AWS securityhub documentation change
Summary
Clarified BatchImportFindings usage for CSPM findings and updated EventBridge integration wording
Security assessment
Changes provide editorial clarifications about existing API functionality without introducing new security controls or addressing vulnerabilities. Maintains existing security boundaries between finding providers and consumers.
Diff
diff --git a/securityhub/latest/userguide/finding-update-batchimportfindings.md b/securityhub/latest/userguide/finding-update-batchimportfindings.md index bc258535c..06fca7658 100644 --- a//securityhub/latest/userguide/finding-update-batchimportfindings.md +++ b//securityhub/latest/userguide/finding-update-batchimportfindings.md @@ -9 +9 @@ Prerequisites for using BatchImportFindingsDetermining whether to create or upda -Finding providers can use the [`BatchImportFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation to create new Security Hub CSPM findings and update findings they created. They can't update findings that they didn't create. +Finding providers can use the [BatchImportFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) operation to create new findings in AWS Security Hub Cloud Security Posture Management (CSPM). They can also use this operation to update findings that they created. Finding providers can't update findings that they didn't create. @@ -11 +11 @@ Finding providers can use the [`BatchImportFindings`](https://docs.aws.amazon.co -Customers, SIEMs, ticketing tools, and SOAR tools must use [`BatchUpdateFindings`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) to make updates related to their investigation of findings from finding providers. For information, see [BatchUpdateFindings for customers](./finding-update-batchupdatefindings.html). +Customers, SIEMs, ticketing, SOAR, and other types of tools must use the [BatchUpdateFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) operation to make updates related to their investigation of findings from finding providers. For more information, see [BatchUpdateFindings for customers](./finding-update-batchupdatefindings.html). @@ -13 +13 @@ Customers, SIEMs, ticketing tools, and SOAR tools must use [`BatchUpdateFindings -Whenever AWS Security Hub Cloud Security Posture Management (CSPM) receives a `BatchImportFindings` request to either create or update a finding, it automatically generates a **Security Hub Findings \- Imported** event in Amazon EventBridge. You can take automated action on that event. For information, see [Using EventBridge for automated response and remediation](./securityhub-cloudwatch-events.html). +When Security Hub CSPM receives a `BatchImportFindings` request to create or update a finding, it automatically generates a **Security Hub Findings \- Imported** event in Amazon EventBridge. You can take automated action on that event. For more information, see [Using EventBridge for automated response and remediation](./securityhub-cloudwatch-events.html).