Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

Table Of Contents

  1. Docs
  2. Available services
  3. SecurityHub
  4. batch_import_findings

batch_import_findings

batch_import_findings(**kwargs)

Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.

BatchImportFindings must be called by one of the following:
  • The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.
  • An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.

  • Note
  • UserDefinedFields
  • VerificationState
  • Workflow

Finding providers also should not use BatchImportFindings to update the following attributes.

  • Confidence
  • Criticality
  • RelatedFindings
  • Severity
  • Types

Instead, finding providers use FindingProviderFields to provide values for these attributes.

See also: AWS API Documentation

Request Syntax

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Parameters

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Return type
dict
Returns
Response Syntax
{
    'FailedCount': 123,
    'SuccessCount': 123,
    'FailedFindings': [
        {
            'Id': 'string',
            'ErrorCode': 'string',
            'ErrorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --
    • FailedCount (integer) --

      The number of findings that failed to import.

    • SuccessCount (integer) --

      The number of findings that were successfully imported.

    • FailedFindings (list) --

      The list of findings that failed to import.

      • (dict) --

        The list of the findings that cannot be imported. For each finding, the list provides the error.

        • Id (string) --

          The identifier of the finding that could not be updated.

        • ErrorCode (string) --

          The code of the error returned by the BatchImportFindings operation.

        • ErrorMessage (string) --

          The message of the error returned by the BatchImportFindings operation.

Exceptions

  • SecurityHub.Client.exceptions.InternalException
  • SecurityHub.Client.exceptions.InvalidInputException
  • SecurityHub.Client.exceptions.LimitExceededException
  • SecurityHub.Client.exceptions.InvalidAccessException
batch_get_standards_control_associations
batch_update_findings
Privacy | Site Terms | Cookie preferences | © Copyright 2023, Amazon Web Services, Inc. Created using Sphinx.