2019/06/06 - Amazon GuardDuty - 6 updated api methods
Changes Improve FindingCriteria Condition field names, support long-typed conditions and deprecate old Condition field names.
{'FindingCriteria': {'Criterion': {'Equals': ['string'],
'GreaterThan': 'long',
'GreaterThanOrEqual': 'long',
'LessThan': 'long',
'LessThanOrEqual': 'long',
'NotEquals': ['string']}}}
Creates a filter using the specified finding criteria.
See also: AWS API Documentation
Request Syntax
client.create_filter(
DetectorId='string',
Name='string',
Description='string',
Action='NOOP'|'ARCHIVE',
Rank=123,
FindingCriteria={
'Criterion': {
'string': {
'Eq': [
'string',
],
'Neq': [
'string',
],
'Gt': 123,
'Gte': 123,
'Lt': 123,
'Lte': 123,
'Equals': [
'string',
],
'NotEquals': [
'string',
],
'GreaterThan': 123,
'GreaterThanOrEqual': 123,
'LessThan': 123,
'LessThanOrEqual': 123
}
}
},
ClientToken='string'
)
string
[REQUIRED]
The unique ID of the detector of the GuardDuty account for which you want to create a filter.
string
[REQUIRED]
The name of the filter.
string
The description of the filter.
string
Specifies the action that is to be applied to the findings that match the filter.
integer
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
dict
[REQUIRED]
Represents the criteria to be used in the filter for querying findings.
Criterion (dict) --
Represents a map of finding properties that match specified conditions and values when querying findings.
(string) --
(dict) --
Eq (list) --
Represents the equal condition to be applied to a single field when querying for findings.
(string) --
Neq (list) --
Represents the not equal condition to be applied to a single field when querying for findings.
(string) --
Gt (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
Gte (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
Lt (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
Lte (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
Equals (list) --
(string) --
NotEquals (list) --
(string) --
GreaterThan (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
GreaterThanOrEqual (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
LessThan (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
LessThanOrEqual (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
string
The idempotency token for the create request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'Name': 'string'
}
Response Structure
(dict) --
Name (string) --
The name of the successfully created filter.
{'FindingCriteria': {'Criterion': {'Equals': ['string'],
'GreaterThan': 'long',
'GreaterThanOrEqual': 'long',
'LessThan': 'long',
'LessThanOrEqual': 'long',
'NotEquals': ['string']}}}
Returns the details of the filter specified by the filter name.
See also: AWS API Documentation
Request Syntax
client.get_filter(
DetectorId='string',
FilterName='string'
)
string
[REQUIRED]
The unique ID of the detector the filter is associated with.
string
[REQUIRED]
The name of the filter you want to get.
dict
Response Syntax
{
'Name': 'string',
'Description': 'string',
'Action': 'NOOP'|'ARCHIVE',
'Rank': 123,
'FindingCriteria': {
'Criterion': {
'string': {
'Eq': [
'string',
],
'Neq': [
'string',
],
'Gt': 123,
'Gte': 123,
'Lt': 123,
'Lte': 123,
'Equals': [
'string',
],
'NotEquals': [
'string',
],
'GreaterThan': 123,
'GreaterThanOrEqual': 123,
'LessThan': 123,
'LessThanOrEqual': 123
}
}
}
}
Response Structure
(dict) --
Name (string) --
The name of the filter.
Description (string) --
The description of the filter.
Action (string) --
Specifies the action that is to be applied to the findings that match the filter.
Rank (integer) --
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria (dict) --
Represents the criteria to be used in the filter for querying findings.
Criterion (dict) --
Represents a map of finding properties that match specified conditions and values when querying findings.
(string) --
(dict) --
Eq (list) --
Represents the equal condition to be applied to a single field when querying for findings.
(string) --
Neq (list) --
Represents the not equal condition to be applied to a single field when querying for findings.
(string) --
Gt (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
Gte (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
Lt (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
Lte (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
Equals (list) --
(string) --
NotEquals (list) --
(string) --
GreaterThan (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
GreaterThanOrEqual (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
LessThan (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
LessThanOrEqual (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
{'Findings': {'Service': {'Action': {'AwsApiCallAction': {'DomainDetails': {'Domain': 'string'}}}}}}
Describes Amazon GuardDuty findings specified by finding IDs.
See also: AWS API Documentation
Request Syntax
client.get_findings(
DetectorId='string',
FindingIds=[
'string',
],
SortCriteria={
'AttributeName': 'string',
'OrderBy': 'ASC'|'DESC'
}
)
string
[REQUIRED]
The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
list
[REQUIRED]
IDs of the findings that you want to retrieve.
(string) --
dict
Represents the criteria used for sorting findings.
AttributeName (string) --
Represents the finding attribute (for example, accountId) by which to sort findings.
OrderBy (string) --
Order by which the sorted findings are to be displayed.
dict
Response Syntax
{
'Findings': [
{
'AccountId': 'string',
'Arn': 'string',
'Confidence': 123.0,
'CreatedAt': 'string',
'Description': 'string',
'Id': 'string',
'Partition': 'string',
'Region': 'string',
'Resource': {
'AccessKeyDetails': {
'AccessKeyId': 'string',
'PrincipalId': 'string',
'UserName': 'string',
'UserType': 'string'
},
'InstanceDetails': {
'AvailabilityZone': 'string',
'IamInstanceProfile': {
'Arn': 'string',
'Id': 'string'
},
'ImageDescription': 'string',
'ImageId': 'string',
'InstanceId': 'string',
'InstanceState': 'string',
'InstanceType': 'string',
'LaunchTime': 'string',
'NetworkInterfaces': [
{
'Ipv6Addresses': [
'string',
],
'NetworkInterfaceId': 'string',
'PrivateDnsName': 'string',
'PrivateIpAddress': 'string',
'PrivateIpAddresses': [
{
'PrivateDnsName': 'string',
'PrivateIpAddress': 'string'
},
],
'PublicDnsName': 'string',
'PublicIp': 'string',
'SecurityGroups': [
{
'GroupId': 'string',
'GroupName': 'string'
},
],
'SubnetId': 'string',
'VpcId': 'string'
},
],
'Platform': 'string',
'ProductCodes': [
{
'Code': 'string',
'ProductType': 'string'
},
],
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'ResourceType': 'string'
},
'SchemaVersion': 'string',
'Service': {
'Action': {
'ActionType': 'string',
'AwsApiCallAction': {
'Api': 'string',
'CallerType': 'string',
'DomainDetails': {
'Domain': 'string'
},
'RemoteIpDetails': {
'City': {
'CityName': 'string'
},
'Country': {
'CountryCode': 'string',
'CountryName': 'string'
},
'GeoLocation': {
'Lat': 123.0,
'Lon': 123.0
},
'IpAddressV4': 'string',
'Organization': {
'Asn': 'string',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'
}
},
'ServiceName': 'string'
},
'DnsRequestAction': {
'Domain': 'string'
},
'NetworkConnectionAction': {
'Blocked': True|False,
'ConnectionDirection': 'string',
'LocalPortDetails': {
'Port': 123,
'PortName': 'string'
},
'Protocol': 'string',
'RemoteIpDetails': {
'City': {
'CityName': 'string'
},
'Country': {
'CountryCode': 'string',
'CountryName': 'string'
},
'GeoLocation': {
'Lat': 123.0,
'Lon': 123.0
},
'IpAddressV4': 'string',
'Organization': {
'Asn': 'string',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'
}
},
'RemotePortDetails': {
'Port': 123,
'PortName': 'string'
}
},
'PortProbeAction': {
'Blocked': True|False,
'PortProbeDetails': [
{
'LocalPortDetails': {
'Port': 123,
'PortName': 'string'
},
'RemoteIpDetails': {
'City': {
'CityName': 'string'
},
'Country': {
'CountryCode': 'string',
'CountryName': 'string'
},
'GeoLocation': {
'Lat': 123.0,
'Lon': 123.0
},
'IpAddressV4': 'string',
'Organization': {
'Asn': 'string',
'AsnOrg': 'string',
'Isp': 'string',
'Org': 'string'
}
}
},
]
}
},
'Archived': True|False,
'Count': 123,
'DetectorId': 'string',
'EventFirstSeen': 'string',
'EventLastSeen': 'string',
'ResourceRole': 'string',
'ServiceName': 'string',
'UserFeedback': 'string'
},
'Severity': 123.0,
'Title': 'string',
'Type': 'string',
'UpdatedAt': 'string'
},
]
}
Response Structure
(dict) --
Findings (list) --
A list of findings.
(dict) --
AccountId (string) --
AWS account ID where the activity occurred that prompted GuardDuty to generate a finding.
Arn (string) --
The ARN of a finding described by the action.
Confidence (float) --
The confidence level of a finding.
CreatedAt (string) --
The time stamp at which a finding was generated.
Description (string) --
The description of a finding.
Id (string) --
The identifier that corresponds to a finding described by the action.
Partition (string) --
The AWS resource partition.
Region (string) --
The AWS region where the activity occurred that prompted GuardDuty to generate a finding.
Resource (dict) --
The AWS resource associated with the activity that prompted GuardDuty to generate a finding.
AccessKeyDetails (dict) --
The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
AccessKeyId (string) --
Access key ID of the user.
PrincipalId (string) --
The principal ID of the user.
UserName (string) --
The name of the user.
UserType (string) --
The type of the user.
InstanceDetails (dict) --
The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
AvailabilityZone (string) --
The availability zone of the EC2 instance.
IamInstanceProfile (dict) --
The profile information of the EC2 instance.
Arn (string) --
AWS EC2 instance profile ARN.
Id (string) --
AWS EC2 instance profile ID.
ImageDescription (string) --
The image description of the EC2 instance.
ImageId (string) --
The image ID of the EC2 instance.
InstanceId (string) --
The ID of the EC2 instance.
InstanceState (string) --
The state of the EC2 instance.
InstanceType (string) --
The type of the EC2 instance.
LaunchTime (string) --
The launch time of the EC2 instance.
NetworkInterfaces (list) --
The network interface information of the EC2 instance.
(dict) --
Ipv6Addresses (list) --
A list of EC2 instance IPv6 address information.
(string) --
NetworkInterfaceId (string) --
The ID of the network interface
PrivateDnsName (string) --
Private DNS name of the EC2 instance.
PrivateIpAddress (string) --
Private IP address of the EC2 instance.
PrivateIpAddresses (list) --
Other private IP address information of the EC2 instance.
(dict) --
PrivateDnsName (string) --
Private DNS name of the EC2 instance.
PrivateIpAddress (string) --
Private IP address of the EC2 instance.
PublicDnsName (string) --
Public DNS name of the EC2 instance.
PublicIp (string) --
Public IP address of the EC2 instance.
SecurityGroups (list) --
Security groups associated with the EC2 instance.
(dict) --
GroupId (string) --
EC2 instance's security group ID.
GroupName (string) --
EC2 instance's security group name.
SubnetId (string) --
The subnet ID of the EC2 instance.
VpcId (string) --
The VPC ID of the EC2 instance.
Platform (string) --
The platform of the EC2 instance.
ProductCodes (list) --
The product code of the EC2 instance.
(dict) --
Code (string) --
Product code information.
ProductType (string) --
Product code type.
Tags (list) --
The tags of the EC2 instance.
(dict) --
Key (string) --
EC2 instance tag key.
Value (string) --
EC2 instance tag value.
ResourceType (string) --
The type of the AWS resource.
SchemaVersion (string) --
Findings' schema version.
Service (dict) --
Additional information assigned to the generated finding by GuardDuty.
Action (dict) --
Information about the activity described in a finding.
ActionType (string) --
GuardDuty Finding activity type.
AwsApiCallAction (dict) --
Information about the AWS_API_CALL action described in this finding.
Api (string) --
AWS API name.
CallerType (string) --
AWS API caller type.
DomainDetails (dict) --
Domain information for the AWS API call.
Domain (string) --
Domain information for the AWS API call.
RemoteIpDetails (dict) --
Remote IP information of the connection.
City (dict) --
City information of the remote IP address.
CityName (string) --
City name of the remote IP address.
Country (dict) --
Country code of the remote IP address.
CountryCode (string) --
Country code of the remote IP address.
CountryName (string) --
Country name of the remote IP address.
GeoLocation (dict) --
Location information of the remote IP address.
Lat (float) --
Latitude information of remote IP address.
Lon (float) --
Longitude information of remote IP address.
IpAddressV4 (string) --
IPV4 remote address of the connection.
Organization (dict) --
ISP Organization information of the remote IP address.
Asn (string) --
Autonomous system number of the internet provider of the remote IP address.
AsnOrg (string) --
Organization that registered this ASN.
Isp (string) --
ISP information for the internet provider.
Org (string) --
Name of the internet provider.
ServiceName (string) --
AWS service name whose API was invoked.
DnsRequestAction (dict) --
Information about the DNS_REQUEST action described in this finding.
Domain (string) --
Domain information for the DNS request.
NetworkConnectionAction (dict) --
Information about the NETWORK_CONNECTION action described in this finding.
Blocked (boolean) --
Network connection blocked information.
ConnectionDirection (string) --
Network connection direction.
LocalPortDetails (dict) --
Local port information of the connection.
Port (integer) --
Port number of the local connection.
PortName (string) --
Port name of the local connection.
Protocol (string) --
Network connection protocol.
RemoteIpDetails (dict) --
Remote IP information of the connection.
City (dict) --
City information of the remote IP address.
CityName (string) --
City name of the remote IP address.
Country (dict) --
Country code of the remote IP address.
CountryCode (string) --
Country code of the remote IP address.
CountryName (string) --
Country name of the remote IP address.
GeoLocation (dict) --
Location information of the remote IP address.
Lat (float) --
Latitude information of remote IP address.
Lon (float) --
Longitude information of remote IP address.
IpAddressV4 (string) --
IPV4 remote address of the connection.
Organization (dict) --
ISP Organization information of the remote IP address.
Asn (string) --
Autonomous system number of the internet provider of the remote IP address.
AsnOrg (string) --
Organization that registered this ASN.
Isp (string) --
ISP information for the internet provider.
Org (string) --
Name of the internet provider.
RemotePortDetails (dict) --
Remote port information of the connection.
Port (integer) --
Port number of the remote connection.
PortName (string) --
Port name of the remote connection.
PortProbeAction (dict) --
Information about the PORT_PROBE action described in this finding.
Blocked (boolean) --
Port probe blocked information.
PortProbeDetails (list) --
A list of port probe details objects.
(dict) --
LocalPortDetails (dict) --
Local port information of the connection.
Port (integer) --
Port number of the local connection.
PortName (string) --
Port name of the local connection.
RemoteIpDetails (dict) --
Remote IP information of the connection.
City (dict) --
City information of the remote IP address.
CityName (string) --
City name of the remote IP address.
Country (dict) --
Country code of the remote IP address.
CountryCode (string) --
Country code of the remote IP address.
CountryName (string) --
Country name of the remote IP address.
GeoLocation (dict) --
Location information of the remote IP address.
Lat (float) --
Latitude information of remote IP address.
Lon (float) --
Longitude information of remote IP address.
IpAddressV4 (string) --
IPV4 remote address of the connection.
Organization (dict) --
ISP Organization information of the remote IP address.
Asn (string) --
Autonomous system number of the internet provider of the remote IP address.
AsnOrg (string) --
Organization that registered this ASN.
Isp (string) --
ISP information for the internet provider.
Org (string) --
Name of the internet provider.
Archived (boolean) --
Indicates whether this finding is archived.
Count (integer) --
Total count of the occurrences of this finding type.
DetectorId (string) --
Detector ID for the GuardDuty service.
EventFirstSeen (string) --
First seen timestamp of the activity that prompted GuardDuty to generate this finding.
EventLastSeen (string) --
Last seen timestamp of the activity that prompted GuardDuty to generate this finding.
ResourceRole (string) --
Resource role information for this finding.
ServiceName (string) --
The name of the AWS service (GuardDuty) that generated a finding.
UserFeedback (string) --
Feedback left about the finding.
Severity (float) --
The severity of a finding.
Title (string) --
The title of a finding.
Type (string) --
The type of a finding described by the action.
UpdatedAt (string) --
The time stamp at which a finding was last updated.
{'FindingCriteria': {'Criterion': {'Equals': ['string'],
'GreaterThan': 'long',
'GreaterThanOrEqual': 'long',
'LessThan': 'long',
'LessThanOrEqual': 'long',
'NotEquals': ['string']}}}
Lists Amazon GuardDuty findings' statistics for the specified detector ID.
See also: AWS API Documentation
Request Syntax
client.get_findings_statistics(
DetectorId='string',
FindingStatisticTypes=[
'COUNT_BY_SEVERITY',
],
FindingCriteria={
'Criterion': {
'string': {
'Eq': [
'string',
],
'Neq': [
'string',
],
'Gt': 123,
'Gte': 123,
'Lt': 123,
'Lte': 123,
'Equals': [
'string',
],
'NotEquals': [
'string',
],
'GreaterThan': 123,
'GreaterThanOrEqual': 123,
'LessThan': 123,
'LessThanOrEqual': 123
}
}
}
)
string
[REQUIRED]
The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
list
[REQUIRED]
Types of finding statistics to retrieve.
(string) --
dict
Represents the criteria used for querying findings.
Criterion (dict) --
Represents a map of finding properties that match specified conditions and values when querying findings.
(string) --
(dict) --
Eq (list) --
Represents the equal condition to be applied to a single field when querying for findings.
(string) --
Neq (list) --
Represents the not equal condition to be applied to a single field when querying for findings.
(string) --
Gt (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
Gte (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
Lt (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
Lte (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
Equals (list) --
(string) --
NotEquals (list) --
(string) --
GreaterThan (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
GreaterThanOrEqual (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
LessThan (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
LessThanOrEqual (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
dict
Response Syntax
{
'FindingStatistics': {
'CountBySeverity': {
'string': 123
}
}
}
Response Structure
(dict) --
FindingStatistics (dict) --
Finding statistics object.
CountBySeverity (dict) --
Represents a map of severity to count statistic for a set of findings
(string) --
(integer) --
{'FindingCriteria': {'Criterion': {'Equals': ['string'],
'GreaterThan': 'long',
'GreaterThanOrEqual': 'long',
'LessThan': 'long',
'LessThanOrEqual': 'long',
'NotEquals': ['string']}}}
Lists Amazon GuardDuty findings for the specified detector ID.
See also: AWS API Documentation
Request Syntax
client.list_findings(
DetectorId='string',
FindingCriteria={
'Criterion': {
'string': {
'Eq': [
'string',
],
'Neq': [
'string',
],
'Gt': 123,
'Gte': 123,
'Lt': 123,
'Lte': 123,
'Equals': [
'string',
],
'NotEquals': [
'string',
],
'GreaterThan': 123,
'GreaterThanOrEqual': 123,
'LessThan': 123,
'LessThanOrEqual': 123
}
}
},
SortCriteria={
'AttributeName': 'string',
'OrderBy': 'ASC'|'DESC'
},
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The ID of the detector that specifies the GuardDuty service whose findings you want to list.
dict
Represents the criteria used for querying findings.
Criterion (dict) --
Represents a map of finding properties that match specified conditions and values when querying findings.
(string) --
(dict) --
Eq (list) --
Represents the equal condition to be applied to a single field when querying for findings.
(string) --
Neq (list) --
Represents the not equal condition to be applied to a single field when querying for findings.
(string) --
Gt (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
Gte (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
Lt (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
Lte (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
Equals (list) --
(string) --
NotEquals (list) --
(string) --
GreaterThan (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
GreaterThanOrEqual (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
LessThan (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
LessThanOrEqual (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
dict
Represents the criteria used for sorting findings.
AttributeName (string) --
Represents the finding attribute (for example, accountId) by which to sort findings.
OrderBy (string) --
Order by which the sorted findings are to be displayed.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
dict
Response Syntax
{
'FindingIds': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
FindingIds (list) --
The IDs of the findings you are listing.
(string) --
NextToken (string) --
Pagination parameter to be used on the next list operation to retrieve more items.
{'FindingCriteria': {'Criterion': {'Equals': ['string'],
'GreaterThan': 'long',
'GreaterThanOrEqual': 'long',
'LessThan': 'long',
'LessThanOrEqual': 'long',
'NotEquals': ['string']}}}
Updates the filter specified by the filter name.
See also: AWS API Documentation
Request Syntax
client.update_filter(
DetectorId='string',
FilterName='string',
Description='string',
Action='NOOP'|'ARCHIVE',
Rank=123,
FindingCriteria={
'Criterion': {
'string': {
'Eq': [
'string',
],
'Neq': [
'string',
],
'Gt': 123,
'Gte': 123,
'Lt': 123,
'Lte': 123,
'Equals': [
'string',
],
'NotEquals': [
'string',
],
'GreaterThan': 123,
'GreaterThanOrEqual': 123,
'LessThan': 123,
'LessThanOrEqual': 123
}
}
}
)
string
[REQUIRED]
The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
string
[REQUIRED]
The name of the filter.
string
The description of the filter.
string
Specifies the action that is to be applied to the findings that match the filter.
integer
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
dict
Represents the criteria to be used in the filter for querying findings.
Criterion (dict) --
Represents a map of finding properties that match specified conditions and values when querying findings.
(string) --
(dict) --
Eq (list) --
Represents the equal condition to be applied to a single field when querying for findings.
(string) --
Neq (list) --
Represents the not equal condition to be applied to a single field when querying for findings.
(string) --
Gt (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
Gte (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
Lt (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
Lte (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
Equals (list) --
(string) --
NotEquals (list) --
(string) --
GreaterThan (integer) --
Represents a greater than condition to be applied to a single field when querying for findings.
GreaterThanOrEqual (integer) --
Represents a greater than equal condition to be applied to a single field when querying for findings.
LessThan (integer) --
Represents a less than condition to be applied to a single field when querying for findings.
LessThanOrEqual (integer) --
Represents a less than equal condition to be applied to a single field when querying for findings.
dict
Response Syntax
{
'Name': 'string'
}
Response Structure
(dict) --
Name (string) --
The name of the filter.