Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . securityhub ]

update-findings

Description

Updates the Note and RecordState of the Security Hub-aggregated findings that the filter attributes specify. Any member account that can view the finding also sees the update to the finding.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis

  update-findings
--filters <value>
[--note <value>]
[--record-state <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--filters (structure)

A collection of attributes that specify which findings you want to update.

JSON Syntax:

{
  "ProductArn": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "AwsAccountId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "Id": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "GeneratorId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "Type": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "FirstObservedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "LastObservedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "CreatedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "UpdatedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "SeverityProduct": [
    {
      "Gte": double,
      "Lte": double,
      "Eq": double
    }
    ...
  ],
  "SeverityNormalized": [
    {
      "Gte": double,
      "Lte": double,
      "Eq": double
    }
    ...
  ],
  "SeverityLabel": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "Confidence": [
    {
      "Gte": double,
      "Lte": double,
      "Eq": double
    }
    ...
  ],
  "Criticality": [
    {
      "Gte": double,
      "Lte": double,
      "Eq": double
    }
    ...
  ],
  "Title": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "Description": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "RecommendationText": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "SourceUrl": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ProductFields": [
    {
      "Key": "string",
      "Value": "string",
      "Comparison": "EQUALS"
    }
    ...
  ],
  "ProductName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "CompanyName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "UserDefinedFields": [
    {
      "Key": "string",
      "Value": "string",
      "Comparison": "EQUALS"
    }
    ...
  ],
  "MalwareName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "MalwareType": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "MalwarePath": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "MalwareState": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "NetworkDirection": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "NetworkProtocol": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "NetworkSourceIpV4": [
    {
      "Cidr": "string"
    }
    ...
  ],
  "NetworkSourceIpV6": [
    {
      "Cidr": "string"
    }
    ...
  ],
  "NetworkSourcePort": [
    {
      "Gte": double,
      "Lte": double,
      "Eq": double
    }
    ...
  ],
  "NetworkSourceDomain": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "NetworkSourceMac": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "NetworkDestinationIpV4": [
    {
      "Cidr": "string"
    }
    ...
  ],
  "NetworkDestinationIpV6": [
    {
      "Cidr": "string"
    }
    ...
  ],
  "NetworkDestinationPort": [
    {
      "Gte": double,
      "Lte": double,
      "Eq": double
    }
    ...
  ],
  "NetworkDestinationDomain": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ProcessName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ProcessPath": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ProcessPid": [
    {
      "Gte": double,
      "Lte": double,
      "Eq": double
    }
    ...
  ],
  "ProcessParentPid": [
    {
      "Gte": double,
      "Lte": double,
      "Eq": double
    }
    ...
  ],
  "ProcessLaunchedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "ProcessTerminatedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "ThreatIntelIndicatorType": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ThreatIntelIndicatorValue": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ThreatIntelIndicatorCategory": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ThreatIntelIndicatorLastObservedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "ThreatIntelIndicatorSource": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ThreatIntelIndicatorSourceUrl": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceType": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourcePartition": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceRegion": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceTags": [
    {
      "Key": "string",
      "Value": "string",
      "Comparison": "EQUALS"
    }
    ...
  ],
  "ResourceAwsEc2InstanceType": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsEc2InstanceImageId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsEc2InstanceIpV4Addresses": [
    {
      "Cidr": "string"
    }
    ...
  ],
  "ResourceAwsEc2InstanceIpV6Addresses": [
    {
      "Cidr": "string"
    }
    ...
  ],
  "ResourceAwsEc2InstanceKeyName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsEc2InstanceIamInstanceProfileArn": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsEc2InstanceVpcId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsEc2InstanceSubnetId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsEc2InstanceLaunchedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "ResourceAwsS3BucketOwnerId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsS3BucketOwnerName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsIamAccessKeyUserName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsIamAccessKeyStatus": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceAwsIamAccessKeyCreatedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "ResourceContainerName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceContainerImageId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceContainerImageName": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "ResourceContainerLaunchedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "ResourceDetailsOther": [
    {
      "Key": "string",
      "Value": "string",
      "Comparison": "EQUALS"
    }
    ...
  ],
  "ComplianceStatus": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "VerificationState": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "WorkflowState": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "RecordState": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "RelatedFindingsProductArn": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "RelatedFindingsId": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "NoteText": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "NoteUpdatedAt": [
    {
      "Start": "string",
      "End": "string",
      "DateRange": {
        "Value": integer,
        "Unit": "DAYS"
      }
    }
    ...
  ],
  "NoteUpdatedBy": [
    {
      "Value": "string",
      "Comparison": "EQUALS"|"PREFIX"
    }
    ...
  ],
  "Keyword": [
    {
      "Value": "string"
    }
    ...
  ]
}

--note (structure)

The updated note for the finding.

Shorthand Syntax:

Text=string,UpdatedBy=string

JSON Syntax:

{
  "Text": "string",
  "UpdatedBy": "string"
}

--record-state (string)

The updated record state for the finding.

Possible values:

  • ACTIVE
  • ARCHIVED

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Output