class Aws::SecurityHub::Types::GetFindingsRequest
@note When making an API call, you may pass GetFindingsRequest
data as a hash: { filters: { product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], aws_account_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], generator_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], region: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], first_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], last_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], created_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], updated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], severity_product: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], severity_normalized: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], severity_label: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], confidence: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], criticality: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], title: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], description: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], recommendation_text: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], source_url: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], product_fields: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], product_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], company_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], user_defined_fields: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], malware_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_path: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], malware_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_direction: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_protocol: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_source_ip_v4: [ { cidr: "NonEmptyString", }, ], network_source_ip_v6: [ { cidr: "NonEmptyString", }, ], network_source_port: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], network_source_domain: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_source_mac: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], network_destination_ip_v4: [ { cidr: "NonEmptyString", }, ], network_destination_ip_v6: [ { cidr: "NonEmptyString", }, ], network_destination_port: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], network_destination_domain: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_path: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], process_pid: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], process_parent_pid: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], process_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], process_terminated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], threat_intel_indicator_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_value: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_category: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_last_observed_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], threat_intel_indicator_source: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], threat_intel_indicator_source_url: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_partition: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_region: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_tags: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], resource_aws_ec2_instance_type: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_image_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_ip_v4_addresses: [ { cidr: "NonEmptyString", }, ], resource_aws_ec2_instance_ip_v6_addresses: [ { cidr: "NonEmptyString", }, ], resource_aws_ec2_instance_key_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_iam_instance_profile_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_vpc_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_subnet_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_ec2_instance_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_aws_s3_bucket_owner_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_s3_bucket_owner_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_user_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_principal_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_aws_iam_access_key_created_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_aws_iam_user_user_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_image_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_image_name: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], resource_container_launched_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], resource_details_other: [ { key: "NonEmptyString", value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS }, ], compliance_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], verification_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], workflow_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], workflow_status: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], record_state: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], related_findings_product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], related_findings_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], note_text: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], note_updated_at: [ { start: "NonEmptyString", end: "NonEmptyString", date_range: { value: 1, unit: "DAYS", # accepts DAYS }, }, ], note_updated_by: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], keyword: [ { value: "NonEmptyString", }, ], finding_provider_fields_confidence: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], finding_provider_fields_criticality: [ { gte: 1.0, lte: 1.0, eq: 1.0, }, ], finding_provider_fields_related_findings_id: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_related_findings_product_arn: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_severity_label: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_severity_original: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], finding_provider_fields_types: [ { value: "NonEmptyString", comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS }, ], }, sort_criteria: [ { field: "NonEmptyString", sort_order: "asc", # accepts asc, desc }, ], next_token: "NextToken", max_results: 1, }
@!attribute [rw] filters
The finding attributes used to define a condition to filter the returned findings. You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values. Note that in the available filter fields, `WorkflowState` is deprecated. To search for a finding based on its workflow status, use `WorkflowStatus`. @return [Types::AwsSecurityFindingFilters]
@!attribute [rw] sort_criteria
The finding attributes used to sort the list of returned findings. @return [Array<Types::SortCriterion>]
@!attribute [rw] next_token
The token that is required for pagination. On your first call to the `GetFindings` operation, set the value of this parameter to `NULL`. For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response. @return [String]
@!attribute [rw] max_results
The maximum number of findings to return. @return [Integer]
@see docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingsRequest AWS API Documentation
Constants
- SENSITIVE