2022/12/15 - AWS SecurityHub - 2 updated api methods
Changes Added new resource details objects to ASFF, including resources for AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and AwsWafv2RuleGroup.
{'Findings': {'Resources': {'Details': {'AwsEc2LaunchTemplate': {'DefaultVersionNumber': 'long', 'Id': 'string', 'LatestVersionNumber': 'long', 'LaunchTemplateData': {'BlockDeviceMappingSet': [{'DeviceName': 'string', 'Ebs': {'DeleteOnTermination': 'boolean', 'Encrypted': 'boolean', 'Iops': 'integer', 'KmsKeyId': 'string', 'SnapshotId': 'string', 'Throughput': 'integer', 'VolumeSize': 'integer', 'VolumeType': 'string'}, 'NoDevice': 'string', 'VirtualName': 'string'}], 'CapacityReservationSpecification': {'CapacityReservationPreference': 'string', 'CapacityReservationTarget': {'CapacityReservationId': 'string', 'CapacityReservationResourceGroupArn': 'string'}}, 'CpuOptions': {'CoreCount': 'integer', 'ThreadsPerCore': 'integer'}, 'CreditSpecification': {'CpuCredits': 'string'}, 'DisableApiStop': 'boolean', 'DisableApiTermination': 'boolean', 'EbsOptimized': 'boolean', 'ElasticGpuSpecificationSet': [{'Type': 'string'}], 'ElasticInferenceAcceleratorSet': [{'Count': 'integer', 'Type': 'string'}], 'EnclaveOptions': {'Enabled': 'boolean'}, 'HibernationOptions': {'Configured': 'boolean'}, 'IamInstanceProfile': {'Arn': 'string', 'Name': 'string'}, 'ImageId': 'string', 'InstanceInitiatedShutdownBehavior': 'string', 'InstanceMarketOptions': {'MarketType': 'string', 'SpotOptions': {'BlockDurationMinutes': 'integer', 'InstanceInterruptionBehavior': 'string', 'MaxPrice': 'string', 'SpotInstanceType': 'string', 'ValidUntil': 'string'}}, 'InstanceRequirements': {'AcceleratorCount': {'Max': 'integer', 'Min': 'integer'}, 'AcceleratorManufacturers': ['string'], 'AcceleratorNames': ['string'], 'AcceleratorTotalMemoryMiB': {'Max': 'integer', 'Min': 'integer'}, 'AcceleratorTypes': ['string'], 'BareMetal': 'string', 'BaselineEbsBandwidthMbps': {'Max': 'integer', 'Min': 'integer'}, 'BurstablePerformance': 'string', 'CpuManufacturers': ['string'], 'ExcludedInstanceTypes': ['string'], 'InstanceGenerations': ['string'], 'LocalStorage': 'string', 'LocalStorageTypes': ['string'], 'MemoryGiBPerVCpu': {'Max': 'double', 'Min': 'double'}, 'MemoryMiB': {'Max': 'integer', 'Min': 'integer'}, 'NetworkInterfaceCount': {'Max': 'integer', 'Min': 'integer'}, 'OnDemandMaxPricePercentageOverLowestPrice': 'integer', 'RequireHibernateSupport': 'boolean', 'SpotMaxPricePercentageOverLowestPrice': 'integer', 'TotalLocalStorageGB': {'Max': 'double', 'Min': 'double'}, 'VCpuCount': {'Max': 'integer', 'Min': 'integer'}}, 'InstanceType': 'string', 'KernelId': 'string', 'KeyName': 'string', 'LicenseSet': [{'LicenseConfigurationArn': 'string'}], 'MaintenanceOptions': {'AutoRecovery': 'string'}, 'MetadataOptions': {'HttpEndpoint': 'string', 'HttpProtocolIpv6': 'string', 'HttpPutResponseHopLimit': 'integer', 'HttpTokens': 'string', 'InstanceMetadataTags': 'string'}, 'Monitoring': {'Enabled': 'boolean'}, 'NetworkInterfaceSet': [{'AssociateCarrierIpAddress': 'boolean', 'AssociatePublicIpAddress': 'boolean', 'DeleteOnTermination': 'boolean', 'Description': 'string', 'DeviceIndex': 'integer', 'Groups': ['string'], 'InterfaceType': 'string', 'Ipv4PrefixCount': 'integer', 'Ipv4Prefixes': [{'Ipv4Prefix': 'string'}], 'Ipv6AddressCount': 'integer', 'Ipv6Addresses': [{'Ipv6Address': 'string'}], 'Ipv6PrefixCount': 'integer', 'Ipv6Prefixes': [{'Ipv6Prefix': 'string'}], 'NetworkCardIndex': 'integer', 'NetworkInterfaceId': 'string', 'PrivateIpAddress': 'string', 'PrivateIpAddresses': [{'Primary': 'boolean', 'PrivateIpAddress': 'string'}], 'SecondaryPrivateIpAddressCount': 'integer', 'SubnetId': 'string'}], 'Placement': {'Affinity': 'string', 'AvailabilityZone': 'string', 'GroupName': 'string', 'HostId': 'string', 'HostResourceGroupArn': 'string', 'PartitionNumber': 'integer', 'SpreadDomain': 'string', 'Tenancy': 'string'}, 'PrivateDnsNameOptions': {'EnableResourceNameDnsAAAARecord': 'boolean', 'EnableResourceNameDnsARecord': 'boolean', 'HostnameType': 'string'}, 'RamDiskId': 'string', 'SecurityGroupIdSet': ['string'], 'SecurityGroupSet': ['string'], 'UserData': 'string'}, 'LaunchTemplateName': 'string'}, 'AwsSageMakerNotebookInstance': {'AcceleratorTypes': ['string'], 'AdditionalCodeRepositories': ['string'], 'DefaultCodeRepository': 'string', 'DirectInternetAccess': 'string', 'FailureReason': 'string', 'InstanceMetadataServiceConfiguration': {'MinimumInstanceMetadataServiceVersion': 'string'}, 'InstanceType': 'string', 'KmsKeyId': 'string', 'NetworkInterfaceId': 'string', 'NotebookInstanceArn': 'string', 'NotebookInstanceLifecycleConfigName': 'string', 'NotebookInstanceName': 'string', 'NotebookInstanceStatus': 'string', 'PlatformIdentifier': 'string', 'RoleArn': 'string', 'RootAccess': 'string', 'SecurityGroups': ['string'], 'SubnetId': 'string', 'Url': 'string', 'VolumeSizeInGB': 'integer'}, 'AwsWafv2RuleGroup': {'Arn': 'string', 'Capacity': 'long', 'Description': 'string', 'Id': 'string', 'Name': 'string', 'Rules': [{'Action': {'Allow': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Block': {'CustomResponse': {'CustomResponseBodyKey': 'string', 'ResponseCode': 'integer', 'ResponseHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Captcha': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Count': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}}, 'Name': 'string', 'OverrideAction': 'string', 'Priority': 'integer', 'VisibilityConfig': {'CloudWatchMetricsEnabled': 'boolean', 'MetricName': 'string', 'SampledRequestsEnabled': 'boolean'}}], 'Scope': 'string', 'VisibilityConfig': {'CloudWatchMetricsEnabled': 'boolean', 'MetricName': 'string', 'SampledRequestsEnabled': 'boolean'}}, 'AwsWafv2WebAcl': {'Arn': 'string', 'Capacity': 'long', 'CaptchaConfig': {'ImmunityTimeProperty': {'ImmunityTime': 'long'}}, 'DefaultAction': {'Allow': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Block': {'CustomResponse': {'CustomResponseBodyKey': 'string', 'ResponseCode': 'integer', 'ResponseHeaders': [{'Name': 'string', 'Value': 'string'}]}}}, 'Description': 'string', 'Id': 'string', 'ManagedbyFirewallManager': 'boolean', 'Name': 'string', 'Rules': [{'Action': {'Allow': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Block': {'CustomResponse': {'CustomResponseBodyKey': 'string', 'ResponseCode': 'integer', 'ResponseHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Captcha': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Count': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}}, 'Name': 'string', 'OverrideAction': 'string', 'Priority': 'integer', 'VisibilityConfig': {'CloudWatchMetricsEnabled': 'boolean', 'MetricName': 'string', 'SampledRequestsEnabled': 'boolean'}}], 'VisibilityConfig': {'CloudWatchMetricsEnabled': 'boolean', 'MetricName': 'string', 'SampledRequestsEnabled': 'boolean'}}}}}}
Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.
BatchImportFindings must be called by one of the following:
The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.
An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.
The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.
Note
UserDefinedFields
VerificationState
Workflow
Finding providers also should not use BatchImportFindings to update the following attributes.
Confidence
Criticality
RelatedFindings
Severity
Types
Instead, finding providers use FindingProviderFields to provide values for these attributes.
See also: AWS API Documentation
Request Syntax
# This section is too large to render. # Please see the AWS API Documentation linked below.Parameters
# This section is too large to render. # Please see the AWS API Documentation linked below.
dict
Response Syntax
{ 'FailedCount': 123, 'SuccessCount': 123, 'FailedFindings': [ { 'Id': 'string', 'ErrorCode': 'string', 'ErrorMessage': 'string' }, ] }
Response Structure
(dict) --
FailedCount (integer) --
The number of findings that failed to import.
SuccessCount (integer) --
The number of findings that were successfully imported.
FailedFindings (list) --
The list of findings that failed to import.
(dict) --
The list of the findings that cannot be imported. For each finding, the list provides the error.
Id (string) --
The identifier of the finding that could not be updated.
ErrorCode (string) --
The code of the error returned by the BatchImportFindings operation.
ErrorMessage (string) --
The message of the error returned by the BatchImportFindings operation.
{'Findings': {'Resources': {'Details': {'AwsEc2LaunchTemplate': {'DefaultVersionNumber': 'long', 'Id': 'string', 'LatestVersionNumber': 'long', 'LaunchTemplateData': {'BlockDeviceMappingSet': [{'DeviceName': 'string', 'Ebs': {'DeleteOnTermination': 'boolean', 'Encrypted': 'boolean', 'Iops': 'integer', 'KmsKeyId': 'string', 'SnapshotId': 'string', 'Throughput': 'integer', 'VolumeSize': 'integer', 'VolumeType': 'string'}, 'NoDevice': 'string', 'VirtualName': 'string'}], 'CapacityReservationSpecification': {'CapacityReservationPreference': 'string', 'CapacityReservationTarget': {'CapacityReservationId': 'string', 'CapacityReservationResourceGroupArn': 'string'}}, 'CpuOptions': {'CoreCount': 'integer', 'ThreadsPerCore': 'integer'}, 'CreditSpecification': {'CpuCredits': 'string'}, 'DisableApiStop': 'boolean', 'DisableApiTermination': 'boolean', 'EbsOptimized': 'boolean', 'ElasticGpuSpecificationSet': [{'Type': 'string'}], 'ElasticInferenceAcceleratorSet': [{'Count': 'integer', 'Type': 'string'}], 'EnclaveOptions': {'Enabled': 'boolean'}, 'HibernationOptions': {'Configured': 'boolean'}, 'IamInstanceProfile': {'Arn': 'string', 'Name': 'string'}, 'ImageId': 'string', 'InstanceInitiatedShutdownBehavior': 'string', 'InstanceMarketOptions': {'MarketType': 'string', 'SpotOptions': {'BlockDurationMinutes': 'integer', 'InstanceInterruptionBehavior': 'string', 'MaxPrice': 'string', 'SpotInstanceType': 'string', 'ValidUntil': 'string'}}, 'InstanceRequirements': {'AcceleratorCount': {'Max': 'integer', 'Min': 'integer'}, 'AcceleratorManufacturers': ['string'], 'AcceleratorNames': ['string'], 'AcceleratorTotalMemoryMiB': {'Max': 'integer', 'Min': 'integer'}, 'AcceleratorTypes': ['string'], 'BareMetal': 'string', 'BaselineEbsBandwidthMbps': {'Max': 'integer', 'Min': 'integer'}, 'BurstablePerformance': 'string', 'CpuManufacturers': ['string'], 'ExcludedInstanceTypes': ['string'], 'InstanceGenerations': ['string'], 'LocalStorage': 'string', 'LocalStorageTypes': ['string'], 'MemoryGiBPerVCpu': {'Max': 'double', 'Min': 'double'}, 'MemoryMiB': {'Max': 'integer', 'Min': 'integer'}, 'NetworkInterfaceCount': {'Max': 'integer', 'Min': 'integer'}, 'OnDemandMaxPricePercentageOverLowestPrice': 'integer', 'RequireHibernateSupport': 'boolean', 'SpotMaxPricePercentageOverLowestPrice': 'integer', 'TotalLocalStorageGB': {'Max': 'double', 'Min': 'double'}, 'VCpuCount': {'Max': 'integer', 'Min': 'integer'}}, 'InstanceType': 'string', 'KernelId': 'string', 'KeyName': 'string', 'LicenseSet': [{'LicenseConfigurationArn': 'string'}], 'MaintenanceOptions': {'AutoRecovery': 'string'}, 'MetadataOptions': {'HttpEndpoint': 'string', 'HttpProtocolIpv6': 'string', 'HttpPutResponseHopLimit': 'integer', 'HttpTokens': 'string', 'InstanceMetadataTags': 'string'}, 'Monitoring': {'Enabled': 'boolean'}, 'NetworkInterfaceSet': [{'AssociateCarrierIpAddress': 'boolean', 'AssociatePublicIpAddress': 'boolean', 'DeleteOnTermination': 'boolean', 'Description': 'string', 'DeviceIndex': 'integer', 'Groups': ['string'], 'InterfaceType': 'string', 'Ipv4PrefixCount': 'integer', 'Ipv4Prefixes': [{'Ipv4Prefix': 'string'}], 'Ipv6AddressCount': 'integer', 'Ipv6Addresses': [{'Ipv6Address': 'string'}], 'Ipv6PrefixCount': 'integer', 'Ipv6Prefixes': [{'Ipv6Prefix': 'string'}], 'NetworkCardIndex': 'integer', 'NetworkInterfaceId': 'string', 'PrivateIpAddress': 'string', 'PrivateIpAddresses': [{'Primary': 'boolean', 'PrivateIpAddress': 'string'}], 'SecondaryPrivateIpAddressCount': 'integer', 'SubnetId': 'string'}], 'Placement': {'Affinity': 'string', 'AvailabilityZone': 'string', 'GroupName': 'string', 'HostId': 'string', 'HostResourceGroupArn': 'string', 'PartitionNumber': 'integer', 'SpreadDomain': 'string', 'Tenancy': 'string'}, 'PrivateDnsNameOptions': {'EnableResourceNameDnsAAAARecord': 'boolean', 'EnableResourceNameDnsARecord': 'boolean', 'HostnameType': 'string'}, 'RamDiskId': 'string', 'SecurityGroupIdSet': ['string'], 'SecurityGroupSet': ['string'], 'UserData': 'string'}, 'LaunchTemplateName': 'string'}, 'AwsSageMakerNotebookInstance': {'AcceleratorTypes': ['string'], 'AdditionalCodeRepositories': ['string'], 'DefaultCodeRepository': 'string', 'DirectInternetAccess': 'string', 'FailureReason': 'string', 'InstanceMetadataServiceConfiguration': {'MinimumInstanceMetadataServiceVersion': 'string'}, 'InstanceType': 'string', 'KmsKeyId': 'string', 'NetworkInterfaceId': 'string', 'NotebookInstanceArn': 'string', 'NotebookInstanceLifecycleConfigName': 'string', 'NotebookInstanceName': 'string', 'NotebookInstanceStatus': 'string', 'PlatformIdentifier': 'string', 'RoleArn': 'string', 'RootAccess': 'string', 'SecurityGroups': ['string'], 'SubnetId': 'string', 'Url': 'string', 'VolumeSizeInGB': 'integer'}, 'AwsWafv2RuleGroup': {'Arn': 'string', 'Capacity': 'long', 'Description': 'string', 'Id': 'string', 'Name': 'string', 'Rules': [{'Action': {'Allow': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Block': {'CustomResponse': {'CustomResponseBodyKey': 'string', 'ResponseCode': 'integer', 'ResponseHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Captcha': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Count': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}}, 'Name': 'string', 'OverrideAction': 'string', 'Priority': 'integer', 'VisibilityConfig': {'CloudWatchMetricsEnabled': 'boolean', 'MetricName': 'string', 'SampledRequestsEnabled': 'boolean'}}], 'Scope': 'string', 'VisibilityConfig': {'CloudWatchMetricsEnabled': 'boolean', 'MetricName': 'string', 'SampledRequestsEnabled': 'boolean'}}, 'AwsWafv2WebAcl': {'Arn': 'string', 'Capacity': 'long', 'CaptchaConfig': {'ImmunityTimeProperty': {'ImmunityTime': 'long'}}, 'DefaultAction': {'Allow': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Block': {'CustomResponse': {'CustomResponseBodyKey': 'string', 'ResponseCode': 'integer', 'ResponseHeaders': [{'Name': 'string', 'Value': 'string'}]}}}, 'Description': 'string', 'Id': 'string', 'ManagedbyFirewallManager': 'boolean', 'Name': 'string', 'Rules': [{'Action': {'Allow': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Block': {'CustomResponse': {'CustomResponseBodyKey': 'string', 'ResponseCode': 'integer', 'ResponseHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Captcha': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}, 'Count': {'CustomRequestHandling': {'InsertHeaders': [{'Name': 'string', 'Value': 'string'}]}}}, 'Name': 'string', 'OverrideAction': 'string', 'Priority': 'integer', 'VisibilityConfig': {'CloudWatchMetricsEnabled': 'boolean', 'MetricName': 'string', 'SampledRequestsEnabled': 'boolean'}}], 'VisibilityConfig': {'CloudWatchMetricsEnabled': 'boolean', 'MetricName': 'string', 'SampledRequestsEnabled': 'boolean'}}}}}}
Returns a list of findings that match the specified criteria.
If finding aggregation is enabled, then when you call GetFindings from the aggregation Region, the results include all of the matching findings from both the aggregation Region and the linked Regions.
See also: AWS API Documentation
Request Syntax
client.get_findings( Filters={ 'ProductArn': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'AwsAccountId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'Id': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'GeneratorId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'Region': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'Type': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'FirstObservedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'LastObservedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'CreatedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'UpdatedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'SeverityProduct': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'SeverityNormalized': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'SeverityLabel': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'Confidence': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'Criticality': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'Title': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'Description': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'RecommendationText': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'SourceUrl': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ProductFields': [ { 'Key': 'string', 'Value': 'string', 'Comparison': 'EQUALS'|'NOT_EQUALS' }, ], 'ProductName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'CompanyName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'UserDefinedFields': [ { 'Key': 'string', 'Value': 'string', 'Comparison': 'EQUALS'|'NOT_EQUALS' }, ], 'MalwareName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'MalwareType': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'MalwarePath': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'MalwareState': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'NetworkDirection': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'NetworkProtocol': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'NetworkSourceIpV4': [ { 'Cidr': 'string' }, ], 'NetworkSourceIpV6': [ { 'Cidr': 'string' }, ], 'NetworkSourcePort': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'NetworkSourceDomain': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'NetworkSourceMac': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'NetworkDestinationIpV4': [ { 'Cidr': 'string' }, ], 'NetworkDestinationIpV6': [ { 'Cidr': 'string' }, ], 'NetworkDestinationPort': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'NetworkDestinationDomain': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ProcessName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ProcessPath': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ProcessPid': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'ProcessParentPid': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'ProcessLaunchedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'ProcessTerminatedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'ThreatIntelIndicatorType': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ThreatIntelIndicatorValue': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ThreatIntelIndicatorCategory': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ThreatIntelIndicatorLastObservedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'ThreatIntelIndicatorSource': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ThreatIntelIndicatorSourceUrl': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceType': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourcePartition': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceRegion': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceTags': [ { 'Key': 'string', 'Value': 'string', 'Comparison': 'EQUALS'|'NOT_EQUALS' }, ], 'ResourceAwsEc2InstanceType': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsEc2InstanceImageId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsEc2InstanceIpV4Addresses': [ { 'Cidr': 'string' }, ], 'ResourceAwsEc2InstanceIpV6Addresses': [ { 'Cidr': 'string' }, ], 'ResourceAwsEc2InstanceKeyName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsEc2InstanceIamInstanceProfileArn': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsEc2InstanceVpcId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsEc2InstanceSubnetId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsEc2InstanceLaunchedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'ResourceAwsS3BucketOwnerId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsS3BucketOwnerName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsIamAccessKeyUserName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsIamAccessKeyPrincipalName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsIamAccessKeyStatus': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceAwsIamAccessKeyCreatedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'ResourceAwsIamUserUserName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceContainerName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceContainerImageId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceContainerImageName': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'ResourceContainerLaunchedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'ResourceDetailsOther': [ { 'Key': 'string', 'Value': 'string', 'Comparison': 'EQUALS'|'NOT_EQUALS' }, ], 'ComplianceStatus': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'VerificationState': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'WorkflowState': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'WorkflowStatus': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'RecordState': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'RelatedFindingsProductArn': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'RelatedFindingsId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'NoteText': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'NoteUpdatedAt': [ { 'Start': 'string', 'End': 'string', 'DateRange': { 'Value': 123, 'Unit': 'DAYS' } }, ], 'NoteUpdatedBy': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'Keyword': [ { 'Value': 'string' }, ], 'FindingProviderFieldsConfidence': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'FindingProviderFieldsCriticality': [ { 'Gte': 123.0, 'Lte': 123.0, 'Eq': 123.0 }, ], 'FindingProviderFieldsRelatedFindingsId': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'FindingProviderFieldsRelatedFindingsProductArn': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'FindingProviderFieldsSeverityLabel': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'FindingProviderFieldsSeverityOriginal': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'FindingProviderFieldsTypes': [ { 'Value': 'string', 'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS' }, ], 'Sample': [ { 'Value': True|False }, ] }, SortCriteria=[ { 'Field': 'string', 'SortOrder': 'asc'|'desc' }, ], NextToken='string', MaxResults=123 ) **Parameters** :: # This section is too large to render. # Please see the AWS API Documentation linked below. `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings>`_
dict
Response Syntax
# This section is too large to render. # Please see the AWS API Documentation linked below.
Response Structure
# This section is too large to render. # Please see the AWS API Documentation linked below.