AWS Security Hub
API Reference (API Version 2018-10-26)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Imports security findings generated from an integrated third-party product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub. The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

Request Syntax

POST /findings/import HTTP/1.1 Content-type: application/json { "Findings": [ { "AwsAccountId": "string", "Compliance": { "Status": "string" }, "Confidence": number, "CreatedAt": "string", "Criticality": number, "Description": "string", "FirstObservedAt": "string", "GeneratorId": "string", "Id": "string", "LastObservedAt": "string", "Malware": [ { "Name": "string", "Path": "string", "State": "string", "Type": "string" } ], "Network": { "DestinationDomain": "string", "DestinationIpV4": "string", "DestinationIpV6": "string", "DestinationPort": number, "Direction": "string", "Protocol": "string", "SourceDomain": "string", "SourceIpV4": "string", "SourceIpV6": "string", "SourceMac": "string", "SourcePort": number }, "Note": { "Text": "string", "UpdatedAt": "string", "UpdatedBy": "string" }, "Process": { "LaunchedAt": "string", "Name": "string", "ParentPid": number, "Path": "string", "Pid": number, "TerminatedAt": "string" }, "ProductArn": "string", "ProductFields": { "string" : "string" }, "RecordState": "string", "RelatedFindings": [ { "Id": "string", "ProductArn": "string" } ], "Remediation": { "Recommendation": { "Text": "string", "Url": "string" } }, "Resources": [ { "Details": { "AwsEc2Instance": { "IamInstanceProfileArn": "string", "ImageId": "string", "IpV4Addresses": [ "string" ], "IpV6Addresses": [ "string" ], "KeyName": "string", "LaunchedAt": "string", "SubnetId": "string", "Type": "string", "VpcId": "string" }, "AwsIamAccessKey": { "CreatedAt": "string", "Status": "string", "UserName": "string" }, "AwsS3Bucket": { "OwnerId": "string", "OwnerName": "string" }, "Container": { "ImageId": "string", "ImageName": "string", "LaunchedAt": "string", "Name": "string" }, "Other": { "string" : "string" } }, "Id": "string", "Partition": "string", "Region": "string", "Tags": { "string" : "string" }, "Type": "string" } ], "SchemaVersion": "string", "Severity": { "Normalized": number, "Product": number }, "SourceUrl": "string", "ThreatIntelIndicators": [ { "Category": "string", "LastObservedAt": "string", "Source": "string", "SourceUrl": "string", "Type": "string", "Value": "string" } ], "Title": "string", "Types": [ "string" ], "UpdatedAt": "string", "UserDefinedFields": { "string" : "string" }, "VerificationState": "string", "WorkflowState": "string" } ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format. Maximum of 100 findings per request.

Type: Array of AwsSecurityFinding objects

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "FailedCount": number, "FailedFindings": [ { "ErrorCode": "string", "ErrorMessage": "string", "Id": "string" } ], "SuccessCount": number }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The number of findings that failed to import.

Type: Integer


The list of the findings that failed to import.

Type: Array of ImportFindingsError objects


The number of findings that were successfully imported.

Type: Integer


For information about the errors that are common to all actions, see Common Errors.


Internal server error.

HTTP Status Code: 500


AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401


The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

HTTP Status Code: 400


The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: