Skip to content

/AWS1/IF_SHB=>BATCHUPDATEFINDINGSV2()

About BatchUpdateFindingsV2

Updates information about a customer's investigation into a finding. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their own account.

BatchUpdateFindings and BatchUpdateFindingsV2 both use securityhub:BatchUpdateFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:BatchUpdateFindings action. You can configure IAM policies to restrict access to specific finding fields or field values by using the securityhub:OCSFSyntaxPath/ condition key, where is one of the following supported fields: SeverityId, StatusId, or Comment.

To prevent a user from updating a specific field, use a Null condition with securityhub:OCSFSyntaxPath/ set to "false". To prevent a user from setting a field to a specific value, use a StringEquals condition with securityhub:OCSFSyntaxPath/ set to the disallowed value or list of values.

Updates from BatchUpdateFindingsV2 don't affect the value of finding_info.modified_time, finding_info.modified_time_dt, time, or time_dt for a finding.

Method Signature

METHODS /AWS1/IF_SHB~BATCHUPDATEFINDINGSV2
  IMPORTING
    !IT_METADATAUIDS TYPE /AWS1/CL_SHBMETADATAUIDLIST_W=>TT_METADATAUIDLIST OPTIONAL
    !IT_FINDINGIDENTIFIERS TYPE /AWS1/CL_SHBOCSFFINDINGID=>TT_OCSFFINDINGIDENTIFIERLIST OPTIONAL
    !IV_COMMENT TYPE /AWS1/SHBNONEMPTYSTRING OPTIONAL
    !IV_SEVERITYID TYPE /AWS1/SHBINTEGER OPTIONAL
    !IV_STATUSID TYPE /AWS1/SHBINTEGER OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_shbbatchupdfndgsv2rsp
  RAISING
    /AWS1/CX_SHBACCESSDENIEDEX
    /AWS1/CX_SHBCONFLICTEXCEPTION
    /AWS1/CX_SHBINTERNALSERVEREX
    /AWS1/CX_SHBTHROTTLINGEX
    /AWS1/CX_SHBVALIDATIONEX
    /AWS1/CX_SHBCLIENTEXC
    /AWS1/CX_SHBSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Optional arguments:

it_metadatauids TYPE /AWS1/CL_SHBMETADATAUIDLIST_W=>TT_METADATAUIDLIST TT_METADATAUIDLIST

The list of finding metadata.uid to indicate findings to update. Finding metadata.uid is a globally unique identifier associated with the finding. Customers cannot use MetadataUids together with FindingIdentifiers.

it_findingidentifiers TYPE /AWS1/CL_SHBOCSFFINDINGID=>TT_OCSFFINDINGIDENTIFIERLIST TT_OCSFFINDINGIDENTIFIERLIST

Provides information to identify a specific V2 finding.

iv_comment TYPE /AWS1/SHBNONEMPTYSTRING /AWS1/SHBNONEMPTYSTRING

The updated value for a user provided comment about the finding. Minimum character length 1. Maximum character length 512.

iv_severityid TYPE /AWS1/SHBINTEGER /AWS1/SHBINTEGER

The updated value for the normalized severity identifier. The severity ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 6, 99]. When customer provides the updated severity ID, the string sibling severity will automatically be updated in the finding.

iv_statusid TYPE /AWS1/SHBINTEGER /AWS1/SHBINTEGER

The updated value for the normalized status identifier. The status ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 99]. When customer provides the updated status ID, the string sibling status will automatically be updated in the finding.

RETURNING

oo_output TYPE REF TO /aws1/cl_shbbatchupdfndgsv2rsp /AWS1/CL_SHBBATCHUPDFNDGSV2RSP

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->batchupdatefindingsv2(
  it_findingidentifiers = VALUE /aws1/cl_shbocsffindingid=>tt_ocsffindingidentifierlist(
    (
      new /aws1/cl_shbocsffindingid(
        iv_cloudaccountuid = |string|
        iv_findinginfouid = |string|
        iv_metadataproductuid = |string|
      )
    )
  )
  it_metadatauids = VALUE /aws1/cl_shbmetadatauidlist_w=>tt_metadatauidlist(
    ( new /aws1/cl_shbmetadatauidlist_w( |string| ) )
  )
  iv_comment = |string|
  iv_severityid = 123
  iv_statusid = 123
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  LOOP AT lo_result->get_processedfindings( ) into lo_row.
    lo_row_1 = lo_row.
    IF lo_row_1 IS NOT INITIAL.
      lo_ocsffindingidentifier = lo_row_1->get_findingidentifier( ).
      IF lo_ocsffindingidentifier IS NOT INITIAL.
        lv_nonemptystring = lo_ocsffindingidentifier->get_cloudaccountuid( ).
        lv_nonemptystring = lo_ocsffindingidentifier->get_findinginfouid( ).
        lv_nonemptystring = lo_ocsffindingidentifier->get_metadataproductuid( ).
      ENDIF.
      lv_nonemptystring = lo_row_1->get_metadatauid( ).
    ENDIF.
  ENDLOOP.
  LOOP AT lo_result->get_unprocessedfindings( ) into lo_row_2.
    lo_row_3 = lo_row_2.
    IF lo_row_3 IS NOT INITIAL.
      lo_ocsffindingidentifier = lo_row_3->get_findingidentifier( ).
      IF lo_ocsffindingidentifier IS NOT INITIAL.
        lv_nonemptystring = lo_ocsffindingidentifier->get_cloudaccountuid( ).
        lv_nonemptystring = lo_ocsffindingidentifier->get_findinginfouid( ).
        lv_nonemptystring = lo_ocsffindingidentifier->get_metadataproductuid( ).
      ENDIF.
      lv_nonemptystring = lo_row_3->get_metadatauid( ).
      lv_batchupdatefindingsv2un = lo_row_3->get_errorcode( ).
      lv_nonemptystring = lo_row_3->get_errormessage( ).
    ENDIF.
  ENDLOOP.
ENDIF.