AWS Security Hub launches a new API called BatchUpdateFindings and new Workflow Statuses
AWS Security Hub has released a new API action called BatchUpdateFindings, and we plan to deprecate the current UpdateFindings API. The UpdateFindings API only supported a few fields in the AWS Security Finding Format (ASFF), and wasn’t integrated with CloudWatch Events. The BatchUpdateFindings API fixes those issues and supports a much larger set of fields that can now be updated, such as severity, criticality, confidence, user defined fields, notes, and workflow status. Also, the fields that BatchUpdateFindings can update cannot be updated by finding providers. Those fields can only be updated by the customer or by SIEM/ticketing/SOAR tools that have access to this API action. This prevents finding providers from overwriting your updates. You can use the BatchUpdateFindings API to complete actions such as creating your own suppression rules, changing severity scores, and adding notes to findings. To learn more about this API, please visit our documentation.
Source:: Amazon AWS