batch_get_security_controls

SecurityHub.Client.batch_get_security_controls(**kwargs)

Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.

See also: AWS API Documentation

Request Syntax

response = client.batch_get_security_controls(
    SecurityControlIds=[
        'string',
    ]
)

Parameters

SecurityControlIds (list) --

[REQUIRED]

A list of security controls (identified with SecurityControlId , SecurityControlArn , or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.

• (string) --

Return type

dict

Returns

Response Syntax

{
    'SecurityControls': [
        {
            'SecurityControlId': 'string',
            'SecurityControlArn': 'string',
            'Title': 'string',
            'Description': 'string',
            'RemediationUrl': 'string',
            'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
            'SecurityControlStatus': 'ENABLED'|'DISABLED'
        },
    ],
    'UnprocessedIds': [
        {
            'SecurityControlId': 'string',
            'ErrorCode': 'INVALID_INPUT'|'ACCESS_DENIED'|'NOT_FOUND'|'LIMIT_EXCEEDED',
            'ErrorReason': 'string'
        },
    ]
}

Response Structure

• (dict) --
  • SecurityControls (list) --

    An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control. The same information is returned whether the request includes SecurityControlId or SecurityControlArn .

    • (dict) --

      A security control in Security Hub describes a security best practice related to a specific resource.

      • SecurityControlId (string) --

        The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number, such as APIGateway.3.

      • SecurityControlArn (string) --

        The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1 . This parameter doesn't mention a specific standard.

      • Title (string) --

        The title of a security control.

      • Description (string) --

        The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.

      • RemediationUrl (string) --

        A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

      • SeverityRating (string) --

        The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide .

      • SecurityControlStatus (string) --

        The status of a security control based on the compliance status of its findings. For more information about how control status is determined, see Determining the overall status of a control from its findings in the Security Hub User Guide .

  • UnprocessedIds (list) --

    A security control (identified with SecurityControlId , SecurityControlArn , or a mix of both parameters) for which details cannot be returned.

    • (dict) --

      Provides details about a security control for which a response couldn't be returned.

      • SecurityControlId (string) --

        The control (identified with SecurityControlId , SecurityControlArn , or a mix of both parameters) for which a response couldn't be returned.

      • ErrorCode (string) --

        The error code for the unprocessed security control.

      • ErrorReason (string) --

        The reason why the security control was unprocessed.

Exceptions

• SecurityHub.Client.exceptions.InternalException
• SecurityHub.Client.exceptions.LimitExceededException
• SecurityHub.Client.exceptions.InvalidAccessException
• SecurityHub.Client.exceptions.InvalidInputException