GetFindings - Amazon GuardDuty

GetFindings

Describes Amazon GuardDuty findings specified by finding IDs.

Request Syntax

POST /detector/detectorId/findings/get HTTP/1.1 Content-type: application/json { "findingIds": [ "string" ], "sortCriteria": { "attributeName": "string", "orderBy": "string" } }

URI Request Parameters

The request uses the following URI parameters.

detectorId

The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

Request Body

The request accepts the following data in JSON format.

findingIds

The IDs of the findings that you want to retrieve.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

sortCriteria

Represents the criteria used for sorting findings.

Type: SortCriteria object

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "findings": [ { "accountId": "string", "arn": "string", "confidence": number, "createdAt": "string", "description": "string", "id": "string", "partition": "string", "region": "string", "resource": { "accessKeyDetails": { "accessKeyId": "string", "principalId": "string", "userName": "string", "userType": "string" }, "instanceDetails": { "availabilityZone": "string", "iamInstanceProfile": { "arn": "string", "id": "string" }, "imageDescription": "string", "imageId": "string", "instanceId": "string", "instanceState": "string", "instanceType": "string", "launchTime": "string", "networkInterfaces": [ { "ipv6Addresses": [ "string" ], "networkInterfaceId": "string", "privateDnsName": "string", "privateIpAddress": "string", "privateIpAddresses": [ { "privateDnsName": "string", "privateIpAddress": "string" } ], "publicDnsName": "string", "publicIp": "string", "securityGroups": [ { "groupId": "string", "groupName": "string" } ], "subnetId": "string", "vpcId": "string" } ], "outpostArn": "string", "platform": "string", "productCodes": [ { "code": "string", "productType": "string" } ], "tags": [ { "key": "string", "value": "string" } ] }, "resourceType": "string", "s3BucketDetails": [ { "arn": "string", "createdAt": number, "defaultServerSideEncryption": { "encryptionType": "string", "kmsMasterKeyArn": "string" }, "name": "string", "owner": { "id": "string" }, "publicAccess": { "effectivePermission": "string", "permissionConfiguration": { "accountLevelPermissions": { "blockPublicAccess": { "blockPublicAcls": boolean, "blockPublicPolicy": boolean, "ignorePublicAcls": boolean, "restrictPublicBuckets": boolean } }, "bucketLevelPermissions": { "accessControlList": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean }, "blockPublicAccess": { "blockPublicAcls": boolean, "blockPublicPolicy": boolean, "ignorePublicAcls": boolean, "restrictPublicBuckets": boolean }, "bucketPolicy": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean } } } }, "tags": [ { "key": "string", "value": "string" } ], "type": "string" } ] }, "schemaVersion": "string", "service": { "action": { "actionType": "string", "awsApiCallAction": { "api": "string", "callerType": "string", "domainDetails": { "domain": "string" }, "remoteIpDetails": { "city": { "cityName": "string" }, "country": { "countryCode": "string", "countryName": "string" }, "geoLocation": { "lat": number, "lon": number }, "ipAddressV4": "string", "organization": { "asn": "string", "asnOrg": "string", "isp": "string", "org": "string" } }, "serviceName": "string" }, "dnsRequestAction": { "domain": "string" }, "networkConnectionAction": { "blocked": boolean, "connectionDirection": "string", "localIpDetails": { "ipAddressV4": "string" }, "localPortDetails": { "port": number, "portName": "string" }, "protocol": "string", "remoteIpDetails": { "city": { "cityName": "string" }, "country": { "countryCode": "string", "countryName": "string" }, "geoLocation": { "lat": number, "lon": number }, "ipAddressV4": "string", "organization": { "asn": "string", "asnOrg": "string", "isp": "string", "org": "string" } }, "remotePortDetails": { "port": number, "portName": "string" } }, "portProbeAction": { "blocked": boolean, "portProbeDetails": [ { "localIpDetails": { "ipAddressV4": "string" }, "localPortDetails": { "port": number, "portName": "string" }, "remoteIpDetails": { "city": { "cityName": "string" }, "country": { "countryCode": "string", "countryName": "string" }, "geoLocation": { "lat": number, "lon": number }, "ipAddressV4": "string", "organization": { "asn": "string", "asnOrg": "string", "isp": "string", "org": "string" } } } ] } }, "archived": boolean, "count": number, "detectorId": "string", "eventFirstSeen": "string", "eventLastSeen": "string", "evidence": { "threatIntelligenceDetails": [ { "threatListName": "string", "threatNames": [ "string" ] } ] }, "resourceRole": "string", "serviceName": "string", "userFeedback": "string" }, "severity": number, "title": "string", "type": "string", "updatedAt": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

findings

A list of findings.

Type: Array of Finding objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Errors

For information about the errors that are common to all actions, see Common Errors.

BadRequestException

A bad request exception object.

HTTP Status Code: 400

InternalServerErrorException

An internal server error exception object.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: