UpdateThreat
Updates a threat.
Request Syntax
POST /UpdateThreat HTTP/1.1
Content-type: application/json
{
"agentSpaceId": "string",
"anchor": {
"id": "string",
"kind": "string",
"packageId": "string"
},
"comments": "string",
"evidence": [
{
"packageId": "string",
"path": "string"
}
],
"impactedAssets": [ "string" ],
"impactedGoal": [ "string" ],
"prerequisites": "string",
"recommendation": "string",
"severity": "string",
"statement": "string",
"status": "string",
"threatAction": "string",
"threatId": "string",
"threatImpact": "string",
"threatSource": "string",
"title": "string"
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- agentSpaceId
-
The unique identifier of the agent space.
Type: String
Required: Yes
- anchor
-
The updated DFD element this threat is anchored to.
Type: ThreatAnchorShape object
Required: No
- comments
-
Optional customer comment.
Type: String
Required: No
- evidence
-
The updated source code files supporting the threat.
Type: Array of ThreatEvidenceShape objects
Required: No
- impactedAssets
-
The updated list of specific assets affected by the threat.
Type: Array of strings
Required: No
- impactedGoal
-
The updated security goals affected by the threat.
Type: Array of strings
Required: No
- prerequisites
-
The updated conditions required for the threat to be exploitable.
Type: String
Required: No
- recommendation
-
The updated recommended mitigation guidance for this threat.
Type: String
Required: No
- severity
-
The updated severity level of the threat.
Type: String
Valid Values:
CRITICAL | HIGH | MEDIUM | LOW | INFORequired: No
- statement
-
The updated natural-language threat statement.
Type: String
Required: No
- status
-
The updated status of the threat.
Type: String
Valid Values:
OPEN | RESOLVED | DISMISSEDRequired: No
- threatAction
-
The updated description of what the threat source can do.
Type: String
Required: No
- threatId
-
The unique identifier of the threat to update.
Type: String
Required: Yes
- threatImpact
-
The updated direct consequence of the threat action.
Type: String
Required: No
- threatSource
-
The updated actor or origin of the threat.
Type: String
Required: No
- title
-
A short title summarizing the threat.
Type: String
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"anchor": {
"id": "string",
"kind": "string",
"packageId": "string"
},
"comments": "string",
"createdAt": "string",
"createdBy": "string",
"evidence": [
{
"packageId": "string",
"path": "string"
}
],
"impactedAssets": [ "string" ],
"impactedGoal": [ "string" ],
"prerequisites": "string",
"recommendation": "string",
"severity": "string",
"statement": "string",
"status": "string",
"stride": [ "string" ],
"threatAction": "string",
"threatId": "string",
"threatImpact": "string",
"threatJobId": "string",
"threatSource": "string",
"title": "string",
"updatedAt": "string",
"updatedBy": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- anchor
-
The DFD element this threat is anchored to.
Type: ThreatAnchorShape object
- comments
-
Optional customer comment on the threat.
Type: String
- createdAt
-
The date and time the threat was created, in UTC format.
Type: Timestamp
- createdBy
-
Who created this threat.
Type: String
Valid Values:
CUSTOMER | AGENT - evidence
-
The source code files supporting the threat.
Type: Array of ThreatEvidenceShape objects
- impactedAssets
-
The specific assets affected by the threat.
Type: Array of strings
- impactedGoal
-
The security goals affected by the threat.
Type: Array of strings
- prerequisites
-
The conditions required for the threat to be exploitable.
Type: String
- recommendation
-
The recommended mitigation guidance for this threat.
Type: String
- severity
-
The severity level of the threat.
Type: String
Valid Values:
CRITICAL | HIGH | MEDIUM | LOW | INFO - statement
-
The natural-language threat statement.
Type: String
- status
-
The current status of the threat.
Type: String
Valid Values:
OPEN | RESOLVED | DISMISSED - stride
-
The STRIDE categories applicable to this threat.
Type: Array of strings
Valid Values:
SPOOFING | TAMPERING | REPUDIATION | INFORMATION_DISCLOSURE | DENIAL_OF_SERVICE | ELEVATION_OF_PRIVILEGE - threatAction
-
What the threat source can do.
Type: String
- threatId
-
The unique identifier of the threat.
Type: String
- threatImpact
-
The direct consequence of the threat action.
Type: String
- threatJobId
-
The unique identifier of the threat model job the threat belongs to.
Type: String
- threatSource
-
The actor or origin of the threat.
Type: String
- title
-
A short title summarizing the threat.
Type: String
- updatedAt
-
The date and time the threat was last updated, in UTC format.
Type: Timestamp
- updatedBy
-
Who last updated this threat.
Type: String
Valid Values:
CUSTOMER | AGENT
Errors
For information about the errors that are common to all actions, see Common Error Types.
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: