Retrieving finding details (Security Hub API, AWS CLI) - AWS Security Hub

Retrieving finding details (Security Hub API, AWS CLI)

To retrieve details for selected findings programmatically, you can use an API call or the AWS Command Line Interface.

Note that when you filter by CompanyName or ProductName, Security Hub uses the values that are in ProductFields. It does not use the top-level CompanyName and ProductName fields.

To retrieve a list of findings (Security Hub API, AWS CLI)

  • Security Hub API – Use the GetFindings API operation.

  • AWS CLI – At the command line, run the get-findings command.

    get-findings --filters <filter criteria JSON> --sort-criteria <sort criteria> --page-size <findings per page> --max-items <maximum number of results>

    Example

    aws securityhub get-findings --filters '{"GeneratorId":[{"Value": "aws-foundational","Comparison":"PREFIX"}],"WorkflowStatus": [{"Value": "NEW","Comparison":"EQUALS"}],"Confidence": [{"Gte": 85}]}' --sort-criteria '{"Field": "LastObservedAt","SortOrder": "desc"}' --page-size 5 --max-items 100