SecurityHub / Client / batch_get_security_controls
batch_get_security_controls#
- SecurityHub.Client.batch_get_security_controls(**kwargs)#
Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_security_controls( SecurityControlIds=[ 'string', ] )
- Parameters:
SecurityControlIds (list) –
[REQUIRED]
A list of security controls (identified with
SecurityControlId
,SecurityControlArn
, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'SecurityControls': [ { 'SecurityControlId': 'string', 'SecurityControlArn': 'string', 'Title': 'string', 'Description': 'string', 'RemediationUrl': 'string', 'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL', 'SecurityControlStatus': 'ENABLED'|'DISABLED', 'UpdateStatus': 'READY'|'UPDATING', 'Parameters': { 'string': { 'ValueType': 'DEFAULT'|'CUSTOM', 'Value': { 'Integer': 123, 'IntegerList': [ 123, ], 'Double': 123.0, 'String': 'string', 'StringList': [ 'string', ], 'Boolean': True|False, 'Enum': 'string', 'EnumList': [ 'string', ] } } }, 'LastUpdateReason': 'string' }, ], 'UnprocessedIds': [ { 'SecurityControlId': 'string', 'ErrorCode': 'INVALID_INPUT'|'ACCESS_DENIED'|'NOT_FOUND'|'LIMIT_EXCEEDED', 'ErrorReason': 'string' }, ] }
Response Structure
(dict) –
SecurityControls (list) –
An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control. The same information is returned whether the request includes
SecurityControlId
orSecurityControlArn
.(dict) –
A security control in Security Hub describes a security best practice related to a specific resource.
SecurityControlId (string) –
The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.
SecurityControlArn (string) –
The Amazon Resource Name (ARN) for a security control across standards, such as
arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1
. This parameter doesn’t mention a specific standard.Title (string) –
The title of a security control.
Description (string) –
The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn’t reference a specific standard.
RemediationUrl (string) –
A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
SeverityRating (string) –
The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.
SecurityControlStatus (string) –
The enablement status of a security control in a specific standard.
UpdateStatus (string) –
Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of
READY
indicates that Security Hub uses the current control parameter values when running security checks of the control. A status ofUPDATING
indicates that all security checks might not use the current parameter values.Parameters (dict) –
An object that identifies the name of a control parameter, its current value, and whether it has been customized.
(string) –
(dict) –
An object that provides the current value of a security control parameter and identifies whether it has been customized.
ValueType (string) –
Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.
When
ValueType
is set equal toDEFAULT
, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. WhenValueType
is set equal toDEFAULT
, Security Hub ignores user-provided input for theValue
field.When
ValueType
is set equal toCUSTOM
, theValue
field can’t be empty.Value (dict) –
The current value of a control parameter.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
Integer
,IntegerList
,Double
,String
,StringList
,Boolean
,Enum
,EnumList
. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBER
as the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBER
is as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
Integer (integer) –
A control parameter that is an integer.
IntegerList (list) –
A control parameter that is a list of integers.
(integer) –
Double (float) –
A control parameter that is a double.
String (string) –
A control parameter that is a string.
StringList (list) –
A control parameter that is a list of strings.
(string) –
Boolean (boolean) –
A control parameter that is a boolean.
Enum (string) –
A control parameter that is an enum.
EnumList (list) –
A control parameter that is a list of enums.
(string) –
LastUpdateReason (string) –
The most recent reason for updating the customizable properties of a security control. This differs from the
UpdateReason
field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
UnprocessedIds (list) –
A security control (identified with
SecurityControlId
,SecurityControlArn
, or a mix of both parameters) for which details cannot be returned.(dict) –
Provides details about a security control for which a response couldn’t be returned.
SecurityControlId (string) –
The control (identified with
SecurityControlId
,SecurityControlArn
, or a mix of both parameters) for which a response couldn’t be returned.ErrorCode (string) –
The error code for the unprocessed security control.
ErrorReason (string) –
The reason why the security control was unprocessed.
Exceptions