Module Values.BatchUpdateFindingsV2RequestSource

Updates information about a customer's investigation into a finding. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their own account. BatchUpdateFindings and BatchUpdateFindingsV2 both use securityhub:BatchUpdateFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:BatchUpdateFindings action. You can configure IAM policies to restrict access to specific finding fields or field values by using the securityhub:OCSFSyntaxPath/<fieldName> condition key, where <fieldName> is one of the following supported fields: SeverityId, StatusId, or Comment. To prevent a user from updating a specific field, use a Null condition with securityhub:OCSFSyntaxPath/<fieldName> set to "false". To prevent a user from setting a field to a specific value, use a StringEquals condition with securityhub:OCSFSyntaxPath/<fieldName> set to the disallowed value or list of values. Updates from BatchUpdateFindingsV2 don't affect the value of finding_info.modified_time, finding_info.modified_time_dt, time, or time_dt for a finding.

Sourcetype nonrec t = {
  1. metadataUids : MetadataUidList.t option;
    (*

    The list of finding metadata.uid to indicate findings to update. Finding metadata.uid is a globally unique identifier associated with the finding. Customers cannot use MetadataUids together with FindingIdentifiers.

    *)
  2. findingIdentifiers : OcsfFindingIdentifierList.t option;
    (*

    Provides information to identify a specific V2 finding.

    *)
  3. comment : NonEmptyString.t option;
    (*

    The updated value for a user provided comment about the finding. Minimum character length 1. Maximum character length 512.

    *)
  4. severityId : Integer.t option;
    (*

    The updated value for the normalized severity identifier. The severity ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 6, 99]. When customer provides the updated severity ID, the string sibling severity will automatically be updated in the finding.

    *)
  5. statusId : Integer.t option;
    (*

    The updated value for the normalized status identifier. The status ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 99]. When customer provides the updated status ID, the string sibling status will automatically be updated in the finding.

    *)
}
Sourceval make : ?metadataUids:??? -> ?findingIdentifiers:??? -> ?comment:??? -> ?severityId:??? -> ?statusId:??? -> unit -> t
Sourceval to_value : t -> [> `Structure of (string * [> `Integer of Integer.t | `List of [> `String of NonEmptyString.t | `Structure of (string * [> `String of NonEmptyString.t ]) list ] list | `String of NonEmptyString.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t