batch_get_security_controls

batch_get_security_controls(**kwargs)

Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.

See also: AWS API Documentation

Request Syntax

response = client.batch_get_security_controls(
    SecurityControlIds=[
        'string',
    ]
)
Parameters
SecurityControlIds (list) --

[REQUIRED]

A list of security controls (identified with SecurityControlId , SecurityControlArn , or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.

  • (string) --
Return type
dict
Returns
Response Syntax
{
    'SecurityControls': [
        {
            'SecurityControlId': 'string',
            'SecurityControlArn': 'string',
            'Title': 'string',
            'Description': 'string',
            'RemediationUrl': 'string',
            'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
            'SecurityControlStatus': 'ENABLED'|'DISABLED'
        },
    ],
    'UnprocessedIds': [
        {
            'SecurityControlId': 'string',
            'ErrorCode': 'INVALID_INPUT'|'ACCESS_DENIED'|'NOT_FOUND'|'LIMIT_EXCEEDED',
            'ErrorReason': 'string'
        },
    ]
}

Response Structure

  • (dict) --
    • SecurityControls (list) --

      An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control. The same information is returned whether the request includes SecurityControlId or SecurityControlArn .

      • (dict) --

        A security control in Security Hub describes a security best practice related to a specific resource.

        • SecurityControlId (string) --

          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number, such as APIGateway.3.

        • SecurityControlArn (string) --

          The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1 . This parameter doesn't mention a specific standard.

        • Title (string) --

          The title of a security control.

        • Description (string) --

          The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.

        • RemediationUrl (string) --

          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

        • SeverityRating (string) --

          The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide .

        • SecurityControlStatus (string) --

          The status of a security control based on the compliance status of its findings. For more information about how control status is determined, see Determining the overall status of a control from its findings in the Security Hub User Guide .

    • UnprocessedIds (list) --

      A security control (identified with SecurityControlId , SecurityControlArn , or a mix of both parameters) for which details cannot be returned.

      • (dict) --

        Provides details about a security control for which a response couldn't be returned.

        • SecurityControlId (string) --

          The control (identified with SecurityControlId , SecurityControlArn , or a mix of both parameters) for which a response couldn't be returned.

        • ErrorCode (string) --

          The error code for the unprocessed security control.

        • ErrorReason (string) --

          The reason why the security control was unprocessed.

Exceptions

  • SecurityHub.Client.exceptions.InternalException
  • SecurityHub.Client.exceptions.LimitExceededException
  • SecurityHub.Client.exceptions.InvalidAccessException
  • SecurityHub.Client.exceptions.InvalidInputException