Skip to content

Batch Update Findings V2

securityhub_batch_update_findings_v2 R Documentation

Updates information about a customer's investigation into a finding

Description

Updates information about a customer's investigation into a finding. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their own account.

batch_update_findings and batch_update_findings_v2 both use securityhub:BatchUpdateFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:BatchUpdateFindings action. You can configure IAM policies to restrict access to specific finding fields or field values by using the ⁠securityhub:OCSFSyntaxPath/<fieldName>⁠ condition key, where ⁠<fieldName>⁠ is one of the following supported fields: SeverityId, StatusId, or Comment.

To prevent a user from updating a specific field, use a Null condition with ⁠securityhub:OCSFSyntaxPath/<fieldName>⁠ set to "false". To prevent a user from setting a field to a specific value, use a StringEquals condition with ⁠securityhub:OCSFSyntaxPath/<fieldName>⁠ set to the disallowed value or list of values.

Updates from batch_update_findings_v2 don't affect the value of finding_info.modified_time, finding_info.modified_time_dt, time, or time_dt for a finding.

Usage

securityhub_batch_update_findings_v2(MetadataUids, FindingIdentifiers,
  Comment, SeverityId, StatusId)

Arguments

MetadataUids

The list of finding metadata.uid to indicate findings to update. Finding metadata.uid is a globally unique identifier associated with the finding. Customers cannot use MetadataUids together with FindingIdentifiers.
FindingIdentifiers

Provides information to identify a specific V2 finding.
Comment

The updated value for a user provided comment about the finding. Minimum character length 1. Maximum character length 512.
SeverityId

The updated value for the normalized severity identifier. The severity ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 6, 99]. When customer provides the updated severity ID, the string sibling severity will automatically be updated in the finding.
StatusId

The updated value for the normalized status identifier. The status ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 99]. When customer provides the updated status ID, the string sibling status will automatically be updated in the finding.

Value

A list with the following syntax:

list(
  ProcessedFindings = list(
    list(
      FindingIdentifier = list(
        CloudAccountUid = "string",
        FindingInfoUid = "string",
        MetadataProductUid = "string"
      ),
      MetadataUid = "string"
    )
  ),
  UnprocessedFindings = list(
    list(
      FindingIdentifier = list(
        CloudAccountUid = "string",
        FindingInfoUid = "string",
        MetadataProductUid = "string"
      ),
      MetadataUid = "string",
      ErrorCode = "ResourceNotFoundException"|"ValidationException"|"InternalServerException"|"ConflictException",
      ErrorMessage = "string"
    )
  )
)

Request syntax

svc$batch_update_findings_v2(
  MetadataUids = list(
    "string"
  ),
  FindingIdentifiers = list(
    list(
      CloudAccountUid = "string",
      FindingInfoUid = "string",
      MetadataProductUid = "string"
    )
  ),
  Comment = "string",
  SeverityId = 123,
  StatusId = 123
)