GetFindings - AWS Security Hub

GetFindings

Returns a list of findings that match the specified criteria.

Request Syntax

POST /findings HTTP/1.1 Content-type: application/json { "Filters": { "AwsAccountId": [ { "Comparison": "string", "Value": "string" } ], "CompanyName": [ { "Comparison": "string", "Value": "string" } ], "ComplianceStatus": [ { "Comparison": "string", "Value": "string" } ], "Confidence": [ { "Eq": number, "Gte": number, "Lte": number } ], "CreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "Criticality": [ { "Eq": number, "Gte": number, "Lte": number } ], "Description": [ { "Comparison": "string", "Value": "string" } ], "FirstObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "GeneratorId": [ { "Comparison": "string", "Value": "string" } ], "Id": [ { "Comparison": "string", "Value": "string" } ], "Keyword": [ { "Value": "string" } ], "LastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "MalwareName": [ { "Comparison": "string", "Value": "string" } ], "MalwarePath": [ { "Comparison": "string", "Value": "string" } ], "MalwareState": [ { "Comparison": "string", "Value": "string" } ], "MalwareType": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationIpV4": [ { "Cidr": "string" } ], "NetworkDestinationIpV6": [ { "Cidr": "string" } ], "NetworkDestinationPort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NetworkDirection": [ { "Comparison": "string", "Value": "string" } ], "NetworkProtocol": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceIpV4": [ { "Cidr": "string" } ], "NetworkSourceIpV6": [ { "Cidr": "string" } ], "NetworkSourceMac": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourcePort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NoteText": [ { "Comparison": "string", "Value": "string" } ], "NoteUpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "NoteUpdatedBy": [ { "Comparison": "string", "Value": "string" } ], "ProcessLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProcessName": [ { "Comparison": "string", "Value": "string" } ], "ProcessParentPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessPath": [ { "Comparison": "string", "Value": "string" } ], "ProcessPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessTerminatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProductArn": [ { "Comparison": "string", "Value": "string" } ], "ProductFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ProductName": [ { "Comparison": "string", "Value": "string" } ], "RecommendationText": [ { "Comparison": "string", "Value": "string" } ], "RecordState": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsId": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsProductArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIamInstanceProfileArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIpV4Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceIpV6Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceKeyName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsEc2InstanceSubnetId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceType": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceVpcId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyCreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsIamAccessKeyStatus": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyUserName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceContainerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceDetailsOther": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceId": [ { "Comparison": "string", "Value": "string" } ], "ResourcePartition": [ { "Comparison": "string", "Value": "string" } ], "ResourceRegion": [ { "Comparison": "string", "Value": "string" } ], "ResourceTags": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceType": [ { "Comparison": "string", "Value": "string" } ], "SeverityLabel": [ { "Comparison": "string", "Value": "string" } ], "SeverityNormalized": [ { "Eq": number, "Gte": number, "Lte": number } ], "SeverityProduct": [ { "Eq": number, "Gte": number, "Lte": number } ], "SourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorCategory": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorLastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ThreatIntelIndicatorSource": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorSourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorType": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorValue": [ { "Comparison": "string", "Value": "string" } ], "Title": [ { "Comparison": "string", "Value": "string" } ], "Type": [ { "Comparison": "string", "Value": "string" } ], "UpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "UserDefinedFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "VerificationState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowStatus": [ { "Comparison": "string", "Value": "string" } ] }, "MaxResults": number, "NextToken": "string", "SortCriteria": [ { "Field": "string", "SortOrder": "string" } ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

Filters

The finding attributes used to define a condition to filter the returned findings.

You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.

Note that in the available filter fields, WorkflowState is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.

Type: AwsSecurityFindingFilters object

Required: No

MaxResults

The maximum number of findings to return.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: No

NextToken

The token that is required for pagination. On your first call to the GetFindings operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Type: String

Required: No

SortCriteria

The finding attributes used to sort the list of returned findings.

Type: Array of SortCriterion objects

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "Findings": [ { "AwsAccountId": "string", "Compliance": { "RelatedRequirements": [ "string" ], "Status": "string", "StatusReasons": [ { "Description": "string", "ReasonCode": "string" } ] }, "Confidence": number, "CreatedAt": "string", "Criticality": number, "Description": "string", "FirstObservedAt": "string", "GeneratorId": "string", "Id": "string", "LastObservedAt": "string", "Malware": [ { "Name": "string", "Path": "string", "State": "string", "Type": "string" } ], "Network": { "DestinationDomain": "string", "DestinationIpV4": "string", "DestinationIpV6": "string", "DestinationPort": number, "Direction": "string", "OpenPortRange": { "Begin": number, "End": number }, "Protocol": "string", "SourceDomain": "string", "SourceIpV4": "string", "SourceIpV6": "string", "SourceMac": "string", "SourcePort": number }, "NetworkPath": [ { "ComponentId": "string", "ComponentType": "string", "Egress": { "Destination": { "Address": [ "string" ], "PortRanges": [ { "Begin": number, "End": number } ] }, "Protocol": "string", "Source": { "Address": [ "string" ], "PortRanges": [ { "Begin": number, "End": number } ] } }, "Ingress": { "Destination": { "Address": [ "string" ], "PortRanges": [ { "Begin": number, "End": number } ] }, "Protocol": "string", "Source": { "Address": [ "string" ], "PortRanges": [ { "Begin": number, "End": number } ] } } } ], "Note": { "Text": "string", "UpdatedAt": "string", "UpdatedBy": "string" }, "PatchSummary": { "FailedCount": number, "Id": "string", "InstalledCount": number, "InstalledOtherCount": number, "InstalledPendingReboot": number, "InstalledRejectedCount": number, "MissingCount": number, "Operation": "string", "OperationEndTime": "string", "OperationStartTime": "string", "RebootOption": "string" }, "Process": { "LaunchedAt": "string", "Name": "string", "ParentPid": number, "Path": "string", "Pid": number, "TerminatedAt": "string" }, "ProductArn": "string", "ProductFields": { "string" : "string" }, "RecordState": "string", "RelatedFindings": [ { "Id": "string", "ProductArn": "string" } ], "Remediation": { "Recommendation": { "Text": "string", "Url": "string" } }, "Resources": [ { "Details": { "AwsApiGatewayRestApi": { "ApiKeySource": "string", "BinaryMediaTypes": [ "string" ], "CreatedDate": "string", "Description": "string", "EndpointConfiguration": { "Types": [ "string" ] }, "Id": "string", "MinimumCompressionSize": number, "Name": "string", "Version": "string" }, "AwsApiGatewayStage": { "AccessLogSettings": { "DestinationArn": "string", "Format": "string" }, "CacheClusterEnabled": boolean, "CacheClusterSize": "string", "CacheClusterStatus": "string", "CanarySettings": { "DeploymentId": "string", "PercentTraffic": number, "StageVariableOverrides": { "string" : "string" }, "UseStageCache": boolean }, "ClientCertificateId": "string", "CreatedDate": "string", "DeploymentId": "string", "Description": "string", "DocumentationVersion": "string", "LastUpdatedDate": "string", "MethodSettings": [ { "CacheDataEncrypted": boolean, "CacheTtlInSeconds": number, "CachingEnabled": boolean, "DataTraceEnabled": boolean, "HttpMethod": "string", "LoggingLevel": "string", "MetricsEnabled": boolean, "RequireAuthorizationForCacheControl": boolean, "ResourcePath": "string", "ThrottlingBurstLimit": number, "ThrottlingRateLimit": number, "UnauthorizedCacheControlHeaderStrategy": "string" } ], "StageName": "string", "TracingEnabled": boolean, "Variables": { "string" : "string" }, "WebAclArn": "string" }, "AwsApiGatewayV2Api": { "ApiEndpoint": "string", "ApiId": "string", "ApiKeySelectionExpression": "string", "CorsConfiguration": { "AllowCredentials": boolean, "AllowHeaders": [ "string" ], "AllowMethods": [ "string" ], "AllowOrigins": [ "string" ], "ExposeHeaders": [ "string" ], "MaxAge": number }, "CreatedDate": "string", "Description": "string", "Name": "string", "ProtocolType": "string", "RouteSelectionExpression": "string", "Version": "string" }, "AwsApiGatewayV2Stage": { "AccessLogSettings": { "DestinationArn": "string", "Format": "string" }, "ApiGatewayManaged": boolean, "AutoDeploy": boolean, "CreatedDate": "string", "DefaultRouteSettings": { "DataTraceEnabled": boolean, "DetailedMetricsEnabled": boolean, "LoggingLevel": "string", "ThrottlingBurstLimit": number, "ThrottlingRateLimit": number }, "DeploymentId": "string", "Description": "string", "LastDeploymentStatusMessage": "string", "LastUpdatedDate": "string", "RouteSettings": { "DataTraceEnabled": boolean, "DetailedMetricsEnabled": boolean, "LoggingLevel": "string", "ThrottlingBurstLimit": number, "ThrottlingRateLimit": number }, "StageName": "string", "StageVariables": { "string" : "string" } }, "AwsAutoScalingAutoScalingGroup": { "CreatedTime": "string", "HealthCheckGracePeriod": number, "HealthCheckType": "string", "LaunchConfigurationName": "string", "LoadBalancerNames": [ "string" ] }, "AwsCertificateManagerCertificate": { "CertificateAuthorityArn": "string", "CreatedAt": "string", "DomainName": "string", "DomainValidationOptions": [ { "DomainName": "string", "ResourceRecord": { "Name": "string", "Type": "string", "Value": "string" }, "ValidationDomain": "string", "ValidationEmails": [ "string" ], "ValidationMethod": "string", "ValidationStatus": "string" } ], "ExtendedKeyUsages": [ { "Name": "string", "OId": "string" } ], "FailureReason": "string", "ImportedAt": "string", "InUseBy": [ "string" ], "IssuedAt": "string", "Issuer": "string", "KeyAlgorithm": "string", "KeyUsages": [ { "Name": "string" } ], "NotAfter": "string", "NotBefore": "string", "Options": { "CertificateTransparencyLoggingPreference": "string" }, "RenewalEligibility": "string", "RenewalSummary": { "DomainValidationOptions": [ { "DomainName": "string", "ResourceRecord": { "Name": "string", "Type": "string", "Value": "string" }, "ValidationDomain": "string", "ValidationEmails": [ "string" ], "ValidationMethod": "string", "ValidationStatus": "string" } ], "RenewalStatus": "string", "RenewalStatusReason": "string", "UpdatedAt": "string" }, "Serial": "string", "SignatureAlgorithm": "string", "Status": "string", "Subject": "string", "SubjectAlternativeNames": [ "string" ], "Type": "string" }, "AwsCloudFrontDistribution": { "CacheBehaviors": { "Items": [ { "ViewerProtocolPolicy": "string" } ] }, "DefaultCacheBehavior": { "ViewerProtocolPolicy": "string" }, "DefaultRootObject": "string", "DomainName": "string", "ETag": "string", "LastModifiedTime": "string", "Logging": { "Bucket": "string", "Enabled": boolean, "IncludeCookies": boolean, "Prefix": "string" }, "OriginGroups": { "Items": [ { "FailoverCriteria": { "StatusCodes": { "Items": [ number ], "Quantity": number } } } ] }, "Origins": { "Items": [ { "DomainName": "string", "Id": "string", "OriginPath": "string", "S3OriginConfig": { "OriginAccessIdentity": "string" } } ] }, "Status": "string", "WebAclId": "string" }, "AwsCloudTrailTrail": { "CloudWatchLogsLogGroupArn": "string", "CloudWatchLogsRoleArn": "string", "HasCustomEventSelectors": boolean, "HomeRegion": "string", "IncludeGlobalServiceEvents": boolean, "IsMultiRegionTrail": boolean, "IsOrganizationTrail": boolean, "KmsKeyId": "string", "LogFileValidationEnabled": boolean, "Name": "string", "S3BucketName": "string", "S3KeyPrefix": "string", "SnsTopicArn": "string", "SnsTopicName": "string", "TrailArn": "string" }, "AwsCodeBuildProject": { "EncryptionKey": "string", "Environment": { "Certificate": "string", "ImagePullCredentialsType": "string", "RegistryCredential": { "Credential": "string", "CredentialProvider": "string" }, "Type": "string" }, "Name": "string", "ServiceRole": "string", "Source": { "GitCloneDepth": number, "InsecureSsl": boolean, "Location": "string", "Type": "string" }, "VpcConfig": { "SecurityGroupIds": [ "string" ], "Subnets": [ "string" ], "VpcId": "string" } }, "AwsDynamoDbTable": { "AttributeDefinitions": [ { "AttributeName": "string", "AttributeType": "string" } ], "BillingModeSummary": { "BillingMode": "string", "LastUpdateToPayPerRequestDateTime": "string" }, "CreationDateTime": "string", "GlobalSecondaryIndexes": [ { "Backfilling": boolean, "IndexArn": "string", "IndexName": "string", "IndexSizeBytes": number, "IndexStatus": "string", "ItemCount": number, "KeySchema": [ { "AttributeName": "string", "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [ "string" ], "ProjectionType": "string" }, "ProvisionedThroughput": { "LastDecreaseDateTime": "string", "LastIncreaseDateTime": "string", "NumberOfDecreasesToday": number, "ReadCapacityUnits": number, "WriteCapacityUnits": number } } ], "GlobalTableVersion": "string", "ItemCount": number, "KeySchema": [ { "AttributeName": "string", "KeyType": "string" } ], "LatestStreamArn": "string", "LatestStreamLabel": "string", "LocalSecondaryIndexes": [ { "IndexArn": "string", "IndexName": "string", "KeySchema": [ { "AttributeName": "string", "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [ "string" ], "ProjectionType": "string" } } ], "ProvisionedThroughput": { "LastDecreaseDateTime": "string", "LastIncreaseDateTime": "string", "NumberOfDecreasesToday": number, "ReadCapacityUnits": number, "WriteCapacityUnits": number }, "Replicas": [ { "GlobalSecondaryIndexes": [ { "IndexName": "string", "ProvisionedThroughputOverride": { "ReadCapacityUnits": number } } ], "KmsMasterKeyId": "string", "ProvisionedThroughputOverride": { "ReadCapacityUnits": number }, "RegionName": "string", "ReplicaStatus": "string", "ReplicaStatusDescription": "string" } ], "RestoreSummary": { "RestoreDateTime": "string", "RestoreInProgress": boolean, "SourceBackupArn": "string", "SourceTableArn": "string" }, "SseDescription": { "InaccessibleEncryptionDateTime": "string", "KmsMasterKeyArn": "string", "SseType": "string", "Status": "string" }, "StreamSpecification": { "StreamEnabled": boolean, "StreamViewType": "string" }, "TableId": "string", "TableName": "string", "TableSizeBytes": number, "TableStatus": "string" }, "AwsEc2Eip": { "AllocationId": "string", "AssociationId": "string", "Domain": "string", "InstanceId": "string", "NetworkBorderGroup": "string", "NetworkInterfaceId": "string", "NetworkInterfaceOwnerId": "string", "PrivateIpAddress": "string", "PublicIp": "string", "PublicIpv4Pool": "string" }, "AwsEc2Instance": { "IamInstanceProfileArn": "string", "ImageId": "string", "IpV4Addresses": [ "string" ], "IpV6Addresses": [ "string" ], "KeyName": "string", "LaunchedAt": "string", "SubnetId": "string", "Type": "string", "VpcId": "string" }, "AwsEc2NetworkInterface": { "Attachment": { "AttachmentId": "string", "AttachTime": "string", "DeleteOnTermination": boolean, "DeviceIndex": number, "InstanceId": "string", "InstanceOwnerId": "string", "Status": "string" }, "NetworkInterfaceId": "string", "SecurityGroups": [ { "GroupId": "string", "GroupName": "string" } ], "SourceDestCheck": boolean }, "AwsEc2SecurityGroup": { "GroupId": "string", "GroupName": "string", "IpPermissions": [ { "FromPort": number, "IpProtocol": "string", "IpRanges": [ { "CidrIp": "string" } ], "Ipv6Ranges": [ { "CidrIpv6": "string" } ], "PrefixListIds": [ { "PrefixListId": "string" } ], "ToPort": number, "UserIdGroupPairs": [ { "GroupId": "string", "GroupName": "string", "PeeringStatus": "string", "UserId": "string", "VpcId": "string", "VpcPeeringConnectionId": "string" } ] } ], "IpPermissionsEgress": [ { "FromPort": number, "IpProtocol": "string", "IpRanges": [ { "CidrIp": "string" } ], "Ipv6Ranges": [ { "CidrIpv6": "string" } ], "PrefixListIds": [ { "PrefixListId": "string" } ], "ToPort": number, "UserIdGroupPairs": [ { "GroupId": "string", "GroupName": "string", "PeeringStatus": "string", "UserId": "string", "VpcId": "string", "VpcPeeringConnectionId": "string" } ] } ], "OwnerId": "string", "VpcId": "string" }, "AwsEc2Volume": { "Attachments": [ { "AttachTime": "string", "DeleteOnTermination": boolean, "InstanceId": "string", "Status": "string" } ], "CreateTime": "string", "Encrypted": boolean, "KmsKeyId": "string", "Size": number, "SnapshotId": "string", "Status": "string" }, "AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "string", "CidrBlock": "string", "CidrBlockState": "string" } ], "DhcpOptionsId": "string", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "string", "CidrBlockState": "string", "Ipv6CidrBlock": "string" } ], "State": "string" }, "AwsElasticsearchDomain": { "AccessPolicies": "string", "DomainEndpointOptions": { "EnforceHTTPS": boolean, "TLSSecurityPolicy": "string" }, "DomainId": "string", "DomainName": "string", "ElasticsearchVersion": "string", "EncryptionAtRestOptions": { "Enabled": boolean, "KmsKeyId": "string" }, "Endpoint": "string", "Endpoints": { "string" : "string" }, "NodeToNodeEncryptionOptions": { "Enabled": boolean }, "VPCOptions": { "AvailabilityZones": [ "string" ], "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ], "VPCId": "string" } }, "AwsElbLoadBalancer": { "AvailabilityZones": [ "string" ], "BackendServerDescriptions": [ { "InstancePort": number, "PolicyNames": [ "string" ] } ], "CanonicalHostedZoneName": "string", "CanonicalHostedZoneNameID": "string", "CreatedTime": "string", "DnsName": "string", "HealthCheck": { "HealthyThreshold": number, "Interval": number, "Target": "string", "Timeout": number, "UnhealthyThreshold": number }, "Instances": [ { "InstanceId": "string" } ], "ListenerDescriptions": [ { "Listener": { "InstancePort": number, "InstanceProtocol": "string", "LoadBalancerPort": number, "Protocol": "string", "SslCertificateId": "string" }, "PolicyNames": [ "string" ] } ], "LoadBalancerAttributes": { "AccessLog": { "EmitInterval": number, "Enabled": boolean, "S3BucketName": "string", "S3BucketPrefix": "string" }, "ConnectionDraining": { "Enabled": boolean, "Timeout": number }, "ConnectionSettings": { "IdleTimeout": number }, "CrossZoneLoadBalancing": { "Enabled": boolean } }, "LoadBalancerName": "string", "Policies": { "AppCookieStickinessPolicies": [ { "CookieName": "string", "PolicyName": "string" } ], "LbCookieStickinessPolicies": [ { "CookieExpirationPeriod": number, "PolicyName": "string" } ], "OtherPolicies": [ "string" ] }, "Scheme": "string", "SecurityGroups": [ "string" ], "SourceSecurityGroup": { "GroupName": "string", "OwnerAlias": "string" }, "Subnets": [ "string" ], "VpcId": "string" }, "AwsElbv2LoadBalancer": { "AvailabilityZones": [ { "SubnetId": "string", "ZoneName": "string" } ], "CanonicalHostedZoneId": "string", "CreatedTime": "string", "DNSName": "string", "IpAddressType": "string", "Scheme": "string", "SecurityGroups": [ "string" ], "State": { "Code": "string", "Reason": "string" }, "Type": "string", "VpcId": "string" }, "AwsIamAccessKey": { "AccessKeyId": "string", "AccountId": "string", "CreatedAt": "string", "PrincipalId": "string", "PrincipalName": "string", "PrincipalType": "string", "SessionContext": { "Attributes": { "CreationDate": "string", "MfaAuthenticated": boolean }, "SessionIssuer": { "AccountId": "string", "Arn": "string", "PrincipalId": "string", "Type": "string", "UserName": "string" } }, "Status": "string", "UserName": "string" }, "AwsIamGroup": { "AttachedManagedPolicies": [ { "PolicyArn": "string", "PolicyName": "string" } ], "CreateDate": "string", "GroupId": "string", "GroupName": "string", "GroupPolicyList": [ { "PolicyName": "string" } ], "Path": "string" }, "AwsIamPolicy": { "AttachmentCount": number, "CreateDate": "string", "DefaultVersionId": "string", "Description": "string", "IsAttachable": boolean, "Path": "string", "PermissionsBoundaryUsageCount": number, "PolicyId": "string", "PolicyName": "string", "PolicyVersionList": [ { "CreateDate": "string", "IsDefaultVersion": boolean, "VersionId": "string" } ], "UpdateDate": "string" }, "AwsIamRole": { "AssumeRolePolicyDocument": "string", "AttachedManagedPolicies": [ { "PolicyArn": "string", "PolicyName": "string" } ], "CreateDate": "string", "InstanceProfileList": [ { "Arn": "string", "CreateDate": "string", "InstanceProfileId": "string", "InstanceProfileName": "string", "Path": "string", "Roles": [ { "Arn": "string", "AssumeRolePolicyDocument": "string", "CreateDate": "string", "Path": "string", "RoleId": "string", "RoleName": "string" } ] } ], "MaxSessionDuration": number, "Path": "string", "PermissionsBoundary": { "PermissionsBoundaryArn": "string", "PermissionsBoundaryType": "string" }, "RoleId": "string", "RoleName": "string", "RolePolicyList": [ { "PolicyName": "string" } ] }, "AwsIamUser": { "AttachedManagedPolicies": [ { "PolicyArn": "string", "PolicyName": "string" } ], "CreateDate": "string", "GroupList": [ "string" ], "Path": "string", "PermissionsBoundary": { "PermissionsBoundaryArn": "string", "PermissionsBoundaryType": "string" }, "UserId": "string", "UserName": "string", "UserPolicyList": [ { "PolicyName": "string" } ] }, "AwsKmsKey": { "AWSAccountId": "string", "CreationDate": number, "Description": "string", "KeyId": "string", "KeyManager": "string", "KeyState": "string", "Origin": "string" }, "AwsLambdaFunction": { "Code": { "S3Bucket": "string", "S3Key": "string", "S3ObjectVersion": "string", "ZipFile": "string" }, "CodeSha256": "string", "DeadLetterConfig": { "TargetArn": "string" }, "Environment": { "Error": { "ErrorCode": "string", "Message": "string" }, "Variables": { "string" : "string" } }, "FunctionName": "string", "Handler": "string", "KmsKeyArn": "string", "LastModified": "string", "Layers": [ { "Arn": "string", "CodeSize": number } ], "MasterArn": "string", "MemorySize": number, "RevisionId": "string", "Role": "string", "Runtime": "string", "Timeout": number, "TracingConfig": { "Mode": "string" }, "Version": "string", "VpcConfig": { "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ], "VpcId": "string" } }, "AwsLambdaLayerVersion": { "CompatibleRuntimes": [ "string" ], "CreatedDate": "string", "Version": number }, "AwsRdsDbCluster": { "ActivityStreamStatus": "string", "AllocatedStorage": number, "AssociatedRoles": [ { "RoleArn": "string", "Status": "string" } ], "AvailabilityZones": [ "string" ], "BackupRetentionPeriod": number, "ClusterCreateTime": "string", "CopyTagsToSnapshot": boolean, "CrossAccountClone": boolean, "CustomEndpoints": [ "string" ], "DatabaseName": "string", "DbClusterIdentifier": "string", "DbClusterMembers": [ { "DbClusterParameterGroupStatus": "string", "DbInstanceIdentifier": "string", "IsClusterWriter": boolean, "PromotionTier": number } ], "DbClusterOptionGroupMemberships": [ { "DbClusterOptionGroupName": "string", "Status": "string" } ], "DbClusterParameterGroup": "string", "DbClusterResourceId": "string", "DbSubnetGroup": "string", "DeletionProtection": boolean, "DomainMemberships": [ { "Domain": "string", "Fqdn": "string", "IamRoleName": "string", "Status": "string" } ], "EnabledCloudWatchLogsExports": [ "string" ], "Endpoint": "string", "Engine": "string", "EngineMode": "string", "EngineVersion": "string", "HostedZoneId": "string", "HttpEndpointEnabled": boolean, "IamDatabaseAuthenticationEnabled": boolean, "KmsKeyId": "string", "MasterUsername": "string", "MultiAz": boolean, "Port": number, "PreferredBackupWindow": "string", "PreferredMaintenanceWindow": "string", "ReaderEndpoint": "string", "ReadReplicaIdentifiers": [ "string" ], "Status": "string", "StorageEncrypted": boolean, "VpcSecurityGroups": [ { "Status": "string", "VpcSecurityGroupId": "string" } ] }, "AwsRdsDbClusterSnapshot": { "AllocatedStorage": number, "AvailabilityZones": [ "string" ], "ClusterCreateTime": "string", "DbClusterIdentifier": "string", "DbClusterSnapshotIdentifier": "string", "Engine": "string", "EngineVersion": "string", "IamDatabaseAuthenticationEnabled": boolean, "KmsKeyId": "string", "LicenseModel": "string", "MasterUsername": "string", "PercentProgress": number, "Port": number, "SnapshotCreateTime": "string", "SnapshotType": "string", "Status": "string", "StorageEncrypted": boolean, "VpcId": "string" }, "AwsRdsDbInstance": { "AllocatedStorage": number, "AssociatedRoles": [ { "FeatureName": "string", "RoleArn": "string", "Status": "string" } ], "AutoMinorVersionUpgrade": boolean, "AvailabilityZone": "string", "BackupRetentionPeriod": number, "CACertificateIdentifier": "string", "CharacterSetName": "string", "CopyTagsToSnapshot": boolean, "DBClusterIdentifier": "string", "DBInstanceClass": "string", "DBInstanceIdentifier": "string", "DbInstancePort": number, "DbInstanceStatus": "string", "DbiResourceId": "string", "DBName": "string", "DbParameterGroups": [ { "DbParameterGroupName": "string", "ParameterApplyStatus": "string" } ], "DbSecurityGroups": [ "string" ], "DbSubnetGroup": { "DbSubnetGroupArn": "string", "DbSubnetGroupDescription": "string", "DbSubnetGroupName": "string", "SubnetGroupStatus": "string", "Subnets": [ { "SubnetAvailabilityZone": { "Name": "string" }, "SubnetIdentifier": "string", "SubnetStatus": "string" } ], "VpcId": "string" }, "DeletionProtection": boolean, "DomainMemberships": [ { "Domain": "string", "Fqdn": "string", "IamRoleName": "string", "Status": "string" } ], "EnabledCloudWatchLogsExports": [ "string" ], "Endpoint": { "Address": "string", "HostedZoneId": "string", "Port": number }, "Engine": "string", "EngineVersion": "string", "EnhancedMonitoringResourceArn": "string", "IAMDatabaseAuthenticationEnabled": boolean, "InstanceCreateTime": "string", "Iops": number, "KmsKeyId": "string", "LatestRestorableTime": "string", "LicenseModel": "string", "ListenerEndpoint": { "Address": "string", "HostedZoneId": "string", "Port": number }, "MasterUsername": "string", "MaxAllocatedStorage": number, "MonitoringInterval": number, "MonitoringRoleArn": "string", "MultiAz": boolean, "OptionGroupMemberships": [ { "OptionGroupName": "string", "Status": "string" } ], "PendingModifiedValues": { "AllocatedStorage": number, "BackupRetentionPeriod": number, "CaCertificateIdentifier": "string", "DbInstanceClass": "string", "DbInstanceIdentifier": "string", "DbSubnetGroupName": "string", "EngineVersion": "string", "Iops": number, "LicenseModel": "string", "MasterUserPassword": "string", "MultiAZ": boolean, "PendingCloudWatchLogsExports": { "LogTypesToDisable": [ "string" ], "LogTypesToEnable": [ "string" ] }, "Port": number, "ProcessorFeatures": [ { "Name": "string", "Value": "string" } ], "StorageType": "string" }, "PerformanceInsightsEnabled": boolean, "PerformanceInsightsKmsKeyId": "string", "PerformanceInsightsRetentionPeriod": number, "PreferredBackupWindow": "string", "PreferredMaintenanceWindow": "string", "ProcessorFeatures": [ { "Name": "string", "Value": "string" } ], "PromotionTier": number, "PubliclyAccessible": boolean, "ReadReplicaDBClusterIdentifiers": [ "string" ], "ReadReplicaDBInstanceIdentifiers": [ "string" ], "ReadReplicaSourceDBInstanceIdentifier": "string", "SecondaryAvailabilityZone": "string", "StatusInfos": [ { "Message": "string", "Normal": boolean, "Status": "string", "StatusType": "string" } ], "StorageEncrypted": boolean, "StorageType": "string", "TdeCredentialArn": "string", "Timezone": "string", "VpcSecurityGroups": [ { "Status": "string", "VpcSecurityGroupId": "string" } ] }, "AwsRdsDbSnapshot": { "AllocatedStorage": number, "AvailabilityZone": "string", "DbInstanceIdentifier": "string", "DbiResourceId": "string", "DbSnapshotIdentifier": "string", "Encrypted": boolean, "Engine": "string", "EngineVersion": "string", "IamDatabaseAuthenticationEnabled": boolean, "InstanceCreateTime": "string", "Iops": number, "KmsKeyId": "string", "LicenseModel": "string", "MasterUsername": "string", "OptionGroupName": "string", "PercentProgress": number, "Port": number, "ProcessorFeatures": [ { "Name": "string", "Value": "string" } ], "SnapshotCreateTime": "string", "SnapshotType": "string", "SourceDbSnapshotIdentifier": "string", "SourceRegion": "string", "Status": "string", "StorageType": "string", "TdeCredentialArn": "string", "Timezone": "string", "VpcId": "string" }, "AwsRedshiftCluster": { "AllowVersionUpgrade": boolean, "AutomatedSnapshotRetentionPeriod": number, "AvailabilityZone": "string", "ClusterAvailabilityStatus": "string", "ClusterCreateTime": "string", "ClusterIdentifier": "string", "ClusterNodes": [ { "NodeRole": "string", "PrivateIpAddress": "string", "PublicIpAddress": "string" } ], "ClusterParameterGroups": [ { "ClusterParameterStatusList": [ { "ParameterApplyErrorDescription": "string", "ParameterApplyStatus": "string", "ParameterName": "string" } ], "ParameterApplyStatus": "string", "ParameterGroupName": "string" } ], "ClusterPublicKey": "string", "ClusterRevisionNumber": "string", "ClusterSecurityGroups": [ { "ClusterSecurityGroupName": "string", "Status": "string" } ], "ClusterSnapshotCopyStatus": { "DestinationRegion": "string", "ManualSnapshotRetentionPeriod": number, "RetentionPeriod": number, "SnapshotCopyGrantName": "string" }, "ClusterStatus": "string", "ClusterSubnetGroupName": "string", "ClusterVersion": "string", "DBName": "string", "DeferredMaintenanceWindows": [ { "DeferMaintenanceEndTime": "string", "DeferMaintenanceIdentifier": "string", "DeferMaintenanceStartTime": "string" } ], "ElasticIpStatus": { "ElasticIp": "string", "Status": "string" }, "ElasticResizeNumberOfNodeOptions": "string", "Encrypted": boolean, "Endpoint": { "Address": "string", "Port": number }, "EnhancedVpcRouting": boolean, "ExpectedNextSnapshotScheduleTime": "string", "ExpectedNextSnapshotScheduleTimeStatus": "string", "HsmStatus": { "HsmClientCertificateIdentifier": "string", "HsmConfigurationIdentifier": "string", "Status": "string" }, "IamRoles": [ { "ApplyStatus": "string", "IamRoleArn": "string" } ], "KmsKeyId": "string", "MaintenanceTrackName": "string", "ManualSnapshotRetentionPeriod": number, "MasterUsername": "string", "NextMaintenanceWindowStartTime": "string", "NodeType": "string", "NumberOfNodes": number, "PendingActions": [ "string" ], "PendingModifiedValues": { "AutomatedSnapshotRetentionPeriod": number, "ClusterIdentifier": "string", "ClusterType": "string", "ClusterVersion": "string", "EncryptionType": "string", "EnhancedVpcRouting": boolean, "MaintenanceTrackName": "string", "MasterUserPassword": "string", "NodeType": "string", "NumberOfNodes": number, "PubliclyAccessible": boolean }, "PreferredMaintenanceWindow": "string", "PubliclyAccessible": boolean, "ResizeInfo": { "AllowCancelResize": boolean, "ResizeType": "string" }, "RestoreStatus": { "CurrentRestoreRateInMegaBytesPerSecond": number, "ElapsedTimeInSeconds": number, "EstimatedTimeToCompletionInSeconds": number, "ProgressInMegaBytes": number, "SnapshotSizeInMegaBytes": number, "Status": "string" }, "SnapshotScheduleIdentifier": "string", "SnapshotScheduleState": "string", "VpcId": "string", "VpcSecurityGroups": [ { "Status": "string", "VpcSecurityGroupId": "string" } ] }, "AwsS3Bucket": { "CreatedAt": "string", "OwnerId": "string", "OwnerName": "string", "ServerSideEncryptionConfiguration": { "Rules": [ { "ApplyServerSideEncryptionByDefault": { "KMSMasterKeyID": "string", "SSEAlgorithm": "string" } } ] } }, "AwsS3Object": { "ContentType": "string", "ETag": "string", "LastModified": "string", "ServerSideEncryption": "string", "SSEKMSKeyId": "string", "VersionId": "string" }, "AwsSecretsManagerSecret": { "Deleted": boolean, "Description": "string", "KmsKeyId": "string", "Name": "string", "RotationEnabled": boolean, "RotationLambdaArn": "string", "RotationOccurredWithinFrequency": boolean, "RotationRules": { "AutomaticallyAfterDays": number } }, "AwsSnsTopic": { "KmsMasterKeyId": "string", "Owner": "string", "Subscription": [ { "Endpoint": "string", "Protocol": "string" } ], "TopicName": "string" }, "AwsSqsQueue": { "DeadLetterTargetArn": "string", "KmsDataKeyReusePeriodSeconds": number, "KmsMasterKeyId": "string", "QueueName": "string" }, "AwsWafWebAcl": { "DefaultAction": "string", "Name": "string", "Rules": [ { "Action": { "Type": "string" }, "ExcludedRules": [ { "RuleId": "string" } ], "OverrideAction": { "Type": "string" }, "Priority": number, "RuleId": "string", "Type": "string" } ], "WebAclId": "string" }, "Container": { "ImageId": "string", "ImageName": "string", "LaunchedAt": "string", "Name": "string" }, "Other": { "string" : "string" } }, "Id": "string", "Partition": "string", "Region": "string", "ResourceRole": "string", "Tags": { "string" : "string" }, "Type": "string" } ], "SchemaVersion": "string", "Severity": { "Label": "string", "Normalized": number, "Original": "string", "Product": number }, "SourceUrl": "string", "ThreatIntelIndicators": [ { "Category": "string", "LastObservedAt": "string", "Source": "string", "SourceUrl": "string", "Type": "string", "Value": "string" } ], "Title": "string", "Types": [ "string" ], "UpdatedAt": "string", "UserDefinedFields": { "string" : "string" }, "VerificationState": "string", "Vulnerabilities": [ { "Cvss": [ { "BaseScore": number, "BaseVector": "string", "Version": "string" } ], "Id": "string", "ReferenceUrls": [ "string" ], "RelatedVulnerabilities": [ "string" ], "Vendor": { "Name": "string", "Url": "string", "VendorCreatedAt": "string", "VendorSeverity": "string", "VendorUpdatedAt": "string" }, "VulnerablePackages": [ { "Architecture": "string", "Epoch": "string", "Name": "string", "Release": "string", "Version": "string" } ] } ], "Workflow": { "Status": "string" }, "WorkflowState": "string" } ], "NextToken": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Findings

The findings that matched the filters specified in the request.

Type: Array of AwsSecurityFinding objects

NextToken

The pagination token to use to request the next page of results.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalException

Internal server error.

HTTP Status Code: 500

InvalidAccessException

There is an issue with the account used to make the request. Either Security Hub is not enabled for the account, or the account does not have permission to perform this action.

HTTP Status Code: 401

InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

HTTP Status Code: 400

LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS account or throttling limits. The error code describes the limit exceeded.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: