Skip to content

/AWS1/CL_GDYFINDING

Contains information about the finding that is generated when abnormal or suspicious activity is detected.

CONSTRUCTOR

IMPORTING

Required arguments:

iv_accountid TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The ID of the account in which the finding was generated.

iv_arn TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The ARN of the finding.

iv_createdat TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The time and date when the finding was created.

iv_id TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The ID of the finding.

iv_region TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The Region where the finding was generated. For findings generated from Global Service Events, the Region value in the finding might differ from the Region where GuardDuty identifies the potential threat. For more information, see How GuardDuty handles Amazon Web Services CloudTrail global events in the Amazon GuardDuty User Guide.

io_resource TYPE REF TO /AWS1/CL_GDYRESOURCE /AWS1/CL_GDYRESOURCE

Resource

iv_schemaversion TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The version of the schema used for the finding.

iv_severity TYPE /AWS1/RT_DOUBLE_AS_STRING /AWS1/RT_DOUBLE_AS_STRING

The severity of the finding.

iv_type TYPE /AWS1/GDYFINDINGTYPE /AWS1/GDYFINDINGTYPE

The type of finding.

iv_updatedat TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The time and date when the finding was last updated.

Optional arguments:

iv_confidence TYPE /AWS1/RT_DOUBLE_AS_STRING /AWS1/RT_DOUBLE_AS_STRING

The confidence score for the finding.

iv_description TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The description of the finding.

iv_partition TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The partition associated with the finding.

io_service TYPE REF TO /AWS1/CL_GDYSERVICE /AWS1/CL_GDYSERVICE

Service

iv_title TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The title of the finding.

iv_assocdattacksequencearn TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

Amazon Resource Name (ARN) associated with the attack sequence finding.

Queryable Attributes

AccountId

The ID of the account in which the finding was generated.

Accessible with the following methods

Method Description
GET_ACCOUNTID() Getter for ACCOUNTID, with configurable default
ASK_ACCOUNTID() Getter for ACCOUNTID w/ exceptions if field has no value
HAS_ACCOUNTID() Determine if ACCOUNTID has a value

Arn

The ARN of the finding.

Accessible with the following methods

Method Description
GET_ARN() Getter for ARN, with configurable default
ASK_ARN() Getter for ARN w/ exceptions if field has no value
HAS_ARN() Determine if ARN has a value

Confidence

The confidence score for the finding.

Accessible with the following methods

Method Description
GET_CONFIDENCE() Getter for CONFIDENCE, with configurable default
ASK_CONFIDENCE() Getter for CONFIDENCE w/ exceptions if field has no value
STR_CONFIDENCE() String format for CONFIDENCE, with configurable default
HAS_CONFIDENCE() Determine if CONFIDENCE has a value

CreatedAt

The time and date when the finding was created.

Accessible with the following methods

Method Description
GET_CREATEDAT() Getter for CREATEDAT, with configurable default
ASK_CREATEDAT() Getter for CREATEDAT w/ exceptions if field has no value
HAS_CREATEDAT() Determine if CREATEDAT has a value

Description

The description of the finding.

Accessible with the following methods

Method Description
GET_DESCRIPTION() Getter for DESCRIPTION, with configurable default
ASK_DESCRIPTION() Getter for DESCRIPTION w/ exceptions if field has no value
HAS_DESCRIPTION() Determine if DESCRIPTION has a value

Id

The ID of the finding.

Accessible with the following methods

Method Description
GET_ID() Getter for ID, with configurable default
ASK_ID() Getter for ID w/ exceptions if field has no value
HAS_ID() Determine if ID has a value

Partition

The partition associated with the finding.

Accessible with the following methods

Method Description
GET_PARTITION() Getter for PARTITION, with configurable default
ASK_PARTITION() Getter for PARTITION w/ exceptions if field has no value
HAS_PARTITION() Determine if PARTITION has a value

Region

The Region where the finding was generated. For findings generated from Global Service Events, the Region value in the finding might differ from the Region where GuardDuty identifies the potential threat. For more information, see How GuardDuty handles Amazon Web Services CloudTrail global events in the Amazon GuardDuty User Guide.

Accessible with the following methods

Method Description
GET_REGION() Getter for REGION, with configurable default
ASK_REGION() Getter for REGION w/ exceptions if field has no value
HAS_REGION() Determine if REGION has a value

Resource

Resource

Accessible with the following methods

Method Description
GET_RESOURCE() Getter for RESOURCE

SchemaVersion

The version of the schema used for the finding.

Accessible with the following methods

Method Description
GET_SCHEMAVERSION() Getter for SCHEMAVERSION, with configurable default
ASK_SCHEMAVERSION() Getter for SCHEMAVERSION w/ exceptions if field has no value
HAS_SCHEMAVERSION() Determine if SCHEMAVERSION has a value

Service

Service

Accessible with the following methods

Method Description
GET_SERVICE() Getter for SERVICE

Severity

The severity of the finding.

Accessible with the following methods

Method Description
GET_SEVERITY() Getter for SEVERITY, with configurable default
ASK_SEVERITY() Getter for SEVERITY w/ exceptions if field has no value
STR_SEVERITY() String format for SEVERITY, with configurable default
HAS_SEVERITY() Determine if SEVERITY has a value

Title

The title of the finding.

Accessible with the following methods

Method Description
GET_TITLE() Getter for TITLE, with configurable default
ASK_TITLE() Getter for TITLE w/ exceptions if field has no value
HAS_TITLE() Determine if TITLE has a value

Type

The type of finding.

Accessible with the following methods

Method Description
GET_TYPE() Getter for TYPE, with configurable default
ASK_TYPE() Getter for TYPE w/ exceptions if field has no value
HAS_TYPE() Determine if TYPE has a value

UpdatedAt

The time and date when the finding was last updated.

Accessible with the following methods

Method Description
GET_UPDATEDAT() Getter for UPDATEDAT, with configurable default
ASK_UPDATEDAT() Getter for UPDATEDAT w/ exceptions if field has no value
HAS_UPDATEDAT() Determine if UPDATEDAT has a value

AssociatedAttackSequenceArn

Amazon Resource Name (ARN) associated with the attack sequence finding.

Accessible with the following methods

Method Description
GET_ASSOCDATTACKSEQUENCEARN() Getter for ASSOCIATEDATTACKSEQUENCEARN, with configurable de
ASK_ASSOCDATTACKSEQUENCEARN() Getter for ASSOCIATEDATTACKSEQUENCEARN w/ exceptions if fiel
HAS_ASSOCDATTACKSEQUENCEARN() Determine if ASSOCIATEDATTACKSEQUENCEARN has a value

Public Local Types In This Class

Internal table types, representing arrays and maps of this class, are defined as local types:

TT_FINDINGS

TYPES TT_FINDINGS TYPE STANDARD TABLE OF REF TO /AWS1/CL_GDYFINDING WITH DEFAULT KEY
.