securityhub/aws.sdk.kotlin.services.securityhub/SecurityHubClient/batchUpdateFindings

batchUpdateFindings

abstract suspend fun batchUpdateFindings(input: BatchUpdateFindingsRequest): BatchUpdateFindingsResponse

Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.

Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.

Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.

  • Confidence

  • Criticality

  • Note

  • RelatedFindings

  • Severity

  • Types

  • UserDefinedFields

  • VerificationState

  • Workflow

You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.

Samples

import aws.sdk.kotlin.services.securityhub.model.AwsSecurityFindingIdentifier
import aws.sdk.kotlin.services.securityhub.model.RelatedFinding
fun main() { 
   //sampleStart 
   // The following example updates Security Hub findings. The finding identifier parameter specifies
// which findings to update. Only specific finding fields can be updated with this operation.
val resp = securityHubClient.batchUpdateFindings {
    findingIdentifiers = listOf<AwsSecurityFindingIdentifier>(
        AwsSecurityFindingIdentifier {
            id = "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            productArn = "arn:aws:securityhub:us-west-1::product/aws/securityhub"
        },
        AwsSecurityFindingIdentifier {
            id = "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
            productArn = "arn:aws:securityhub:us-west-1::product/aws/securityhub"
        }            
    )
    note = NoteUpdate {
        text = "Known issue that is not a risk."
        updatedBy = "user1"
    }
    severity = SeverityUpdate {
        label = SeverityLabel.fromValue("LOW")
    }
    verificationState = VerificationState.fromValue("TRUE_POSITIVE")
    confidence = 80
    criticality = 80
    types = listOf<String>(
        "Software and Configuration Checks/Vulnerabilities/CVE"
    )
    userDefinedFields = mapOf<String, String>(
        "reviewedByCio" to "true"
    )
    workflow = WorkflowUpdate {
        status = WorkflowStatus.fromValue("RESOLVED")
    }
    relatedFindings = listOf<RelatedFinding>(
        RelatedFinding {
            id = "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333"
            productArn = "arn:aws:securityhub:us-west-1::product/aws/securityhub"
        }            
    )
} 
   //sampleEnd
}