AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-04 · Documentation low

File: securityhub/latest/userguide/finding-update-batchupdatefindings.md

Summary

Clarified usage of BatchUpdateFindings operation, added details about update mechanics and EventBridge integration, and removed redundant note about UpdatedAt field behavior

Security assessment

The changes improve operational documentation by clarifying how updates propagate and interact with EventBridge, but do not address vulnerabilities or disclose security fixes. The note about UpdatedAt field behavior being preserved could help users understand audit trails, but this is a functional clarification rather than a security fix.

Diff

diff --git a/securityhub/latest/userguide/finding-update-batchupdatefindings.md b/securityhub/latest/userguide/finding-update-batchupdatefindings.md
index aef592822..6e25f0346 100644
--- a//securityhub/latest/userguide/finding-update-batchupdatefindings.md
+++ b//securityhub/latest/userguide/finding-update-batchupdatefindings.md
@@ -9 +9 @@ Available fields for BatchUpdateFindingsConfiguring access to BatchUpdateFinding
-Security Hub customers, and entities acting on their behalf, can use the [`BatchUpdateFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) operation to update information related to a customer's processing of Security Hub findings from finding providers. A customer or a SIEM, ticketing, incident management, or SOAR tool that works on behalf of a customer can use this operation.
+AWS Security Hub customers, and entities acting on their behalf, can use the [BatchUpdateFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) operation to update information related to the processing of Security Hub findings from finding providers. As a customer, you can use this operation directly. SIEM, ticketing, incident management, and SOAR tools can also use this operation on behalf of a customer.
@@ -11 +11 @@ Security Hub customers, and entities acting on their behalf, can use the [`Batch
-You can't use `BatchUpdateFindings` to create new findings. You can use it to update up to 100 findings at a time. In your request, you specify which AWS Security Finding Format (ASFF) fields you want to update.
+You can't use the `BatchUpdateFindings` operation to create new findings. However, you can use it to update up to 100 existing findings at a time. In a `BatchUpdateFindings` request, you specify which findings to update, which AWS Security Finding Format (ASFF) fields to update for the findings, and the new values for the fields. Security Hub then updates the findings as specified in your request. This process can take several minutes. If you update findings by using the `BatchUpdateFindings` operation, your updates don't affect existing values for the `UpdatedAt` field of the findings.
@@ -13,3 +13 @@ You can't use `BatchUpdateFindings` to create new findings. You can use it to up
-When Security Hub receives a `BatchUpdateFindings` request to update a finding, it automatically generates a **Security Hub Findings \- Imported** event in Amazon EventBridge. You can take automated action on that event. For information, see [Using EventBridge for automated response and remediation](./securityhub-cloudwatch-events.html).
-
-`BatchUpdateFindings` doesn't change the `UpdatedAt` field for the finding. `UpdatedAt` reflects the most recent update from the finding provider.
+When Security Hub receives a `BatchUpdateFindings` request to update a finding, it automatically generates a **Security Hub Findings – Imported** event in Amazon EventBridge. You can optionally use this event to take automated action on the specified finding. For more information, see [Using EventBridge for automated response and remediation](./securityhub-cloudwatch-events.html).