View a markdown version of this page

UpdateThreat - AWS Security Agent

UpdateThreat

Updates a threat.

Request Syntax

POST /UpdateThreat HTTP/1.1 Content-type: application/json { "agentSpaceId": "string", "anchor": { "id": "string", "kind": "string", "packageId": "string" }, "comments": "string", "evidence": [ { "packageId": "string", "path": "string" } ], "impactedAssets": [ "string" ], "impactedGoal": [ "string" ], "prerequisites": "string", "recommendation": "string", "severity": "string", "statement": "string", "status": "string", "threatAction": "string", "threatId": "string", "threatImpact": "string", "threatSource": "string", "title": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

agentSpaceId

The unique identifier of the agent space.

Type: String

Required: Yes

anchor

The updated DFD element this threat is anchored to.

Type: ThreatAnchorShape object

Required: No

comments

Optional customer comment.

Type: String

Required: No

evidence

The updated source code files supporting the threat.

Type: Array of ThreatEvidenceShape objects

Required: No

impactedAssets

The updated list of specific assets affected by the threat.

Type: Array of strings

Required: No

impactedGoal

The updated security goals affected by the threat.

Type: Array of strings

Required: No

prerequisites

The updated conditions required for the threat to be exploitable.

Type: String

Required: No

recommendation

The updated recommended mitigation guidance for this threat.

Type: String

Required: No

severity

The updated severity level of the threat.

Type: String

Valid Values: CRITICAL | HIGH | MEDIUM | LOW | INFO

Required: No

statement

The updated natural-language threat statement.

Type: String

Required: No

status

The updated status of the threat.

Type: String

Valid Values: OPEN | RESOLVED | DISMISSED

Required: No

threatAction

The updated description of what the threat source can do.

Type: String

Required: No

threatId

The unique identifier of the threat to update.

Type: String

Required: Yes

threatImpact

The updated direct consequence of the threat action.

Type: String

Required: No

threatSource

The updated actor or origin of the threat.

Type: String

Required: No

title

A short title summarizing the threat.

Type: String

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "anchor": { "id": "string", "kind": "string", "packageId": "string" }, "comments": "string", "createdAt": "string", "createdBy": "string", "evidence": [ { "packageId": "string", "path": "string" } ], "impactedAssets": [ "string" ], "impactedGoal": [ "string" ], "prerequisites": "string", "recommendation": "string", "severity": "string", "statement": "string", "status": "string", "stride": [ "string" ], "threatAction": "string", "threatId": "string", "threatImpact": "string", "threatJobId": "string", "threatSource": "string", "title": "string", "updatedAt": "string", "updatedBy": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

anchor

The DFD element this threat is anchored to.

Type: ThreatAnchorShape object

comments

Optional customer comment on the threat.

Type: String

createdAt

The date and time the threat was created, in UTC format.

Type: Timestamp

createdBy

Who created this threat.

Type: String

Valid Values: CUSTOMER | AGENT

evidence

The source code files supporting the threat.

Type: Array of ThreatEvidenceShape objects

impactedAssets

The specific assets affected by the threat.

Type: Array of strings

impactedGoal

The security goals affected by the threat.

Type: Array of strings

prerequisites

The conditions required for the threat to be exploitable.

Type: String

recommendation

The recommended mitigation guidance for this threat.

Type: String

severity

The severity level of the threat.

Type: String

Valid Values: CRITICAL | HIGH | MEDIUM | LOW | INFO

statement

The natural-language threat statement.

Type: String

status

The current status of the threat.

Type: String

Valid Values: OPEN | RESOLVED | DISMISSED

stride

The STRIDE categories applicable to this threat.

Type: Array of strings

Valid Values: SPOOFING | TAMPERING | REPUDIATION | INFORMATION_DISCLOSURE | DENIAL_OF_SERVICE | ELEVATION_OF_PRIVILEGE

threatAction

What the threat source can do.

Type: String

threatId

The unique identifier of the threat.

Type: String

threatImpact

The direct consequence of the threat action.

Type: String

threatJobId

The unique identifier of the threat model job the threat belongs to.

Type: String

threatSource

The actor or origin of the threat.

Type: String

title

A short title summarizing the threat.

Type: String

updatedAt

The date and time the threat was last updated, in UTC format.

Type: Timestamp

updatedBy

Who last updated this threat.

Type: String

Valid Values: CUSTOMER | AGENT

Errors

For information about the errors that are common to all actions, see Common Error Types.

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: