SecurityHub.Client.
batch_get_security_controls
(**kwargs)¶Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_security_controls(
SecurityControlIds=[
'string',
]
)
[REQUIRED]
A list of security controls (identified with SecurityControlId
, SecurityControlArn
, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.
{
'SecurityControls': [
{
'SecurityControlId': 'string',
'SecurityControlArn': 'string',
'Title': 'string',
'Description': 'string',
'RemediationUrl': 'string',
'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'SecurityControlStatus': 'ENABLED'|'DISABLED'
},
],
'UnprocessedIds': [
{
'SecurityControlId': 'string',
'ErrorCode': 'INVALID_INPUT'|'ACCESS_DENIED'|'NOT_FOUND'|'LIMIT_EXCEEDED',
'ErrorReason': 'string'
},
]
}
Response Structure
An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control. The same information is returned whether the request includes SecurityControlId
or SecurityControlArn
.
A security control in Security Hub describes a security best practice related to a specific resource.
The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number, such as APIGateway.3.
The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1
. This parameter doesn't mention a specific standard.
The title of a security control.
The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.
A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide .
The status of a security control based on the compliance status of its findings. For more information about how control status is determined, see Determining the overall status of a control from its findings in the Security Hub User Guide .
A security control (identified with SecurityControlId
, SecurityControlArn
, or a mix of both parameters) for which details cannot be returned.
Provides details about a security control for which a response couldn't be returned.
The control (identified with SecurityControlId
, SecurityControlArn
, or a mix of both parameters) for which a response couldn't be returned.
The error code for the unprocessed security control.
The reason why the security control was unprocessed.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.InvalidInputException