Skip to content

Get Finding Statistics V2

securityhub_get_finding_statistics_v2 R Documentation

Returns aggregated statistical data about findings

Description

Returns aggregated statistical data about findings.

You can use the Scopes parameter to define the data boundary for the query. Currently, Scopes supports AwsOrganizations, which lets you aggregate findings from your entire organization or from specific organizational units. Only the delegated administrator account can use Scopes.

get_finding_statistics_v2 uses securityhub:GetAdhocInsightResults in the Action element of an IAM policy statement. You must have permission to perform the securityhub:GetAdhocInsightResults action.

Usage

securityhub_get_finding_statistics_v2(GroupByRules, Scopes, SortOrder,
  MaxStatisticResults)

Arguments

GroupByRules

[required] Specifies how security findings should be aggregated and organized in the statistical analysis. It can accept up to 5 groupBy fields in a single call.
Scopes

Limits the results to findings from specific organizational units or from the delegated administrator's organization. Only the delegated administrator account can use this parameter. Other accounts receive an AccessDeniedException.

This parameter is optional. If you omit it, the delegated administrator sees statistics from all accounts across the entire organization. Other accounts see only statistics for their own findings.

You can specify up to 10 entries in Scopes.AwsOrganizations. If multiple entries are specified, the entries are combined using OR logic.
SortOrder

Orders the aggregation count in descending or ascending order. Descending order is the default.
MaxStatisticResults

The maximum number of results to be returned.

Value

A list with the following syntax:

list(
  GroupByResults = list(
    list(
      GroupByField = "string",
      GroupByValues = list(
        list(
          FieldValue = "string",
          Count = 123
        )
      )
    )
  )
)

Request syntax

svc$get_finding_statistics_v2(
  GroupByRules = list(
    list(
      Filters = list(
        CompositeFilters = list(
          list(
            StringFilters = list(
              list(
                FieldName = "metadata.uid"|"activity_name"|"cloud.account.uid"|"cloud.provider"|"cloud.region"|"compliance.assessments.category"|"compliance.assessments.name"|"compliance.control"|"compliance.status"|"compliance.standards"|"finding_info.desc"|"finding_info.src_url"|"finding_info.title"|"finding_info.types"|"finding_info.uid"|"finding_info.related_events.traits.category"|"finding_info.related_events.uid"|"finding_info.related_events.product.uid"|"finding_info.related_events.title"|"metadata.product.name"|"metadata.product.uid"|"metadata.product.vendor_name"|"remediation.desc"|"remediation.references"|"resources.cloud_partition"|"resources.region"|"resources.type"|"resources.uid"|"severity"|"status"|"comment"|"vulnerabilities.fix_coverage"|"class_name"|"databucket.encryption_details.algorithm"|"databucket.encryption_details.key_uid"|"databucket.file.data_classifications.classifier_details.type"|"evidences.actor.user.account.uid"|"evidences.api.operation"|"evidences.api.response.error_message"|"evidences.api.service.name"|"evidences.connection_info.direction"|"evidences.connection_info.protocol_name"|"evidences.dst_endpoint.autonomous_system.name"|"evidences.dst_endpoint.location.city"|"evidences.dst_endpoint.location.country"|"evidences.src_endpoint.autonomous_system.name"|"evidences.src_endpoint.hostname"|"evidences.src_endpoint.location.city"|"evidences.src_endpoint.location.country"|"finding_info.analytic.name"|"malware.name"|"malware_scan_info.uid"|"malware.severity"|"resources.cloud_function.layers.uid_alt"|"resources.cloud_function.runtime"|"resources.cloud_function.user.uid"|"resources.device.encryption_details.key_uid"|"resources.device.image.uid"|"resources.image.architecture"|"resources.image.registry_uid"|"resources.image.repository_name"|"resources.image.uid"|"resources.subnet_info.uid"|"resources.vpc_uid"|"vulnerabilities.affected_code.file.path"|"vulnerabilities.affected_packages.name"|"vulnerabilities.cve.epss.score"|"vulnerabilities.cve.uid"|"vulnerabilities.related_vulnerabilities"|"cloud.account.name"|"vendor_attributes.severity",
                Filter = list(
                  Value = "string",
                  Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"|"CONTAINS_WORD"
                )
              )
            ),
            DateFilters = list(
              list(
                FieldName = "finding_info.created_time_dt"|"finding_info.first_seen_time_dt"|"finding_info.last_seen_time_dt"|"finding_info.modified_time_dt"|"resources.image.created_time_dt"|"resources.image.last_used_time_dt"|"resources.modified_time_dt",
                Filter = list(
                  Start = "string",
                  End = "string",
                  DateRange = list(
                    Value = 123,
                    Unit = "DAYS",
                    Comparison = "WITHIN"|"OLDER_THAN"
                  )
                )
              )
            ),
            BooleanFilters = list(
              list(
                FieldName = "compliance.assessments.meets_criteria"|"vulnerabilities.is_exploit_available"|"vulnerabilities.is_fix_available",
                Filter = list(
                  Value = TRUE|FALSE
                )
              )
            ),
            NumberFilters = list(
              list(
                FieldName = "activity_id"|"compliance.status_id"|"confidence_score"|"severity_id"|"status_id"|"finding_info.related_events_count"|"evidences.api.response.code"|"evidences.dst_endpoint.autonomous_system.number"|"evidences.dst_endpoint.port"|"evidences.src_endpoint.autonomous_system.number"|"evidences.src_endpoint.port"|"resources.image.in_use_count"|"vulnerabilities.cve.cvss.base_score"|"vendor_attributes.severity_id",
                Filter = list(
                  Gte = 123.0,
                  Lte = 123.0,
                  Eq = 123.0,
                  Gt = 123.0,
                  Lt = 123.0
                )
              )
            ),
            MapFilters = list(
              list(
                FieldName = "resources.tags"|"compliance.control_parameters"|"databucket.tags"|"finding_info.tags",
                Filter = list(
                  Key = "string",
                  Value = "string",
                  Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
                )
              )
            ),
            IpFilters = list(
              list(
                FieldName = "evidences.dst_endpoint.ip"|"evidences.src_endpoint.ip",
                Filter = list(
                  Cidr = "string"
                )
              )
            ),
            NestedCompositeFilters = list(),
            Operator = "AND"|"OR"
          )
        ),
        CompositeOperator = "AND"|"OR"
      ),
      GroupByField = "activity_name"|"cloud.account.uid"|"cloud.provider"|"cloud.region"|"compliance.assessments.name"|"compliance.status"|"compliance.control"|"finding_info.title"|"finding_info.related_events.traits.category"|"finding_info.types"|"metadata.product.name"|"metadata.product.uid"|"resources.type"|"resources.uid"|"severity"|"status"|"vulnerabilities.fix_coverage"|"class_name"|"vulnerabilities.affected_packages.name"|"finding_info.analytic.name"|"compliance.standards"|"cloud.account.name"|"vendor_attributes.severity"|"metadata.product.vendor_name"
    )
  ),
  Scopes = list(
    AwsOrganizations = list(
      list(
        OrganizationId = "string",
        OrganizationalUnitId = "string"
      )
    )
  ),
  SortOrder = "asc"|"desc",
  MaxStatisticResults = 123
)