation updates for Security Hub API reference

Author: awstools

clients/client-securityhub/README.md

@@ -40,8 +40,13 @@ request per second, <code>BurstLimit</code> of 1 request per second.</p>
 </li>
 <li>
 <p>
-<code>UpdateFindings</code> - <code>RateLimit</code> of 1 request per
-second. <code>BurstLimit</code> of 5 requests per second.</p>
+<code>BatchImportFindings</code> - <code>RateLimit</code> of 10 requests per second.
+<code>BurstLimit</code> of 30 requests per second.</p>
+</li>
+<li>
+<p>
+<code>BatchUpdateFindings</code> - <code>RateLimit</code> of 10 requests per second.
+<code>BurstLimit</code> of 30 requests per second.</p>
 </li>
 <li>
 <p>

clients/client-securityhub/src/SecurityHub.ts

@@ -291,8 +291,13 @@ import { SecurityHubClient } from "./SecurityHubClient";
  *             </li>
  *             <li>
  *                <p>
- *                   <code>UpdateFindings</code> - <code>RateLimit</code> of 1 request per
- *                second. <code>BurstLimit</code> of 5 requests per second.</p>
+ *                   <code>BatchImportFindings</code> - <code>RateLimit</code> of 10 requests per second.
+ *             <code>BurstLimit</code> of 30 requests per second.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>BatchUpdateFindings</code> - <code>RateLimit</code> of 10 requests per second.
+ *             <code>BurstLimit</code> of 30 requests per second.</p>
  *             </li>
  *             <li>
  *                <p>
@@ -463,11 +468,16 @@ export class SecurityHub extends SecurityHubClient {
    *             <code>BatchImportFindings</code> must be called by one of the following:</p>
    *          <ul>
    *             <li>
-   *                <p>The account that is associated with the findings. The identifier of the associated
-   *                account is the value of the <code>AwsAccountId</code> attribute for the finding.</p>
+   *                <p>The Amazon Web Services account that is associated with a finding if you are using
+   *                the <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-custom-providers.html#securityhub-custom-providers-bfi-reqs">default product ARN</a>
+   *                or are a partner sending findings from within a customer's Amazon Web Services account.
+   *                In these cases, the identifier of the account that you are calling <code>BatchImportFindings</code>
+   *                from needs to be the same as the <code>AwsAccountId</code> attribute for the finding.</p>
    *             </li>
    *             <li>
-   *                <p>An account that is allow-listed for an official Security Hub partner integration.</p>
+   *                <p>An Amazon Web Services account that Security Hub has allow-listed for an official partner
+   *                integration. In this case, you can call <code>BatchImportFindings</code> from the allow-listed
+   *                account and send findings from different customer accounts in the same batch.</p>
    *             </li>
    *          </ul>
    *          <p>The maximum allowed size for a finding is 240 Kb. An error is returned for any finding

clients/client-securityhub/src/SecurityHubClient.ts

@@ -498,8 +498,13 @@ export interface SecurityHubClientResolvedConfig extends SecurityHubClientResolv
  *             </li>
  *             <li>
  *                <p>
- *                   <code>UpdateFindings</code> - <code>RateLimit</code> of 1 request per
- *                second. <code>BurstLimit</code> of 5 requests per second.</p>
+ *                   <code>BatchImportFindings</code> - <code>RateLimit</code> of 10 requests per second.
+ *             <code>BurstLimit</code> of 30 requests per second.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>BatchUpdateFindings</code> - <code>RateLimit</code> of 10 requests per second.
+ *             <code>BurstLimit</code> of 30 requests per second.</p>
  *             </li>
  *             <li>
  *                <p>

clients/client-securityhub/src/commands/BatchImportFindingsCommand.ts

@@ -30,11 +30,16 @@ export interface BatchImportFindingsCommandOutput extends BatchImportFindingsRes
  *             <code>BatchImportFindings</code> must be called by one of the following:</p>
  *          <ul>
  *             <li>
- *                <p>The account that is associated with the findings. The identifier of the associated
- *                account is the value of the <code>AwsAccountId</code> attribute for the finding.</p>
+ *                <p>The Amazon Web Services account that is associated with a finding if you are using
+ *                the <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-custom-providers.html#securityhub-custom-providers-bfi-reqs">default product ARN</a>
+ *                or are a partner sending findings from within a customer's Amazon Web Services account.
+ *                In these cases, the identifier of the account that you are calling <code>BatchImportFindings</code>
+ *                from needs to be the same as the <code>AwsAccountId</code> attribute for the finding.</p>
  *             </li>
  *             <li>
- *                <p>An account that is allow-listed for an official Security Hub partner integration.</p>
+ *                <p>An Amazon Web Services account that Security Hub has allow-listed for an official partner
+ *                integration. In this case, you can call <code>BatchImportFindings</code> from the allow-listed
+ *                account and send findings from different customer accounts in the same batch.</p>
  *             </li>
  *          </ul>
  *          <p>The maximum allowed size for a finding is 240 Kb. An error is returned for any finding

codegen/sdk-codegen/aws-models/securityhub.json

@@ -13854,7 +13854,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Imports security findings generated by a finding provider into Security Hub.\n         This action is requested by the finding provider to import its findings into\n         Security Hub.</p>\n         <p>\n            <code>BatchImportFindings</code> must be called by one of the following:</p>\n         <ul>\n            <li>\n               <p>The account that is associated with the findings. The identifier of the associated\n               account is the value of the <code>AwsAccountId</code> attribute for the finding.</p>\n            </li>\n            <li>\n               <p>An account that is allow-listed for an official Security Hub partner integration.</p>\n            </li>\n         </ul>\n         <p>The maximum allowed size for a finding is 240 Kb. An error is returned for any finding\n         larger than 240 Kb.</p>\n         <p>After a finding is created, <code>BatchImportFindings</code> cannot be used to update\n         the following finding fields and objects, which Security Hub customers use to manage their\n         investigation workflow.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>Note</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>UserDefinedFields</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>VerificationState</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>Workflow</code>\n               </p>\n            </li>\n         </ul>\n         <p>Finding providers also should not use <code>BatchImportFindings</code> to update the following attributes.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>Confidence</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>Criticality</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>RelatedFindings</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>Severity</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>Types</code>\n               </p>\n            </li>\n         </ul>\n         <p>Instead, finding providers use <code>FindingProviderFields</code> to provide values for these attributes.</p>",
+        "smithy.api#documentation": "<p>Imports security findings generated by a finding provider into Security Hub.\n         This action is requested by the finding provider to import its findings into\n         Security Hub.</p>\n         <p>\n            <code>BatchImportFindings</code> must be called by one of the following:</p>\n         <ul>\n            <li>\n               <p>The Amazon Web Services account that is associated with a finding if you are using\n               the <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-custom-providers.html#securityhub-custom-providers-bfi-reqs\">default product ARN</a> \n               or are a partner sending findings from within a customer's Amazon Web Services account. \n               In these cases, the identifier of the account that you are calling <code>BatchImportFindings</code> \n               from needs to be the same as the <code>AwsAccountId</code> attribute for the finding.</p>\n            </li>\n            <li>\n               <p>An Amazon Web Services account that Security Hub has allow-listed for an official partner\n               integration. In this case, you can call <code>BatchImportFindings</code> from the allow-listed\n               account and send findings from different customer accounts in the same batch.</p>\n            </li>\n         </ul>\n         <p>The maximum allowed size for a finding is 240 Kb. An error is returned for any finding\n         larger than 240 Kb.</p>\n         <p>After a finding is created, <code>BatchImportFindings</code> cannot be used to update\n         the following finding fields and objects, which Security Hub customers use to manage their\n         investigation workflow.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>Note</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>UserDefinedFields</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>VerificationState</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>Workflow</code>\n               </p>\n            </li>\n         </ul>\n         <p>Finding providers also should not use <code>BatchImportFindings</code> to update the following attributes.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>Confidence</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>Criticality</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>RelatedFindings</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>Severity</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>Types</code>\n               </p>\n            </li>\n         </ul>\n         <p>Instead, finding providers use <code>FindingProviderFields</code> to provide values for these attributes.</p>",
         "smithy.api#http": {
           "method": "POST",
           "uri": "/findings/import",
@@ -19886,7 +19886,7 @@
           "name": "securityhub"
         },
         "aws.protocols#restJson1": {},
-        "smithy.api#documentation": "<p>Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and resources. It also provides you with the readiness status\n         of your environment based on controls from supported security standards. Security Hub collects\n         security data from Amazon Web Services accounts, services, and integrated third-party products and helps\n         you analyze security trends in your environment to identify the highest priority security\n         issues. For more information about Security Hub, see the <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html\">\n               <i>Security HubUser\n            Guide</i>\n            </a>.</p> \n         <p>When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services\n         Region that is currently active or in the specific Amazon Web Services Region that you specify in your\n         request. Any configuration or settings change that results from the operation is applied\n         only to that Region. To make the same change in other Regions, execute the same command for\n         each Region to apply the change to.</p>\n         <p>For example, if your Region is set to <code>us-west-2</code>, when you use <code>CreateMembers</code> to add a member account to Security Hub, the association of\n         the member account with the administrator account is created only in the <code>us-west-2</code>\n         Region. Security Hub must be enabled for the member account in the same Region that the invitation\n         was sent from.</p>\n         <p>The following throttling limits apply to using Security Hub API operations.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>BatchEnableStandards</code> - <code>RateLimit</code> of 1\n               request per second, <code>BurstLimit</code> of 1 request per second.</p>\n            </li>\n            <li>\n               <p>\n                  <code>GetFindings</code> - <code>RateLimit</code> of 3 requests per second.\n                  <code>BurstLimit</code> of 6 requests per second.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UpdateFindings</code> - <code>RateLimit</code> of 1 request per\n               second. <code>BurstLimit</code> of 5 requests per second.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UpdateStandardsControl</code> - <code>RateLimit</code> of\n               1 request per second, <code>BurstLimit</code> of 5 requests per second.</p>\n            </li>\n            <li>\n               <p>All other operations - <code>RateLimit</code> of 10 requests per second.\n                  <code>BurstLimit</code> of 30 requests per second.</p>\n            </li>\n         </ul>",
+        "smithy.api#documentation": "<p>Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and resources. It also provides you with the readiness status\n         of your environment based on controls from supported security standards. Security Hub collects\n         security data from Amazon Web Services accounts, services, and integrated third-party products and helps\n         you analyze security trends in your environment to identify the highest priority security\n         issues. For more information about Security Hub, see the <a href=\"https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html\">\n               <i>Security HubUser\n            Guide</i>\n            </a>.</p> \n         <p>When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services\n         Region that is currently active or in the specific Amazon Web Services Region that you specify in your\n         request. Any configuration or settings change that results from the operation is applied\n         only to that Region. To make the same change in other Regions, execute the same command for\n         each Region to apply the change to.</p>\n         <p>For example, if your Region is set to <code>us-west-2</code>, when you use <code>CreateMembers</code> to add a member account to Security Hub, the association of\n         the member account with the administrator account is created only in the <code>us-west-2</code>\n         Region. Security Hub must be enabled for the member account in the same Region that the invitation\n         was sent from.</p>\n         <p>The following throttling limits apply to using Security Hub API operations.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>BatchEnableStandards</code> - <code>RateLimit</code> of 1\n               request per second, <code>BurstLimit</code> of 1 request per second.</p>\n            </li>\n            <li>\n               <p>\n                  <code>GetFindings</code> - <code>RateLimit</code> of 3 requests per second.\n                  <code>BurstLimit</code> of 6 requests per second.</p>\n            </li>\n            <li>\n               <p>\n                  <code>BatchImportFindings</code> - <code>RateLimit</code> of 10 requests per second.\n            <code>BurstLimit</code> of 30 requests per second.</p>\n            </li>\n            <li>\n               <p>\n                  <code>BatchUpdateFindings</code> - <code>RateLimit</code> of 10 requests per second.\n            <code>BurstLimit</code> of 30 requests per second.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UpdateStandardsControl</code> - <code>RateLimit</code> of\n               1 request per second, <code>BurstLimit</code> of 5 requests per second.</p>\n            </li>\n            <li>\n               <p>All other operations - <code>RateLimit</code> of 10 requests per second.\n                  <code>BurstLimit</code> of 30 requests per second.</p>\n            </li>\n         </ul>",
         "smithy.api#title": "AWS SecurityHub"
       },
       "version": "2018-10-26",