GetFindings - Amazon GuardDuty

GetFindings

Describes Amazon GuardDuty findings specified by finding IDs.

Request Syntax

POST /detector/detectorId/findings/get HTTP/1.1 Content-type: application/json { "findingIds": [ "string" ], "sortCriteria": { "attributeName": "string", "orderBy": "string" } }

URI Request Parameters

The request requires the following URI parameters.

detectorId

The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.

Length Constraints: Minimum length of 1. Maximum length of 300.

Request Body

The request accepts the following data in JSON format.

findingIds

The IDs of the findings that you want to retrieve.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

sortCriteria

Represents the criteria used for sorting findings.

Type: SortCriteria object

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "findings": [ { "accountId": "string", "arn": "string", "confidence": number, "createdAt": "string", "description": "string", "id": "string", "partition": "string", "region": "string", "resource": { "accessKeyDetails": { "accessKeyId": "string", "principalId": "string", "userName": "string", "userType": "string" }, "instanceDetails": { "availabilityZone": "string", "iamInstanceProfile": { "arn": "string", "id": "string" }, "imageDescription": "string", "imageId": "string", "instanceId": "string", "instanceState": "string", "instanceType": "string", "launchTime": "string", "networkInterfaces": [ { "ipv6Addresses": [ "string" ], "networkInterfaceId": "string", "privateDnsName": "string", "privateIpAddress": "string", "privateIpAddresses": [ { "privateDnsName": "string", "privateIpAddress": "string" } ], "publicDnsName": "string", "publicIp": "string", "securityGroups": [ { "groupId": "string", "groupName": "string" } ], "subnetId": "string", "vpcId": "string" } ], "outpostArn": "string", "platform": "string", "productCodes": [ { "code": "string", "productType": "string" } ], "tags": [ { "key": "string", "value": "string" } ] }, "resourceType": "string" }, "schemaVersion": "string", "service": { "action": { "actionType": "string", "awsApiCallAction": { "api": "string", "callerType": "string", "domainDetails": { "domain": "string" }, "remoteIpDetails": { "city": { "cityName": "string" }, "country": { "countryCode": "string", "countryName": "string" }, "geoLocation": { "lat": number, "lon": number }, "ipAddressV4": "string", "organization": { "asn": "string", "asnOrg": "string", "isp": "string", "org": "string" } }, "serviceName": "string" }, "dnsRequestAction": { "domain": "string" }, "networkConnectionAction": { "blocked": boolean, "connectionDirection": "string", "localIpDetails": { "ipAddressV4": "string" }, "localPortDetails": { "port": number, "portName": "string" }, "protocol": "string", "remoteIpDetails": { "city": { "cityName": "string" }, "country": { "countryCode": "string", "countryName": "string" }, "geoLocation": { "lat": number, "lon": number }, "ipAddressV4": "string", "organization": { "asn": "string", "asnOrg": "string", "isp": "string", "org": "string" } }, "remotePortDetails": { "port": number, "portName": "string" } }, "portProbeAction": { "blocked": boolean, "portProbeDetails": [ { "localIpDetails": { "ipAddressV4": "string" }, "localPortDetails": { "port": number, "portName": "string" }, "remoteIpDetails": { "city": { "cityName": "string" }, "country": { "countryCode": "string", "countryName": "string" }, "geoLocation": { "lat": number, "lon": number }, "ipAddressV4": "string", "organization": { "asn": "string", "asnOrg": "string", "isp": "string", "org": "string" } } } ] } }, "archived": boolean, "count": number, "detectorId": "string", "eventFirstSeen": "string", "eventLastSeen": "string", "evidence": { "threatIntelligenceDetails": [ { "threatListName": "string", "threatNames": [ "string" ] } ] }, "resourceRole": "string", "serviceName": "string", "userFeedback": "string" }, "severity": number, "title": "string", "type": "string", "updatedAt": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

findings

A list of findings.

Type: Array of Finding objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Errors

For information about the errors that are common to all actions, see Common Errors.

BadRequestException

A bad request exception object.

HTTP Status Code: 400

InternalServerErrorException

An internal server error exception object.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: