Container for the parameters to the BatchImportFindings operation. Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.
BatchImportFindings must be called by one of the following:
The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling
BatchImportFindingsfrom needs to be the same as theAwsAccountIdattribute for the finding.An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call
BatchImportFindingsfrom the allow-listed account and send findings from different customer accounts in the same batch.
The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings cannot be used to update the
following finding fields and objects, which Security Hub customers use to manage their
investigation workflow.
NoteUserDefinedFieldsVerificationStateWorkflow
Finding providers also should not use BatchImportFindings to update the following
attributes.
ConfidenceCriticalityRelatedFindingsSeverityTypes
Instead, finding providers use FindingProviderFields to provide values for
these attributes.
Inheritance Hierarchy
Amazon.Runtime.AmazonWebServiceRequest
Amazon.SecurityHub.AmazonSecurityHubRequest
Amazon.SecurityHub.Model.BatchImportFindingsRequest
Namespace: Amazon.SecurityHub.Model
Assembly: AWSSDK.SecurityHub.dll
Version: 3.x.y.z
Syntax
public class BatchImportFindingsRequest : AmazonSecurityHubRequest IAmazonWebServiceRequest
The BatchImportFindingsRequest type exposes the following members
Constructors
| Name | Description | |
|---|---|---|
|
BatchImportFindingsRequest() |
Properties
| Name | Type | Description | |
|---|---|---|---|
|
|
Findings | System.Collections.Generic.List<Amazon.SecurityHub.Model.AwsSecurityFinding> |
Gets and sets the property Findings. A list of findings to import. To successfully import a finding, it must follow the Amazon Web Services Security Finding Format. Maximum of 100 findings per request. |
Examples
The following example imports findings from a third party provider to Security Hub.
To import security findings from a third party provider to Security Hub
var client = new AmazonSecurityHubClient();
var response = client.BatchImportFindings(new BatchImportFindingsRequest
{
Findings = new List<AwsSecurityFinding> {
new AwsSecurityFinding {
AwsAccountId = "123456789012",
CreatedAt = "2020-05-27T17:05:54.832Z",
Description = "Vulnerability in a CloudTrail trail",
FindingProviderFields = new FindingProviderFields {
Severity = new FindingProviderSeverity {
Label = "LOW",
Original = "10"
},
Types = new List<string> {
"Software and Configuration Checks/Vulnerabilities/CVE"
}
},
GeneratorId = "TestGeneratorId",
Id = "Id1",
ProductArn = "arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default",
Resources = new List<Resource> {
new Resource {
Id = "arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName",
Partition = "aws",
Region = "us-west-1",
Type = "AwsCloudTrailTrail"
}
},
SchemaVersion = "2018-10-08",
Title = "CloudTrail trail vulnerability",
UpdatedAt = "2020-06-02T16:05:54.832Z"
}
}
});
int failedCount = response.FailedCount;
List<ImportFindingsError> failedFindings = response.FailedFindings;
int successCount = response.SuccessCount;
Version Information
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5 and newer, 3.5