- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
UpdateFindingsCommand
UpdateFindings is a deprecated operation. Instead of UpdateFindings, use the BatchUpdateFindings operation.
The UpdateFindings operation updates the Note and RecordState of the Security Hub aggregated findings that the filter attributes specify. Any member account that can view the finding can also see the update to the finding.
Finding updates made with UpdateFindings aren't persisted if the same finding is later updated by the finding provider through the BatchImportFindings operation. In addition, Security Hub doesn't record updates made with UpdateFindings in the finding history.
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { SecurityHubClient, UpdateFindingsCommand } from "@aws-sdk/client-securityhub"; // ES Modules import
// const { SecurityHubClient, UpdateFindingsCommand } = require("@aws-sdk/client-securityhub"); // CommonJS import
const client = new SecurityHubClient(config);
const input = { // UpdateFindingsRequest
Filters: { // AwsSecurityFindingFilters
ProductArn: [ // StringFilterList
{ // StringFilter
Value: "STRING_VALUE",
Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
AwsAccountId: [
{
Value: "STRING_VALUE",
Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
Id: [
{
Value: "STRING_VALUE",
Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
GeneratorId: [
{
Value: "STRING_VALUE",
Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
Region: [
{
Value: "STRING_VALUE",
Comparison: "EQUALS" || "PREFIX" || "NOT_EQUALS" || "PREFIX_NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
Type: "<StringFilterList>",
FirstObservedAt: [ // DateFilterList
{ // DateFilter
Start: "STRING_VALUE",
End: "STRING_VALUE",
DateRange: { // DateRange
Value: Number("int"),
Unit: "DAYS",
},
},
],
LastObservedAt: [
{
Start: "STRING_VALUE",
End: "STRING_VALUE",
DateRange: {
Value: Number("int"),
Unit: "DAYS",
},
},
],
CreatedAt: [
{
Start: "STRING_VALUE",
End: "STRING_VALUE",
DateRange: {
Value: Number("int"),
Unit: "DAYS",
},
},
],
UpdatedAt: [
{
Start: "STRING_VALUE",
End: "STRING_VALUE",
DateRange: {
Value: Number("int"),
Unit: "DAYS",
},
},
],
SeverityProduct: [ // NumberFilterList
{ // NumberFilter
Gte: Number("double"),
Lte: Number("double"),
Eq: Number("double"),
Gt: Number("double"),
Lt: Number("double"),
},
],
SeverityNormalized: [
{
Gte: Number("double"),
Lte: Number("double"),
Eq: Number("double"),
Gt: Number("double"),
Lt: Number("double"),
},
],
SeverityLabel: "<StringFilterList>",
Confidence: [
{
Gte: Number("double"),
Lte: Number("double"),
Eq: Number("double"),
Gt: Number("double"),
Lt: Number("double"),
},
],
Criticality: [
{
Gte: Number("double"),
Lte: Number("double"),
Eq: Number("double"),
Gt: Number("double"),
Lt: Number("double"),
},
],
Title: "<StringFilterList>",
Description: "<StringFilterList>",
RecommendationText: "<StringFilterList>",
SourceUrl: "<StringFilterList>",
ProductFields: [ // MapFilterList
{ // MapFilter
Key: "STRING_VALUE",
Value: "STRING_VALUE",
Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
ProductName: "<StringFilterList>",
CompanyName: "<StringFilterList>",
UserDefinedFields: [
{
Key: "STRING_VALUE",
Value: "STRING_VALUE",
Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
MalwareName: "<StringFilterList>",
MalwareType: "<StringFilterList>",
MalwarePath: "<StringFilterList>",
MalwareState: "<StringFilterList>",
NetworkDirection: "<StringFilterList>",
NetworkProtocol: "<StringFilterList>",
NetworkSourceIpV4: [ // IpFilterList
{ // IpFilter
Cidr: "STRING_VALUE",
},
],
NetworkSourceIpV6: [
{
Cidr: "STRING_VALUE",
},
],
NetworkSourcePort: [
{
Gte: Number("double"),
Lte: Number("double"),
Eq: Number("double"),
Gt: Number("double"),
Lt: Number("double"),
},
],
NetworkSourceDomain: "<StringFilterList>",
NetworkSourceMac: "<StringFilterList>",
NetworkDestinationIpV4: [
{
Cidr: "STRING_VALUE",
},
],
NetworkDestinationIpV6: [
{
Cidr: "STRING_VALUE",
},
],
NetworkDestinationPort: "<NumberFilterList>",
NetworkDestinationDomain: "<StringFilterList>",
ProcessName: "<StringFilterList>",
ProcessPath: "<StringFilterList>",
ProcessPid: "<NumberFilterList>",
ProcessParentPid: "<NumberFilterList>",
ProcessLaunchedAt: [
{
Start: "STRING_VALUE",
End: "STRING_VALUE",
DateRange: {
Value: Number("int"),
Unit: "DAYS",
},
},
],
ProcessTerminatedAt: "<DateFilterList>",
ThreatIntelIndicatorType: "<StringFilterList>",
ThreatIntelIndicatorValue: "<StringFilterList>",
ThreatIntelIndicatorCategory: "<StringFilterList>",
ThreatIntelIndicatorLastObservedAt: "<DateFilterList>",
ThreatIntelIndicatorSource: "<StringFilterList>",
ThreatIntelIndicatorSourceUrl: "<StringFilterList>",
ResourceType: "<StringFilterList>",
ResourceId: "<StringFilterList>",
ResourcePartition: "<StringFilterList>",
ResourceRegion: "<StringFilterList>",
ResourceTags: [
{
Key: "STRING_VALUE",
Value: "STRING_VALUE",
Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
ResourceAwsEc2InstanceType: "<StringFilterList>",
ResourceAwsEc2InstanceImageId: "<StringFilterList>",
ResourceAwsEc2InstanceIpV4Addresses: [
{
Cidr: "STRING_VALUE",
},
],
ResourceAwsEc2InstanceIpV6Addresses: "<IpFilterList>",
ResourceAwsEc2InstanceKeyName: "<StringFilterList>",
ResourceAwsEc2InstanceIamInstanceProfileArn: "<StringFilterList>",
ResourceAwsEc2InstanceVpcId: "<StringFilterList>",
ResourceAwsEc2InstanceSubnetId: "<StringFilterList>",
ResourceAwsEc2InstanceLaunchedAt: "<DateFilterList>",
ResourceAwsS3BucketOwnerId: "<StringFilterList>",
ResourceAwsS3BucketOwnerName: "<StringFilterList>",
ResourceAwsIamAccessKeyUserName: "<StringFilterList>",
ResourceAwsIamAccessKeyPrincipalName: "<StringFilterList>",
ResourceAwsIamAccessKeyStatus: "<StringFilterList>",
ResourceAwsIamAccessKeyCreatedAt: "<DateFilterList>",
ResourceAwsIamUserUserName: "<StringFilterList>",
ResourceContainerName: "<StringFilterList>",
ResourceContainerImageId: "<StringFilterList>",
ResourceContainerImageName: "<StringFilterList>",
ResourceContainerLaunchedAt: "<DateFilterList>",
ResourceDetailsOther: [
{
Key: "STRING_VALUE",
Value: "STRING_VALUE",
Comparison: "EQUALS" || "NOT_EQUALS" || "CONTAINS" || "NOT_CONTAINS",
},
],
ComplianceStatus: "<StringFilterList>",
VerificationState: "<StringFilterList>",
WorkflowState: "<StringFilterList>",
WorkflowStatus: "<StringFilterList>",
RecordState: "<StringFilterList>",
RelatedFindingsProductArn: "<StringFilterList>",
RelatedFindingsId: "<StringFilterList>",
NoteText: "<StringFilterList>",
NoteUpdatedAt: "<DateFilterList>",
NoteUpdatedBy: "<StringFilterList>",
Keyword: [ // KeywordFilterList
{ // KeywordFilter
Value: "STRING_VALUE",
},
],
FindingProviderFieldsConfidence: "<NumberFilterList>",
FindingProviderFieldsCriticality: "<NumberFilterList>",
FindingProviderFieldsRelatedFindingsId: "<StringFilterList>",
FindingProviderFieldsRelatedFindingsProductArn: "<StringFilterList>",
FindingProviderFieldsSeverityLabel: "<StringFilterList>",
FindingProviderFieldsSeverityOriginal: "<StringFilterList>",
FindingProviderFieldsTypes: "<StringFilterList>",
Sample: [ // BooleanFilterList
{ // BooleanFilter
Value: true || false,
},
],
ComplianceSecurityControlId: "<StringFilterList>",
ComplianceAssociatedStandardsId: "<StringFilterList>",
VulnerabilitiesExploitAvailable: "<StringFilterList>",
VulnerabilitiesFixAvailable: "<StringFilterList>",
ComplianceSecurityControlParametersName: "<StringFilterList>",
ComplianceSecurityControlParametersValue: "<StringFilterList>",
AwsAccountName: "<StringFilterList>",
ResourceApplicationName: "<StringFilterList>",
ResourceApplicationArn: "<StringFilterList>",
},
Note: { // NoteUpdate
Text: "STRING_VALUE", // required
UpdatedBy: "STRING_VALUE", // required
},
RecordState: "ACTIVE" || "ARCHIVED",
};
const command = new UpdateFindingsCommand(input);
const response = await client.send(command);
// {};
UpdateFindingsCommand Input
See UpdateFindingsCommandInput for more details
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
FiltersRequired | AwsSecurityFindingFilters | undefined | A collection of attributes that specify which findings you want to update. |
Note | NoteUpdate | undefined | The updated note for the finding. |
RecordState | RecordState | undefined | The updated record state for the finding. |
UpdateFindingsCommand Output
See UpdateFindingsCommandOutput for details
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| InternalException | server | Internal server error. |
| InvalidAccessException | client | The account doesn't have permission to perform this action. |
| InvalidInputException | client | The request was rejected because you supplied an invalid or out-of-range value for an input parameter. |
| LimitExceededException | client | The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded. |
| ResourceNotFoundException | client | The request was rejected because we can't find the specified resource. |
| SecurityHubServiceException | Base exception class for all service exceptions from SecurityHub service. |