in lambda/enrich-sec-hub-finding.py [0:0]
def postEnrichmentNote (ENRICHMENT_AUTHOR, ENRICHMENT_TEXT, ENRICHMENT_FINDING_ID):
# This function takes a 'ready to post' enrichment note, author label, and
# adds them to a distinct finding ID
logger.info("Text to post: " + ENRICHMENT_TEXT)
secHubClient = boto3.client('securityhub')
response = secHubClient.update_findings(
Filters={
'Id': [
{
'Value': ENRICHMENT_FINDING_ID,
'Comparison': 'EQUALS'
},
]
},
Note={
'Text': ENRICHMENT_TEXT,
'UpdatedBy': ENRICHMENT_AUTHOR
}
)