Table Of Contents

  1. Docs
  2. Available services
  3. SecurityHub
  4. batch_import_findings

batch_import_findings

batch_import_findings(**kwargs)

Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.

BatchImportFindings must be called by one of the following:
  • The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.
  • An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.

  • Note
  • UserDefinedFields
  • VerificationState
  • Workflow

Finding providers also should not use BatchImportFindings to update the following attributes.

  • Confidence
  • Criticality
  • RelatedFindings
  • Severity
  • Types

Instead, finding providers use FindingProviderFields to provide values for these attributes.

See also: AWS API Documentation

Request Syntax

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Parameters

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Return type
dict
Returns
Response Syntax
{
    'FailedCount': 123,
    'SuccessCount': 123,
    'FailedFindings': [
        {
            'Id': 'string',
            'ErrorCode': 'string',
            'ErrorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --
    • FailedCount (integer) --

      The number of findings that failed to import.

    • SuccessCount (integer) --

      The number of findings that were successfully imported.

    • FailedFindings (list) --

      The list of findings that failed to import.

      • (dict) --

        The list of the findings that cannot be imported. For each finding, the list provides the error.

        • Id (string) --

          The identifier of the finding that could not be updated.

        • ErrorCode (string) --

          The code of the error returned by the BatchImportFindings operation.

        • ErrorMessage (string) --

          The message of the error returned by the BatchImportFindings operation.

Exceptions

  • SecurityHub.Client.exceptions.InternalException
  • SecurityHub.Client.exceptions.InvalidInputException
  • SecurityHub.Client.exceptions.LimitExceededException
  • SecurityHub.Client.exceptions.InvalidAccessException
batch_get_standards_control_associations
batch_update_findings
Privacy | Site Terms | Cookie preferences | © Copyright 2023, Amazon Web Services, Inc. Created using Sphinx.