SecurityHub / Client / batch_import_findings

batch_import_findings

SecurityHub.Client.batch_import_findings(**kwargs)

Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.

BatchImportFindings must be called by one of the following:

  • The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer’s Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.

  • An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.

  • Note

  • UserDefinedFields

  • VerificationState

  • Workflow

Finding providers also should not use BatchImportFindings to update the following attributes.

  • Confidence

  • Criticality

  • RelatedFindings

  • Severity

  • Types

Instead, finding providers use FindingProviderFields to provide values for these attributes.

See also: AWS API Documentation

Request Syntax

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Parameters

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Return type:

dict

Returns:

Response Syntax

{
    'FailedCount': 123,
    'SuccessCount': 123,
    'FailedFindings': [
        {
            'Id': 'string',
            'ErrorCode': 'string',
            'ErrorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) –

    • FailedCount (integer) –

      The number of findings that failed to import.

    • SuccessCount (integer) –

      The number of findings that were successfully imported.

    • FailedFindings (list) –

      The list of findings that failed to import.

      • (dict) –

        The list of the findings that cannot be imported. For each finding, the list provides the error.

        • Id (string) –

          The identifier of the finding that could not be updated.

        • ErrorCode (string) –

          The code of the error returned by the BatchImportFindings operation.

        • ErrorMessage (string) –

          The message of the error returned by the BatchImportFindings operation.

Exceptions

  • SecurityHub.Client.exceptions.InternalException

  • SecurityHub.Client.exceptions.InvalidInputException

  • SecurityHub.Client.exceptions.LimitExceededException

  • SecurityHub.Client.exceptions.InvalidAccessException