Sign In to the Console
AWS Security Hub
AWS Security Hub (API Version 2018-10-26)

AWS Documentation » AWS Security Hub » AWS Security Hub » Actions » BatchImportFindings

BatchImportFindings

Imports security findings generated from an integrated third-party product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub. The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

Request Syntax

POST /findings/import HTTP/1.1
Content-type: application/json

{
   "Findings": [ 
      { 
         "AwsAccountId": "string",
         "Compliance": { 
            "Status": "string"
         },
         "Confidence": number,
         "CreatedAt": "string",
         "Criticality": number,
         "Description": "string",
         "FirstObservedAt": "string",
         "GeneratorId": "string",
         "Id": "string",
         "LastObservedAt": "string",
         "Malware": [ 
            { 
               "Name": "string",
               "Path": "string",
               "State": "string",
               "Type": "string"
            }
         ],
         "Network": { 
            "DestinationDomain": "string",
            "DestinationIpV4": "string",
            "DestinationIpV6": "string",
            "DestinationPort": number,
            "Direction": "string",
            "Protocol": "string",
            "SourceDomain": "string",
            "SourceIpV4": "string",
            "SourceIpV6": "string",
            "SourceMac": "string",
            "SourcePort": number
         },
         "Note": { 
            "Text": "string",
            "UpdatedAt": "string",
            "UpdatedBy": "string"
         },
         "Process": { 
            "LaunchedAt": "string",
            "Name": "string",
            "ParentPid": number,
            "Path": "string",
            "Pid": number,
            "TerminatedAt": "string"
         },
         "ProductArn": "string",
         "ProductFields": { 
            "string" : "string" 
         },
         "RecordState": "string",
         "RelatedFindings": [ 
            { 
               "Id": "string",
               "ProductArn": "string"
            }
         ],
         "Remediation": { 
            "Recommendation": { 
               "Text": "string",
               "Url": "string"
            }
         },
         "Resources": [ 
            { 
               "Details": { 
                  "AwsEc2Instance": { 
                     "IamInstanceProfileArn": "string",
                     "ImageId": "string",
                     "IpV4Addresses": [ "string" ],
                     "IpV6Addresses": [ "string" ],
                     "KeyName": "string",
                     "LaunchedAt": "string",
                     "SubnetId": "string",
                     "Type": "string",
                     "VpcId": "string"
                  },
                  "AwsIamAccessKey": { 
                     "CreatedAt": "string",
                     "Status": "string",
                     "UserName": "string"
                  },
                  "AwsS3Bucket": { 
                     "OwnerId": "string",
                     "OwnerName": "string"
                  },
                  "Container": { 
                     "ImageId": "string",
                     "ImageName": "string",
                     "LaunchedAt": "string",
                     "Name": "string"
                  },
                  "Other": { 
                     "string" : "string" 
                  }
               },
               "Id": "string",
               "Partition": "string",
               "Region": "string",
               "Tags": { 
                  "string" : "string" 
               },
               "Type": "string"
            }
         ],
         "SchemaVersion": "string",
         "Severity": { 
            "Normalized": number,
            "Product": number
         },
         "SourceUrl": "string",
         "ThreatIntelIndicators": [ 
            { 
               "Category": "string",
               "LastObservedAt": "string",
               "Source": "string",
               "SourceUrl": "string",
               "Type": "string",
               "Value": "string"
            }
         ],
         "Title": "string",
         "Types": [ "string" ],
         "UpdatedAt": "string",
         "UserDefinedFields": { 
            "string" : "string" 
         },
         "VerificationState": "string",
         "WorkflowState": "string"
      }
   ]
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

Findings

A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format.

Type: Array of AwsSecurityFinding objects

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "FailedCount": number,
   "FailedFindings": [ 
      { 
         "ErrorCode": "string",
         "ErrorMessage": "string",
         "Id": "string"
      }
   ],
   "SuccessCount": number
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

FailedCount

The number of findings that failed to import.

Type: Integer

FailedFindings

The list of the findings that failed to import.

Type: Array of ImportFindingsError objects

SuccessCount

The number of findings that were successfully imported.

Type: Integer

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalException

Internal server error.

HTTP Status Code: 500

InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401

InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

HTTP Status Code: 400

LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: