securityhub/aws.sdk.kotlin.services.securityhub/SecurityHubClient/batchUpdateFindings

batchUpdateFindings

abstract suspend fun batchUpdateFindings(input: BatchUpdateFindingsRequest): BatchUpdateFindingsResponse

Used by Security Hub customers to update information about their investigation into one or more findings. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. A member account can update findings only for their own account. Administrator and member accounts can use this operation to update the following fields and objects for one or more findings:

  • Confidence

  • Criticality

  • Note

  • RelatedFindings

  • Severity

  • Types

  • UserDefinedFields

  • VerificationState

  • Workflow

If you use this operation to update a finding, your updates don’t affect the value for the UpdatedAt field of the finding. Also note that it can take several minutes for Security Hub to process your request and update each finding specified in the request.

You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. For more information see Configuring access to BatchUpdateFindings in the Security Hub User Guide.

Samples

import aws.sdk.kotlin.services.securityhub.model.AwsSecurityFindingIdentifier
import aws.sdk.kotlin.services.securityhub.model.NoteUpdate
import aws.sdk.kotlin.services.securityhub.model.RelatedFinding
import aws.sdk.kotlin.services.securityhub.model.SeverityLabel
import aws.sdk.kotlin.services.securityhub.model.SeverityUpdate
import aws.sdk.kotlin.services.securityhub.model.VerificationState
import aws.sdk.kotlin.services.securityhub.model.WorkflowStatus
import aws.sdk.kotlin.services.securityhub.model.WorkflowUpdate

fun main() { 
   //sampleStart 
   // The following example updates Security Hub findings. The finding identifier parameter specifies
// which findings to update. Only specific finding fields can be updated with this operation.
val resp = securityHubClient.batchUpdateFindings {
    findingIdentifiers = listOf<AwsSecurityFindingIdentifier>(
        AwsSecurityFindingIdentifier {
            id = "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            productArn = "arn:aws:securityhub:us-west-1::product/aws/securityhub"
        },
        AwsSecurityFindingIdentifier {
            id = "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
            productArn = "arn:aws:securityhub:us-west-1::product/aws/securityhub"
        }            
    )
    note = NoteUpdate {
        text = "Known issue that is not a risk."
        updatedBy = "user1"
    }
    severity = SeverityUpdate {
        label = SeverityLabel.fromValue("LOW")
    }
    verificationState = VerificationState.fromValue("TRUE_POSITIVE")
    confidence = 80
    criticality = 80
    types = listOf<String>(
        "Software and Configuration Checks/Vulnerabilities/CVE"
    )
    userDefinedFields = mapOf<String, String>(
        "reviewedByCio" to "true"
    )
    workflow = WorkflowUpdate {
        status = WorkflowStatus.fromValue("RESOLVED")
    }
    relatedFindings = listOf<RelatedFinding>(
        RelatedFinding {
            id = "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333"
            productArn = "arn:aws:securityhub:us-west-1::product/aws/securityhub"
        }            
    )
} 
   //sampleEnd
}
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka