:doc:`SecurityHub <../../securityhub>` / Client / get_security_control_definition

*******************************
get_security_control_definition
*******************************



.. py:method:: SecurityHub.Client.get_security_control_definition(**kwargs)

  

  Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinition>`_  


  **Request Syntax**
  ::

    response = client.get_security_control_definition(
        SecurityControlId='string'
    )
    
  :type SecurityControlId: string
  :param SecurityControlId: **[REQUIRED]** 

    The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'SecurityControlDefinition': {
              'SecurityControlId': 'string',
              'Title': 'string',
              'Description': 'string',
              'RemediationUrl': 'string',
              'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
              'CurrentRegionAvailability': 'AVAILABLE'|'UNAVAILABLE',
              'CustomizableProperties': [
                  'Parameters',
              ],
              'ParameterDefinitions': {
                  'string': {
                      'Description': 'string',
                      'ConfigurationOptions': {
                          'Integer': {
                              'DefaultValue': 123,
                              'Min': 123,
                              'Max': 123
                          },
                          'IntegerList': {
                              'DefaultValue': [
                                  123,
                              ],
                              'Min': 123,
                              'Max': 123,
                              'MaxItems': 123
                          },
                          'Double': {
                              'DefaultValue': 123.0,
                              'Min': 123.0,
                              'Max': 123.0
                          },
                          'String': {
                              'DefaultValue': 'string',
                              'Re2Expression': 'string',
                              'ExpressionDescription': 'string'
                          },
                          'StringList': {
                              'DefaultValue': [
                                  'string',
                              ],
                              'Re2Expression': 'string',
                              'MaxItems': 123,
                              'ExpressionDescription': 'string'
                          },
                          'Boolean': {
                              'DefaultValue': True|False
                          },
                          'Enum': {
                              'DefaultValue': 'string',
                              'AllowedValues': [
                                  'string',
                              ]
                          },
                          'EnumList': {
                              'DefaultValue': [
                                  'string',
                              ],
                              'MaxItems': 123,
                              'AllowedValues': [
                                  'string',
                              ]
                          }
                      }
                  }
              }
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **SecurityControlDefinition** *(dict) --* 

        Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.

        
        

        - **SecurityControlId** *(string) --* 

          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number (for example, APIGateway.3). This parameter differs from ``SecurityControlArn``, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).

          
        

        - **Title** *(string) --* 

          The title of a security control.

          
        

        - **Description** *(string) --* 

          The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.

          
        

        - **RemediationUrl** *(string) --* 

          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

          
        

        - **SeverityRating** *(string) --* 

          The severity of a security control. For more information about how Security Hub determines control severity, see `Assigning severity to control findings <https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity>`__ in the *Security Hub User Guide*.

          
        

        - **CurrentRegionAvailability** *(string) --* 

          Specifies whether a security control is available in the current Amazon Web Services Region.

          
        

        - **CustomizableProperties** *(list) --* 

          Security control properties that you can customize. Currently, only parameter customization is supported for select controls. An empty array is returned for controls that don’t support custom properties.

          
          

          - *(string) --* 
      
        

        - **ParameterDefinitions** *(dict) --* 

          An object that provides a security control parameter name, description, and the options for customizing it. This object is excluded for a control that doesn't support custom parameters.

          
          

          - *(string) --* 
            

            - *(dict) --* 

              An object that describes a security control parameter and the options for customizing it.

              
              

              - **Description** *(string) --* 

                Description of a control parameter.

                
              

              - **ConfigurationOptions** *(dict) --* 

                The options for customizing a control parameter. Customization options vary based on the data type of the parameter.

                .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``Integer``, ``IntegerList``, ``Double``, ``String``, ``StringList``, ``Boolean``, ``Enum``, ``EnumList``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                                'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


              
                

                - **Integer** *(dict) --* 

                  The options for customizing a security control parameter that is an integer.

                  
                  

                  - **DefaultValue** *(integer) --* 

                    The Security Hub default value for a control parameter that is an integer.

                    
                  

                  - **Min** *(integer) --* 

                    The minimum valid value for a control parameter that is an integer.

                    
                  

                  - **Max** *(integer) --* 

                    The maximum valid value for a control parameter that is an integer.

                    
              
                

                - **IntegerList** *(dict) --* 

                  The options for customizing a security control parameter that is a list of integers.

                  
                  

                  - **DefaultValue** *(list) --* 

                    The Security Hub default value for a control parameter that is a list of integers.

                    
                    

                    - *(integer) --* 
                
                  

                  - **Min** *(integer) --* 

                    The minimum valid value for a control parameter that is a list of integers.

                    
                  

                  - **Max** *(integer) --* 

                    The maximum valid value for a control parameter that is a list of integers.

                    
                  

                  - **MaxItems** *(integer) --* 

                    The maximum number of list items that an interger list control parameter can accept.

                    
              
                

                - **Double** *(dict) --* 

                  The options for customizing a security control parameter that is a double.

                  
                  

                  - **DefaultValue** *(float) --* 

                    The Security Hub default value for a control parameter that is a double.

                    
                  

                  - **Min** *(float) --* 

                    The minimum valid value for a control parameter that is a double.

                    
                  

                  - **Max** *(float) --* 

                    The maximum valid value for a control parameter that is a double.

                    
              
                

                - **String** *(dict) --* 

                  The options for customizing a security control parameter that is a string data type.

                  
                  

                  - **DefaultValue** *(string) --* 

                    The Security Hub default value for a control parameter that is a string.

                    
                  

                  - **Re2Expression** *(string) --* 

                    An RE2 regular expression that Security Hub uses to validate a user-provided control parameter string.

                    
                  

                  - **ExpressionDescription** *(string) --* 

                    The description of the RE2 regular expression.

                    
              
                

                - **StringList** *(dict) --* 

                  The options for customizing a security control parameter that is a list of strings.

                  
                  

                  - **DefaultValue** *(list) --* 

                    The Security Hub default value for a control parameter that is a list of strings.

                    
                    

                    - *(string) --* 
                
                  

                  - **Re2Expression** *(string) --* 

                    An RE2 regular expression that Security Hub uses to validate a user-provided list of strings for a control parameter.

                    
                  

                  - **MaxItems** *(integer) --* 

                    The maximum number of list items that a string list control parameter can accept.

                    
                  

                  - **ExpressionDescription** *(string) --* 

                    The description of the RE2 regular expression.

                    
              
                

                - **Boolean** *(dict) --* 

                  The options for customizing a security control parameter that is a boolean. For a boolean parameter, the options are ``true`` and ``false``.

                  
                  

                  - **DefaultValue** *(boolean) --* 

                    The Security Hub default value for a boolean parameter.

                    
              
                

                - **Enum** *(dict) --* 

                  The options for customizing a security control parameter that is an enum.

                  
                  

                  - **DefaultValue** *(string) --* 

                    The Security Hub default value for a control parameter that is an enum.

                    
                  

                  - **AllowedValues** *(list) --* 

                    The valid values for a control parameter that is an enum.

                    
                    

                    - *(string) --* 
                
              
                

                - **EnumList** *(dict) --* 

                  The options for customizing a security control parameter that is a list of enums.

                  
                  

                  - **DefaultValue** *(list) --* 

                    The Security Hub default value for a control parameter that is a list of enums.

                    
                    

                    - *(string) --* 
                
                  

                  - **MaxItems** *(integer) --* 

                    The maximum number of list items that an enum list control parameter can accept.

                    
                  

                  - **AllowedValues** *(list) --* 

                    The valid values for a control parameter that is a list of enums.

                    
                    

                    - *(string) --* 
                
              
            
          
      
    
    
  
  **Exceptions**
  
  *   :py:class:`SecurityHub.Client.exceptions.InternalException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidInputException`

  
  *   :py:class:`SecurityHub.Client.exceptions.InvalidAccessException`

  
  *   :py:class:`SecurityHub.Client.exceptions.LimitExceededException`

  
  *   :py:class:`SecurityHub.Client.exceptions.ResourceNotFoundException`

  