Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . securityhub ]

get-insights

Description

Lists and describes insights that are specified by insight ARNs.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

get-insights is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate argument. When using --output text and the --query argument on a paginated response, the --query argument must extract data from the results of the following query expressions: Insights

Synopsis

  get-insights
[--insight-arns <value>]
[--cli-input-json <value>]
[--starting-token <value>]
[--page-size <value>]
[--max-items <value>]
[--generate-cli-skeleton <value>]

Options

--insight-arns (list)

The ARNS of the insights that you want to describe.

Syntax:

"string" "string" ...

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--starting-token (string)

A token to specify where to start paginating. This is the NextToken from a previously truncated response.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--page-size (integer)

The size of each page to get in the AWS service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the AWS service, retrieving fewer items in each call. This can help prevent the AWS service calls from timing out.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--max-items (integer)

The total number of items to return in the command's output. If the total number of items available is more than the value specified, a NextToken is provided in the command's output. To resume pagination, provide the NextToken value in the starting-token argument of a subsequent command. Do not use the NextToken response element directly outside of the AWS CLI.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Output

Insights -> (list)

The insights returned by the operation.

(structure)

Contains information about a Security Hub insight.

InsightArn -> (string)

The ARN of a Security Hub insight.

Name -> (string)

The name of a Security Hub insight.

Filters -> (structure)

A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.

ProductArn -> (list)

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

AwsAccountId -> (list)

The AWS account ID in which a finding is generated.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

Id -> (list)

The security findings provider-specific identifier for a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

GeneratorId -> (list)

This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

Type -> (list)

A finding type in the format of 'namespace/category/classifier' that classifies a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

FirstObservedAt -> (list)

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

LastObservedAt -> (list)

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

CreatedAt -> (list)

An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

UpdatedAt -> (list)

An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

SeverityProduct -> (list)

The native severity as defined by the security findings provider's solution that generated the finding.

(structure)

A number filter for querying findings.

Gte -> (double)

Represents the "greater than equal" condition to be applied to a single field when querying for findings.

Lte -> (double)

Represents the "less than equal" condition to be applied to a single field when querying for findings.

Eq -> (double)

Represents the "equal to" condition to be applied to a single field when querying for findings.

SeverityNormalized -> (list)

The normalized severity of a finding.

(structure)

A number filter for querying findings.

Gte -> (double)

Represents the "greater than equal" condition to be applied to a single field when querying for findings.

Lte -> (double)

Represents the "less than equal" condition to be applied to a single field when querying for findings.

Eq -> (double)

Represents the "equal to" condition to be applied to a single field when querying for findings.

SeverityLabel -> (list)

The label of a finding's severity.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

Confidence -> (list)

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.

(structure)

A number filter for querying findings.

Gte -> (double)

Represents the "greater than equal" condition to be applied to a single field when querying for findings.

Lte -> (double)

Represents the "less than equal" condition to be applied to a single field when querying for findings.

Eq -> (double)

Represents the "equal to" condition to be applied to a single field when querying for findings.

Criticality -> (list)

The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

(structure)

A number filter for querying findings.

Gte -> (double)

Represents the "greater than equal" condition to be applied to a single field when querying for findings.

Lte -> (double)

Represents the "less than equal" condition to be applied to a single field when querying for findings.

Eq -> (double)

Represents the "equal to" condition to be applied to a single field when querying for findings.

Title -> (list)

A finding's title.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

Description -> (list)

A finding's description.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

RecommendationText -> (list)

The recommendation of what to do about the issue described in a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

SourceUrl -> (list)

A URL that links to a page about the current finding in the security findings provider's solution.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ProductFields -> (list)

A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.

(structure)

The map filter for querying findings.

Key -> (string)

The key of the map filter.

Value -> (string)

The value for the key in the map filter.

Comparison -> (string)

Represents the condition to be applied to a key value when querying for findings with a map filter.

ProductName -> (list)

The name of the solution (product) that generates findings.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

CompanyName -> (list)

The name of the findings provider (company) that owns the solution (product) that generates findings.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

UserDefinedFields -> (list)

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

(structure)

The map filter for querying findings.

Key -> (string)

The key of the map filter.

Value -> (string)

The value for the key in the map filter.

Comparison -> (string)

Represents the condition to be applied to a key value when querying for findings with a map filter.

MalwareName -> (list)

The name of the malware that was observed.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

MalwareType -> (list)

The type of the malware that was observed.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

MalwarePath -> (list)

The filesystem path of the malware that was observed.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

MalwareState -> (list)

The state of the malware that was observed.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

NetworkDirection -> (list)

Indicates the direction of network traffic associated with a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

NetworkProtocol -> (list)

The protocol of network-related information about a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

NetworkSourceIpV4 -> (list)

The source IPv4 address of network-related information about a finding.

(structure)

The IP filter for querying findings.

Cidr -> (string)

Finding's CIDR value.

NetworkSourceIpV6 -> (list)

The source IPv6 address of network-related information about a finding.

(structure)

The IP filter for querying findings.

Cidr -> (string)

Finding's CIDR value.

NetworkSourcePort -> (list)

The source port of network-related information about a finding.

(structure)

A number filter for querying findings.

Gte -> (double)

Represents the "greater than equal" condition to be applied to a single field when querying for findings.

Lte -> (double)

Represents the "less than equal" condition to be applied to a single field when querying for findings.

Eq -> (double)

Represents the "equal to" condition to be applied to a single field when querying for findings.

NetworkSourceDomain -> (list)

The source domain of network-related information about a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

NetworkSourceMac -> (list)

The source media access control (MAC) address of network-related information about a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

NetworkDestinationIpV4 -> (list)

The destination IPv4 address of network-related information about a finding.

(structure)

The IP filter for querying findings.

Cidr -> (string)

Finding's CIDR value.

NetworkDestinationIpV6 -> (list)

The destination IPv6 address of network-related information about a finding.

(structure)

The IP filter for querying findings.

Cidr -> (string)

Finding's CIDR value.

NetworkDestinationPort -> (list)

The destination port of network-related information about a finding.

(structure)

A number filter for querying findings.

Gte -> (double)

Represents the "greater than equal" condition to be applied to a single field when querying for findings.

Lte -> (double)

Represents the "less than equal" condition to be applied to a single field when querying for findings.

Eq -> (double)

Represents the "equal to" condition to be applied to a single field when querying for findings.

NetworkDestinationDomain -> (list)

The destination domain of network-related information about a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ProcessName -> (list)

The name of the process.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ProcessPath -> (list)

The path to the process executable.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ProcessPid -> (list)

The process ID.

(structure)

A number filter for querying findings.

Gte -> (double)

Represents the "greater than equal" condition to be applied to a single field when querying for findings.

Lte -> (double)

Represents the "less than equal" condition to be applied to a single field when querying for findings.

Eq -> (double)

Represents the "equal to" condition to be applied to a single field when querying for findings.

ProcessParentPid -> (list)

The parent process ID.

(structure)

A number filter for querying findings.

Gte -> (double)

Represents the "greater than equal" condition to be applied to a single field when querying for findings.

Lte -> (double)

Represents the "less than equal" condition to be applied to a single field when querying for findings.

Eq -> (double)

Represents the "equal to" condition to be applied to a single field when querying for findings.

ProcessLaunchedAt -> (list)

The date/time that the process was launched.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

ProcessTerminatedAt -> (list)

The date/time that the process was terminated.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

ThreatIntelIndicatorType -> (list)

The type of a threat intel indicator.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ThreatIntelIndicatorValue -> (list)

The value of a threat intel indicator.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ThreatIntelIndicatorCategory -> (list)

The category of a threat intel indicator.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ThreatIntelIndicatorLastObservedAt -> (list)

The date/time of the last observation of a threat intel indicator.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

ThreatIntelIndicatorSource -> (list)

The source of the threat intel.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ThreatIntelIndicatorSourceUrl -> (list)

The URL for more details from the source of the threat intel.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceType -> (list)

Specifies the type of the resource for which details are provided.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceId -> (list)

The canonical identifier for the given resource type.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourcePartition -> (list)

The canonical AWS partition name to which the region is assigned.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceRegion -> (list)

The canonical AWS external region name where this resource is located.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceTags -> (list)

A list of AWS tags associated with a resource at the time the finding was processed.

(structure)

The map filter for querying findings.

Key -> (string)

The key of the map filter.

Value -> (string)

The value for the key in the map filter.

Comparison -> (string)

Represents the condition to be applied to a key value when querying for findings with a map filter.

ResourceAwsEc2InstanceType -> (list)

The instance type of the instance.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsEc2InstanceImageId -> (list)

The Amazon Machine Image (AMI) ID of the instance.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsEc2InstanceIpV4Addresses -> (list)

The IPv4 addresses associated with the instance.

(structure)

The IP filter for querying findings.

Cidr -> (string)

Finding's CIDR value.

ResourceAwsEc2InstanceIpV6Addresses -> (list)

The IPv6 addresses associated with the instance.

(structure)

The IP filter for querying findings.

Cidr -> (string)

Finding's CIDR value.

ResourceAwsEc2InstanceKeyName -> (list)

The key name associated with the instance.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsEc2InstanceIamInstanceProfileArn -> (list)

The IAM profile ARN of the instance.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsEc2InstanceVpcId -> (list)

The identifier of the VPC in which the instance was launched.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsEc2InstanceSubnetId -> (list)

The identifier of the subnet in which the instance was launched.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsEc2InstanceLaunchedAt -> (list)

The date/time the instance was launched.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

ResourceAwsS3BucketOwnerId -> (list)

The canonical user ID of the owner of the S3 bucket.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsS3BucketOwnerName -> (list)

The display name of the owner of the S3 bucket.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsIamAccessKeyUserName -> (list)

The user associated with the IAM access key related to a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsIamAccessKeyStatus -> (list)

The status of the IAM access key related to a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceAwsIamAccessKeyCreatedAt -> (list)

The creation date/time of the IAM access key related to a finding.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

ResourceContainerName -> (list)

The name of the container related to a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceContainerImageId -> (list)

The identifier of the image related to a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceContainerImageName -> (list)

The name of the image related to a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

ResourceContainerLaunchedAt -> (list)

The date/time that the container was started.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

ResourceDetailsOther -> (list)

The details of a resource that does not have a specific sub-field for the resource type defined.

(structure)

The map filter for querying findings.

Key -> (string)

The key of the map filter.

Value -> (string)

The value for the key in the map filter.

Comparison -> (string)

Represents the condition to be applied to a key value when querying for findings with a map filter.

ComplianceStatus -> (list)

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

VerificationState -> (list)

Indicates the veracity of a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

WorkflowState -> (list)

The workflow state of a finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

RecordState -> (list)

The updated record state for the finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

RelatedFindingsProductArn -> (list)

The ARN of the solution that generated a related finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

RelatedFindingsId -> (list)

The solution-generated identifier for a related finding.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

NoteText -> (list)

The text of a note.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

NoteUpdatedAt -> (list)

The timestamp of when the note was updated.

(structure)

A date filter for querying findings.

Start -> (string)

A start date for the date filter.

End -> (string)

An end date for the date filter.

DateRange -> (structure)

A date range for the date filter.

Value -> (integer)

A date range value for the date filter.

Unit -> (string)

A date range unit for the date filter.

NoteUpdatedBy -> (list)

The principal that created a note.

(structure)

A string filter for querying findings.

Value -> (string)

The string filter value.

Comparison -> (string)

Represents the condition to be applied to a string value when querying for findings.

Keyword -> (list)

A keyword for a finding.

(structure)

A keyword filter for querying findings.

Value -> (string)

A value for the keyword.

GroupByAttribute -> (string)

The attribute by which the insight's findings are grouped. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.

NextToken -> (string)

The token that is required for pagination.