2021/01/21 - AWS SecurityHub - 2 updated api methods
Changes Update securityhub client to latest version
{'Findings': {'Action': {'ActionType': 'string',
'AwsApiCallAction': {'AffectedResources': {'string': 'string'},
'Api': 'string',
'CallerType': 'string',
'DomainDetails': {'Domain': 'string'},
'FirstSeen': 'string',
'LastSeen': 'string',
'RemoteIpDetails': {'City': {'CityName': 'string'},
'Country': {'CountryCode': 'string',
'CountryName': 'string'},
'GeoLocation': {'Lat': 'double',
'Lon': 'double'},
'IpAddressV4': 'string',
'Organization': {'Asn': 'integer',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'}},
'ServiceName': 'string'},
'DnsRequestAction': {'Blocked': 'boolean',
'Domain': 'string',
'Protocol': 'string'},
'NetworkConnectionAction': {'Blocked': 'boolean',
'ConnectionDirection': 'string',
'LocalPortDetails': {'Port': 'integer',
'PortName': 'string'},
'Protocol': 'string',
'RemoteIpDetails': {'City': {'CityName': 'string'},
'Country': {'CountryCode': 'string',
'CountryName': 'string'},
'GeoLocation': {'Lat': 'double',
'Lon': 'double'},
'IpAddressV4': 'string',
'Organization': {'Asn': 'integer',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'}},
'RemotePortDetails': {'Port': 'integer',
'PortName': 'string'}},
'PortProbeAction': {'Blocked': 'boolean',
'PortProbeDetails': [{'LocalIpDetails': {'IpAddressV4': 'string'},
'LocalPortDetails': {'Port': 'integer',
'PortName': 'string'},
'RemoteIpDetails': {'City': {'CityName': 'string'},
'Country': {'CountryCode': 'string',
'CountryName': 'string'},
'GeoLocation': {'Lat': 'double',
'Lon': 'double'},
'IpAddressV4': 'string',
'Organization': {'Asn': 'integer',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'}}}]}},
'Resources': {'Details': {'AwsEc2NetworkInterface': {'IpV6Addresses': [{'IpV6Address': 'string'}],
'PrivateIpAddresses': [{'PrivateDnsName': 'string',
'PrivateIpAddress': 'string'}],
'PublicDnsName': 'string',
'PublicIp': 'string'},
'AwsSsmPatchCompliance': {'Patch': {'ComplianceSummary': {'ComplianceType': 'string',
'CompliantCriticalCount': 'integer',
'CompliantHighCount': 'integer',
'CompliantInformationalCount': 'integer',
'CompliantLowCount': 'integer',
'CompliantMediumCount': 'integer',
'CompliantUnspecifiedCount': 'integer',
'ExecutionType': 'string',
'NonCompliantCriticalCount': 'integer',
'NonCompliantHighCount': 'integer',
'NonCompliantInformationalCount': 'integer',
'NonCompliantLowCount': 'integer',
'NonCompliantMediumCount': 'integer',
'NonCompliantUnspecifiedCount': 'integer',
'OverallSeverity': 'string',
'PatchBaselineId': 'string',
'PatchGroup': 'string',
'Status': 'string'}}}}}}}
Imports security findings generated from an integrated third-party product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub.
The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.
Note
UserDefinedFields
VerificationState
Workflow
BatchImportFindings can be used to update the following finding fields and objects only if they have not been updated using BatchUpdateFindings. After they are updated using BatchUpdateFindings, these fields cannot be updated using BatchImportFindings.
Confidence
Criticality
RelatedFindings
Severity
Types
See also: AWS API Documentation
Request Syntax
# This section is too large to render. # Please see the AWS API Documentation linked below.Parameters
# This section is too large to render. # Please see the AWS API Documentation linked below.
dict
Response Syntax
{
'FailedCount': 123,
'SuccessCount': 123,
'FailedFindings': [
{
'Id': 'string',
'ErrorCode': 'string',
'ErrorMessage': 'string'
},
]
}
Response Structure
(dict) --
FailedCount (integer) --
The number of findings that failed to import.
SuccessCount (integer) --
The number of findings that were successfully imported.
FailedFindings (list) --
The list of findings that failed to import.
(dict) --
The list of the findings that cannot be imported. For each finding, the list provides the error.
Id (string) --
The identifier of the finding that could not be updated.
ErrorCode (string) --
The code of the error returned by the BatchImportFindings operation.
ErrorMessage (string) --
The message of the error returned by the BatchImportFindings operation.
{'Findings': {'Action': {'ActionType': 'string',
'AwsApiCallAction': {'AffectedResources': {'string': 'string'},
'Api': 'string',
'CallerType': 'string',
'DomainDetails': {'Domain': 'string'},
'FirstSeen': 'string',
'LastSeen': 'string',
'RemoteIpDetails': {'City': {'CityName': 'string'},
'Country': {'CountryCode': 'string',
'CountryName': 'string'},
'GeoLocation': {'Lat': 'double',
'Lon': 'double'},
'IpAddressV4': 'string',
'Organization': {'Asn': 'integer',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'}},
'ServiceName': 'string'},
'DnsRequestAction': {'Blocked': 'boolean',
'Domain': 'string',
'Protocol': 'string'},
'NetworkConnectionAction': {'Blocked': 'boolean',
'ConnectionDirection': 'string',
'LocalPortDetails': {'Port': 'integer',
'PortName': 'string'},
'Protocol': 'string',
'RemoteIpDetails': {'City': {'CityName': 'string'},
'Country': {'CountryCode': 'string',
'CountryName': 'string'},
'GeoLocation': {'Lat': 'double',
'Lon': 'double'},
'IpAddressV4': 'string',
'Organization': {'Asn': 'integer',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'}},
'RemotePortDetails': {'Port': 'integer',
'PortName': 'string'}},
'PortProbeAction': {'Blocked': 'boolean',
'PortProbeDetails': [{'LocalIpDetails': {'IpAddressV4': 'string'},
'LocalPortDetails': {'Port': 'integer',
'PortName': 'string'},
'RemoteIpDetails': {'City': {'CityName': 'string'},
'Country': {'CountryCode': 'string',
'CountryName': 'string'},
'GeoLocation': {'Lat': 'double',
'Lon': 'double'},
'IpAddressV4': 'string',
'Organization': {'Asn': 'integer',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'}}}]}},
'Resources': {'Details': {'AwsEc2NetworkInterface': {'IpV6Addresses': [{'IpV6Address': 'string'}],
'PrivateIpAddresses': [{'PrivateDnsName': 'string',
'PrivateIpAddress': 'string'}],
'PublicDnsName': 'string',
'PublicIp': 'string'},
'AwsSsmPatchCompliance': {'Patch': {'ComplianceSummary': {'ComplianceType': 'string',
'CompliantCriticalCount': 'integer',
'CompliantHighCount': 'integer',
'CompliantInformationalCount': 'integer',
'CompliantLowCount': 'integer',
'CompliantMediumCount': 'integer',
'CompliantUnspecifiedCount': 'integer',
'ExecutionType': 'string',
'NonCompliantCriticalCount': 'integer',
'NonCompliantHighCount': 'integer',
'NonCompliantInformationalCount': 'integer',
'NonCompliantLowCount': 'integer',
'NonCompliantMediumCount': 'integer',
'NonCompliantUnspecifiedCount': 'integer',
'OverallSeverity': 'string',
'PatchBaselineId': 'string',
'PatchGroup': 'string',
'Status': 'string'}}}}}}}
Returns a list of findings that match the specified criteria.
See also: AWS API Documentation
Request Syntax
client.get_findings(
Filters={
'ProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'AwsAccountId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Id': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'GeneratorId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Type': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'FirstObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'LastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'CreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'UpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'SeverityProduct': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityNormalized': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'SeverityLabel': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Confidence': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Criticality': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'Title': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Description': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecommendationText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'SourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProductFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ProductName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'CompanyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'UserDefinedFields': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'MalwareName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwarePath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'MalwareState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDirection': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkProtocol': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceIpV4': [
{
'Cidr': 'string'
},
],
'NetworkSourceIpV6': [
{
'Cidr': 'string'
},
],
'NetworkSourcePort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkSourceDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkSourceMac': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NetworkDestinationIpV4': [
{
'Cidr': 'string'
},
],
'NetworkDestinationIpV6': [
{
'Cidr': 'string'
},
],
'NetworkDestinationPort': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'NetworkDestinationDomain': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPath': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ProcessPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessParentPid': [
{
'Gte': 123.0,
'Lte': 123.0,
'Eq': 123.0
},
],
'ProcessLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ProcessTerminatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorValue': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorCategory': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorLastObservedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ThreatIntelIndicatorSource': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ThreatIntelIndicatorSourceUrl': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourcePartition': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceRegion': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceTags': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceType': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIpV4Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceIpV6Addresses': [
{
'Cidr': 'string'
},
],
'ResourceAwsEc2InstanceKeyName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceIamInstanceProfileArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceVpcId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceSubnetId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsEc2InstanceLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceAwsS3BucketOwnerId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsS3BucketOwnerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyUserName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceAwsIamAccessKeyCreatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceContainerName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerImageName': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'ResourceContainerLaunchedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'ResourceDetailsOther': [
{
'Key': 'string',
'Value': 'string',
'Comparison': 'EQUALS'|'NOT_EQUALS'
},
],
'ComplianceStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'VerificationState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'WorkflowStatus': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RecordState': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsProductArn': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'RelatedFindingsId': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteText': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'NoteUpdatedAt': [
{
'Start': 'string',
'End': 'string',
'DateRange': {
'Value': 123,
'Unit': 'DAYS'
}
},
],
'NoteUpdatedBy': [
{
'Value': 'string',
'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
},
],
'Keyword': [
{
'Value': 'string'
},
]
},
SortCriteria=[
{
'Field': 'string',
'SortOrder': 'asc'|'desc'
},
],
NextToken='string',
MaxResults=123
)
**Parameters**
::
# This section is too large to render.
# Please see the AWS API Documentation linked below.
`AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings>`_
dict
Response Syntax
# This section is too large to render. # Please see the AWS API Documentation linked below.
Response Structure
# This section is too large to render. # Please see the AWS API Documentation linked below.