Imports security findings that are generated by the integrated third-party products into Security Hub.
securityhub_batch_import_findings(Findings)[required] A list of findings that you want to import. Must be submitted in the AWSSecurityFinding format.
svc$batch_import_findings(
Findings = list(
list(
SchemaVersion = "string",
Id = "string",
ProductArn = "string",
GeneratorId = "string",
AwsAccountId = "string",
Types = list(
"string"
),
FirstObservedAt = "string",
LastObservedAt = "string",
CreatedAt = "string",
UpdatedAt = "string",
Severity = list(
Product = 123.0,
Normalized = 123
),
Confidence = 123,
Criticality = 123,
Title = "string",
Description = "string",
Remediation = list(
Recommendation = list(
Text = "string",
Url = "string"
)
),
SourceUrl = "string",
ProductFields = list(
"string"
),
UserDefinedFields = list(
"string"
),
Malware = list(
list(
Name = "string",
Type = "ADWARE"|"BLENDED_THREAT"|"BOTNET_AGENT"|"COIN_MINER"|"EXPLOIT_KIT"|"KEYLOGGER"|"MACRO"|"POTENTIALLY_UNWANTED"|"SPYWARE"|"RANSOMWARE"|"REMOTE_ACCESS"|"ROOTKIT"|"TROJAN"|"VIRUS"|"WORM",
Path = "string",
State = "OBSERVED"|"REMOVAL_FAILED"|"REMOVED"
)
),
Network = list(
Direction = "IN"|"OUT",
Protocol = "string",
SourceIpV4 = "string",
SourceIpV6 = "string",
SourcePort = 123,
SourceDomain = "string",
SourceMac = "string",
DestinationIpV4 = "string",
DestinationIpV6 = "string",
DestinationPort = 123,
DestinationDomain = "string"
),
Process = list(
Name = "string",
Path = "string",
Pid = 123,
ParentPid = 123,
LaunchedAt = "string",
TerminatedAt = "string"
),
ThreatIntelIndicators = list(
list(
Type = "DOMAIN"|"EMAIL_ADDRESS"|"HASH_MD5"|"HASH_SHA1"|"HASH_SHA256"|"HASH_SHA512"|"IPV4_ADDRESS"|"IPV6_ADDRESS"|"MUTEX"|"PROCESS"|"URL",
Value = "string",
Category = "BACKDOOR"|"CARD_STEALER"|"COMMAND_AND_CONTROL"|"DROP_SITE"|"EXPLOIT_SITE"|"KEYLOGGER",
LastObservedAt = "string",
Source = "string",
SourceUrl = "string"
)
),
Resources = list(
list(
Type = "string",
Id = "string",
Partition = "aws"|"aws-cn"|"aws-us-gov",
Region = "string",
Tags = list(
"string"
),
Details = list(
AwsEc2Instance = list(
Type = "string",
ImageId = "string",
IpV4Addresses = list(
"string"
),
IpV6Addresses = list(
"string"
),
KeyName = "string",
IamInstanceProfileArn = "string",
VpcId = "string",
SubnetId = "string",
LaunchedAt = "string"
),
AwsS3Bucket = list(
OwnerId = "string",
OwnerName = "string"
),
AwsIamAccessKey = list(
UserName = "string",
Status = "Active"|"Inactive",
CreatedAt = "string"
),
Container = list(
Name = "string",
ImageId = "string",
ImageName = "string",
LaunchedAt = "string"
),
Other = list(
"string"
)
)
)
),
Compliance = list(
Status = "PASSED"|"WARNING"|"FAILED"|"NOT_AVAILABLE"
),
VerificationState = "UNKNOWN"|"TRUE_POSITIVE"|"FALSE_POSITIVE"|"BENIGN_POSITIVE",
WorkflowState = "NEW"|"ASSIGNED"|"IN_PROGRESS"|"DEFERRED"|"RESOLVED",
RecordState = "ACTIVE"|"ARCHIVED",
RelatedFindings = list(
list(
ProductArn = "string",
Id = "string"
)
),
Note = list(
Text = "string",
UpdatedBy = "string",
UpdatedAt = "string"
)
)
)
)