You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::SecurityHub::Types::BatchUpdateFindingsRequest

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing BatchUpdateFindingsRequest as input to an Aws::Client method, you can use a vanilla Hash:

{
  finding_identifiers: [ # required
    {
      id: "NonEmptyString", # required
      product_arn: "NonEmptyString", # required
    },
  ],
  note: {
    text: "NonEmptyString", # required
    updated_by: "NonEmptyString", # required
  },
  severity: {
    normalized: 1,
    product: 1.0,
    label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
  },
  verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
  confidence: 1,
  criticality: 1,
  types: ["NonEmptyString"],
  user_defined_fields: {
    "NonEmptyString" => "NonEmptyString",
  },
  workflow: {
    status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED
  },
  related_findings: [
    {
      product_arn: "NonEmptyString", # required
      id: "NonEmptyString", # required
    },
  ],
}

See Also:

Instance Attribute Summary collapse

Instance Attribute Details

#confidenceInteger

The updated value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Returns:

  • (Integer)

    The updated value for the finding confidence.

#criticalityInteger

The updated value for the level of importance assigned to the resources associated with the findings.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Returns:

  • (Integer)

    The updated value for the level of importance assigned to the resources associated with the findings.

#finding_identifiersArray<Types::AwsSecurityFindingIdentifier>

The list of findings to update. BatchUpdateFindings can be used to update up to 100 findings at a time.

For each finding, the list provides the finding identifier and the ARN of the finding provider.

Returns:

#noteTypes::NoteUpdate

The updated note.

Returns:

#related_findingsArray<Types::RelatedFinding>

A list of findings that are related to the updated findings.

Returns:

#severityTypes::SeverityUpdate

Used to update the finding severity.

Returns:

#typesArray<String>

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are as follows.

  • Software and Configuration Checks

  • TTPs

  • Effects

  • Unusual Behaviors

  • Sensitive Data Identifications

Returns:

  • (Array<String>)

    One or more finding types in the format of namespace/category/classifier that classify a finding.

#user_defined_fieldsHash<String,String>

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

Returns:

  • (Hash<String,String>)

    A list of name/value string pairs associated with the finding.

#verification_stateString

Indicates the veracity of a finding.

The available values for VerificationState are as follows.

  • UNKNOWN – The default disposition of a security finding

  • TRUE_POSITIVE – The security finding is confirmed

  • FALSE_POSITIVE – The security finding was determined to be a false alarm

  • BENIGN_POSITIVE – A special case of TRUE_POSITIVE where the finding doesn\'t pose any threat, is expected, or both

    Possible values:

    • UNKNOWN
    • TRUE_POSITIVE
    • FALSE_POSITIVE
    • BENIGN_POSITIVE

Returns:

  • (String)

    Indicates the veracity of a finding.

#workflowTypes::WorkflowUpdate

Used to update the workflow status of a finding.

The workflow status indicates the progress of the investigation into the finding.

Returns: