BatchImportFindings and BatchUpdateFindings
Finding providers use
BatchImportFindingsand Customers, SIEMs, SOAR usesBatchUpdateFindings
BatchImportFindings
- Used by providers
- If updating its updates the updatedAt field
- Creates new finding if FindingID not found
- Cannot update investigation related fields.
BatchUpdateFindings
- Cannot be used to update findings
- Updates upto 100 findings per call
- Updates fields related to investigation
- Does not affect the UpdatedAt timestamp of a finding.
- Since BatchUpdateFindings is not about updating findings at provider level