Guidelines for using the
BatchImportFindings
API
When using the BatchImportFindings
API operation to send findings to Amazon Security Hub, use the
following guidelines.
-
You must call
BatchImportFindings
using the account that is associated with the findings. The identifier of the associated account is the value of theAwsAccountId
attribute for the finding. -
Send the largest batch that you can. Security Hub accepts up to 100 findings per batch, up to 240 KB per finding, and up to 6 MB per batch.
-
The throttle rate limit is 10 TPS per account per Region, with a burst of 30 TPS.
-
You must implement a mechanism to retain the state of findings if throttling or network issues exist. You also need the finding state so that you can submit finding updates as a finding moves in and out of compliance.
-
For information about the maximum lengths of strings and other limitations, see Amazon Security Finding Format (ASFF) in the Amazon Security Hub User Guide.