BatchImportFindings
Imports security findings generated from an integrated third-party product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub.
The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings cannot be used to update
the following finding fields and objects, which Security Hub customers use to manage
their
investigation workflow.
-
Confidence -
Criticality -
Note -
RelatedFindings -
Severity -
Types -
UserDefinedFields -
VerificationState -
Workflow
Request Syntax
POST /findings/import HTTP/1.1
Content-type: application/json
{
"Findings": [
{
"AwsAccountId": "string",
"Compliance": {
"RelatedRequirements": [ "string" ],
"Status": "string",
"StatusReasons": [
{
"Description": "string",
"ReasonCode": "string"
}
]
},
"Confidence": number,
"CreatedAt": "string",
"Criticality": number,
"Description": "string",
"FirstObservedAt": "string",
"GeneratorId": "string",
"Id": "string",
"LastObservedAt": "string",
"Malware": [
{
"Name": "string",
"Path": "string",
"State": "string",
"Type": "string"
}
],
"Network": {
"DestinationDomain": "string",
"DestinationIpV4": "string",
"DestinationIpV6": "string",
"DestinationPort": number,
"Direction": "string",
"OpenPortRange": {
"Begin": number,
"End": number
},
"Protocol": "string",
"SourceDomain": "string",
"SourceIpV4": "string",
"SourceIpV6": "string",
"SourceMac": "string",
"SourcePort": number
},
"NetworkPath": [
{
"ComponentId": "string",
"ComponentType": "string",
"Egress": {
"Destination": {
"Address": [ "string" ],
"PortRanges": [
{
"Begin": number,
"End": number
}
]
},
"Protocol": "string",
"Source": {
"Address": [ "string" ],
"PortRanges": [
{
"Begin": number,
"End": number
}
]
}
},
"Ingress": {
"Destination": {
"Address": [ "string" ],
"PortRanges": [
{
"Begin": number,
"End": number
}
]
},
"Protocol": "string",
"Source": {
"Address": [ "string" ],
"PortRanges": [
{
"Begin": number,
"End": number
}
]
}
}
}
],
"Note": {
"Text": "string",
"UpdatedAt": "string",
"UpdatedBy": "string"
},
"Process": {
"LaunchedAt": "string",
"Name": "string",
"ParentPid": number,
"Path": "string",
"Pid": number,
"TerminatedAt": "string"
},
"ProductArn": "string",
"ProductFields": {
"string" : "string"
},
"RecordState": "string",
"RelatedFindings": [
{
"Id": "string",
"ProductArn": "string"
}
],
"Remediation": {
"Recommendation": {
"Text": "string",
"Url": "string"
}
},
"Resources": [
{
"Details": {
"AwsAutoScalingAutoScalingGroup": {
"CreatedTime": "string",
"HealthCheckGracePeriod": number,
"HealthCheckType": "string",
"LaunchConfigurationName": "string",
"LoadBalancerNames": [ "string" ]
},
"AwsCloudFrontDistribution": {
"DomainName": "string",
"ETag": "string",
"LastModifiedTime": "string",
"Logging": {
"Bucket": "string",
"Enabled": boolean,
"IncludeCookies": boolean,
"Prefix": "string"
},
"Origins": {
"Items": [
{
"DomainName": "string",
"Id": "string",
"OriginPath": "string"
}
]
},
"Status": "string",
"WebAclId": "string"
},
"AwsCodeBuildProject": {
"EncryptionKey": "string",
"Environment": {
"Certificate": "string",
"ImagePullCredentialsType": "string",
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"GitCloneDepth": number,
"InsecureSsl": boolean,
"Location": "string",
"Type": "string"
},
"VpcConfig": {
"SecurityGroupIds": [ "string" ],
"Subnets": [ "string" ],
"VpcId": "string"
}
},
"AwsEc2Instance": {
"IamInstanceProfileArn": "string",
"ImageId": "string",
"IpV4Addresses": [ "string" ],
"IpV6Addresses": [ "string" ],
"KeyName": "string",
"LaunchedAt": "string",
"SubnetId": "string",
"Type": "string",
"VpcId": "string"
},
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachmentId": "string",
"AttachTime": "string",
"DeleteOnTermination": boolean,
"DeviceIndex": number,
"InstanceId": "string",
"InstanceOwnerId": "string",
"Status": "string"
},
"NetworkInterfaceId": "string",
"SecurityGroups": [
{
"GroupId": "string",
"GroupName": "string"
}
],
"SourceDestCheck": boolean
},
"AwsEc2SecurityGroup": {
"GroupId": "string",
"GroupName": "string",
"IpPermissions": [
{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [
{
"CidrIp": "string"
}
],
"Ipv6Ranges": [
{
"CidrIpv6": "string"
}
],
"PrefixListIds": [
{
"PrefixListId": "string"
}
],
"ToPort": number,
"UserIdGroupPairs": [
{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}
]
}
],
"IpPermissionsEgress": [
{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [
{
"CidrIp": "string"
}
],
"Ipv6Ranges": [
{
"CidrIpv6": "string"
}
],
"PrefixListIds": [
{
"PrefixListId": "string"
}
],
"ToPort": number,
"UserIdGroupPairs": [
{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}
]
}
],
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2Volume": {
"Attachments": [
{
"AttachTime": "string",
"DeleteOnTermination": boolean,
"InstanceId": "string",
"Status": "string"
}
],
"CreateTime": "string",
"Encrypted": boolean,
"KmsKeyId": "string",
"Size": number,
"SnapshotId": "string",
"Status": "string"
},
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [
{
"AssociationId": "string",
"CidrBlock": "string",
"CidrBlockState": "string"
}
],
"DhcpOptionsId": "string",
"Ipv6CidrBlockAssociationSet": [
{
"AssociationId": "string",
"CidrBlockState": "string",
"Ipv6CidrBlock": "string"
}
],
"State": "string"
},
"AwsElasticsearchDomain": {
"AccessPolicies": "string",
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"DomainId": "string",
"DomainName": "string",
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"Endpoint": "string",
"Endpoints": {
"string" : "string"
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"VPCOptions": {
"AvailabilityZones": [ "string" ],
"SecurityGroupIds": [ "string" ],
"SubnetIds": [ "string" ],
"VPCId": "string"
}
},
"AwsElbv2LoadBalancer": {
"AvailabilityZones": [
{
"SubnetId": "string",
"ZoneName": "string"
}
],
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"Scheme": "string",
"SecurityGroups": [ "string" ],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
},
"AwsIamAccessKey": {
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"Status": "string",
"UserName": "string"
},
"AwsIamRole": {
"AssumeRolePolicyDocument": "string",
"CreateDate": "string",
"MaxSessionDuration": number,
"Path": "string",
"RoleId": "string",
"RoleName": "string"
},
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": number,
"KeyId": "string",
"KeyManager": "string",
"KeyState": "string",
"Origin": "string"
},
"AwsLambdaFunction": {
"Code": {
"S3Bucket": "string",
"S3Key": "string",
"S3ObjectVersion": "string",
"ZipFile": "string"
},
"CodeSha256": "string",
"DeadLetterConfig": {
"TargetArn": "string"
},
"Environment": {
"Error": {
"ErrorCode": "string",
"Message": "string"
},
"Variables": {
"string" : "string"
}
},
"FunctionName": "string",
"Handler": "string",
"KmsKeyArn": "string",
"LastModified": "string",
"Layers": [
{
"Arn": "string",
"CodeSize": number
}
],
"MasterArn": "string",
"MemorySize": number,
"RevisionId": "string",
"Role": "string",
"Runtime": "string",
"Timeout": number,
"TracingConfig": {
"Mode": "string"
},
"Version": "string",
"VpcConfig": {
"SecurityGroupIds": [ "string" ],
"SubnetIds": [ "string" ],
"VpcId": "string"
}
},
"AwsLambdaLayerVersion": {
"CompatibleRuntimes": [ "string" ],
"CreatedDate": "string",
"Version": number
},
"AwsRdsDbInstance": {
"AssociatedRoles": [
{
"FeatureName": "string",
"RoleArn": "string",
"Status": "string"
}
],
"CACertificateIdentifier": "string",
"DBClusterIdentifier": "string",
"DBInstanceClass": "string",
"DBInstanceIdentifier": "string",
"DbInstancePort": number,
"DbiResourceId": "string",
"DBName": "string",
"DeletionProtection": boolean,
"Endpoint": {
"Address": "string",
"HostedZoneId": "string",
"Port": number
},
"Engine": "string",
"EngineVersion": "string",
"IAMDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"KmsKeyId": "string",
"PubliclyAccessible": boolean,
"StorageEncrypted": boolean,
"TdeCredentialArn": "string",
"VpcSecurityGroups": [
{
"Status": "string",
"VpcSecurityGroupId": "string"
}
]
},
"AwsS3Bucket": {
"CreatedAt": "string",
"OwnerId": "string",
"OwnerName": "string",
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"KMSMasterKeyID": "string",
"SSEAlgorithm": "string"
}
}
]
}
},
"AwsS3Object": {
"ContentType": "string",
"ETag": "string",
"LastModified": "string",
"ServerSideEncryption": "string",
"SSEKMSKeyId": "string",
"VersionId": "string"
},
"AwsSnsTopic": {
"KmsMasterKeyId": "string",
"Owner": "string",
"Subscription": [
{
"Endpoint": "string",
"Protocol": "string"
}
],
"TopicName": "string"
},
"AwsSqsQueue": {
"DeadLetterTargetArn": "string",
"KmsDataKeyReusePeriodSeconds": number,
"KmsMasterKeyId": "string",
"QueueName": "string"
},
"AwsWafWebAcl": {
"DefaultAction": "string",
"Name": "string",
"Rules": [
{
"Action": {
"Type": "string"
},
"ExcludedRules": [
{
"RuleId": "string"
}
],
"OverrideAction": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}
],
"WebAclId": "string"
},
"Container": {
"ImageId": "string",
"ImageName": "string",
"LaunchedAt": "string",
"Name": "string"
},
"Other": {
"string" : "string"
}
},
"Id": "string",
"Partition": "string",
"Region": "string",
"Tags": {
"string" : "string"
},
"Type": "string"
}
],
"SchemaVersion": "string",
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string",
"Product": number
},
"SourceUrl": "string",
"ThreatIntelIndicators": [
{
"Category": "string",
"LastObservedAt": "string",
"Source": "string",
"SourceUrl": "string",
"Type": "string",
"Value": "string"
}
],
"Title": "string",
"Types": [ "string" ],
"UpdatedAt": "string",
"UserDefinedFields": {
"string" : "string"
},
"VerificationState": "string",
"Vulnerabilities": [
{
"Cvss": [
{
"BaseScore": number,
"BaseVector": "string",
"Version": "string"
}
],
"Id": "string",
"ReferenceUrls": [ "string" ],
"RelatedVulnerabilities": [ "string" ],
"Vendor": {
"Name": "string",
"Url": "string",
"VendorCreatedAt": "string",
"VendorSeverity": "string",
"VendorUpdatedAt": "string"
},
"VulnerablePackages": [
{
"Architecture": "string",
"Epoch": "string",
"Name": "string",
"Release": "string",
"Version": "string"
}
]
}
],
"Workflow": {
"Status": "string"
},
"WorkflowState": "string"
}
]
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- Findings
-
A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format. Maximum of 100 findings per request.
Type: Array of AwsSecurityFinding objects
Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"FailedCount": number,
"FailedFindings": [
{
"ErrorCode": "string",
"ErrorMessage": "string",
"Id": "string"
}
],
"SuccessCount": number
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- FailedCount
-
The number of findings that failed to import.
Type: Integer
- FailedFindings
-
The list of findings that failed to import.
Type: Array of ImportFindingsError objects
- SuccessCount
-
The number of findings that were successfully imported.
Type: Integer
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalException
-
Internal server error.
HTTP Status Code: 500
- InvalidAccessException
-
AWS Security Hub isn't enabled for the account used to make this request.
HTTP Status Code: 401
- InvalidInputException
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
HTTP Status Code: 400
- LimitExceededException
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.
HTTP Status Code: 429
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
