FindingProviderFields
In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update values for the following fields:
ConfidenceCriticalityRelatedFindingsSeverityTypes
The preceding fields are nested under the FindingProviderFields object, but also have analogues of the same name as top-level ASFF fields. When a new finding is sent to Security Hub by a finding provider, Security Hub populates the FindingProviderFields object automatically, if it is empty, based on the corresponding top-level fields.
Finding providers can update FindingProviderFields only by using the BatchImportFindings operation. Finding providers can't update this object with the BatchUpdateFindings operation. Customers can update the top-level fields by using the BatchUpdateFindings operation. Customers can't update FindingProviderFields.
For information about how Security Hub handles updates from BatchImportFindings to FindingProviderFields and to the corresponding top-level attributes, see FindingProviderFieldsUsing in the Security Hub User Guide.
Types
Properties
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
The level of importance assigned to the resources associated with the finding.
A list of findings that are related to the current finding.
The severity of a finding.