securityhub/aws.sdk.kotlin.services.securityhub/batchImportFindings

batchImportFindings

inline suspend fun SecurityHubClient.batchImportFindings(crossinline block: BatchImportFindingsRequest.Builder.() -> Unit): BatchImportFindingsResponse

Imports security findings generated by a finding provider into Security Hub CSPM. This action is requested by the finding provider to import its findings into Security Hub CSPM.

BatchImportFindings must be called by one of the following:

The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.
An Amazon Web Services account that Security Hub CSPM has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub CSPM customers use to manage their investigation workflow.

Note
UserDefinedFields
VerificationState
Workflow

Finding providers also should not use BatchImportFindings to update the following attributes.

Confidence
Criticality
RelatedFindings
Severity
Types

Instead, finding providers use FindingProviderFields to provide values for these attributes.

Samples

import aws.sdk.kotlin.services.securityhub.model.AwsSecurityFinding
import aws.sdk.kotlin.services.securityhub.model.FindingProviderFields
import aws.sdk.kotlin.services.securityhub.model.FindingProviderSeverity
import aws.sdk.kotlin.services.securityhub.model.Partition
import aws.sdk.kotlin.services.securityhub.model.Resource
import aws.sdk.kotlin.services.securityhub.model.SeverityLabel

fun main() { 
   //sampleStart 
   // The following example imports findings from a third party provider to Security Hub.
val resp = securityHubClient.batchImportFindings {
    findings = listOf<AwsSecurityFinding>(
        AwsSecurityFinding {
            awsAccountId = "123456789012"
            createdAt = "2020-05-27T17:05:54.832Z"
            description = "Vulnerability in a CloudTrail trail"
            findingProviderFields = FindingProviderFields {
                severity = FindingProviderSeverity {
                    label = SeverityLabel.fromValue("LOW")
                    original = "10"
                }
                types = listOf<String>(
                    "Software and Configuration Checks/Vulnerabilities/CVE"
                )
            }
            generatorId = "TestGeneratorId"
            id = "Id1"
            productArn = "arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default"
            resources = listOf<Resource>(
                Resource {
                    id = "arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName"
                    partition = Partition.fromValue("aws")
                    region = "us-west-1"
                    type = "AwsCloudTrailTrail"
                }                    
            )
            schemaVersion = "2018-10-08"
            title = "CloudTrail trail vulnerability"
            updatedAt = "2020-06-02T16:05:54.832Z"
        }            
    )
} 
   //sampleEnd
}