Guidelines for using the BatchImportFindings API - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Guidelines for using the BatchImportFindings API

When using the BatchImportFindings API operation to send findings to Amazon Security Hub, use the following guidelines.

  • You must call BatchImportFindings using the account that is associated with the findings. The identifier of the associated account is the value of the AwsAccountId attribute for the finding.

  • Send the largest batch that you can. Security Hub accepts up to 100 findings per batch, up to 240 KB per finding, and up to 6 MB per batch.

  • The throttle rate limit is 10 TPS per account per Region, with a burst of 30 TPS.

  • You must implement a mechanism to retain the state of findings if throttling or network issues exist. You also need the finding state so that you can submit finding updates as a finding moves in and out of compliance.

  • For information about the maximum lengths of strings and other limitations, see Amazon Security Finding Format (ASFF) in the Amazon Security Hub User Guide.