Skip to content

Get Findings V2

securityhub_get_findings_v2 R Documentation

Returns a list of findings that match the specified criteria

Description

Returns a list of findings that match the specified criteria.

You can use the Scopes parameter to define the data boundary for the query. Currently, Scopes supports AwsOrganizations, which lets you retrieve findings from your entire organization or from specific organizational units. Only the delegated administrator account can use Scopes.

You can use the Filters parameter to refine results based on finding attributes. You can use Scopes and Filters independently or together. When both are provided, Scopes narrows the data set first, and then Filters refines results within that scoped data set.

get_findings and get_findings_v2 both use securityhub:GetFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:GetFindings action.

Usage

securityhub_get_findings_v2(Filters, Scopes, SortCriteria, NextToken,
  MaxResults)

Arguments

Filters

The finding attributes used to define a condition to filter the returned OCSF findings. You can filter up to 10 composite filters. For each filter type inside of a composite filter, you can provide up to 20 filters.
Scopes

Limits the results to findings from specific organizational units or from the delegated administrator's organization. Only the delegated administrator account can use this parameter. Other accounts receive an AccessDeniedException.

This parameter is optional. If you omit it, the delegated administrator sees findings from all accounts across the entire organization. Other accounts see only their own findings.

You can specify up to 10 entries in Scopes.AwsOrganizations. If multiple entries are specified, the entries are combined using OR logic.
SortCriteria

The finding attributes used to sort the list of returned findings.
NextToken

The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.
MaxResults

The maximum number of results to return.

Value

A list with the following syntax:

list(
  Findings = list(
    list()
  ),
  NextToken = "string"
)

Request syntax

svc$get_findings_v2(
  Filters = list(
    CompositeFilters = list(
      list(
        StringFilters = list(
          list(
            FieldName = "metadata.uid"|"activity_name"|"cloud.account.uid"|"cloud.provider"|"cloud.region"|"compliance.assessments.category"|"compliance.assessments.name"|"compliance.control"|"compliance.status"|"compliance.standards"|"finding_info.desc"|"finding_info.src_url"|"finding_info.title"|"finding_info.types"|"finding_info.uid"|"finding_info.related_events.traits.category"|"finding_info.related_events.uid"|"finding_info.related_events.product.uid"|"finding_info.related_events.title"|"metadata.product.name"|"metadata.product.uid"|"metadata.product.vendor_name"|"remediation.desc"|"remediation.references"|"resources.cloud_partition"|"resources.region"|"resources.type"|"resources.uid"|"severity"|"status"|"comment"|"vulnerabilities.fix_coverage"|"class_name"|"databucket.encryption_details.algorithm"|"databucket.encryption_details.key_uid"|"databucket.file.data_classifications.classifier_details.type"|"evidences.actor.user.account.uid"|"evidences.api.operation"|"evidences.api.response.error_message"|"evidences.api.service.name"|"evidences.connection_info.direction"|"evidences.connection_info.protocol_name"|"evidences.dst_endpoint.autonomous_system.name"|"evidences.dst_endpoint.location.city"|"evidences.dst_endpoint.location.country"|"evidences.src_endpoint.autonomous_system.name"|"evidences.src_endpoint.hostname"|"evidences.src_endpoint.location.city"|"evidences.src_endpoint.location.country"|"finding_info.analytic.name"|"malware.name"|"malware_scan_info.uid"|"malware.severity"|"resources.cloud_function.layers.uid_alt"|"resources.cloud_function.runtime"|"resources.cloud_function.user.uid"|"resources.device.encryption_details.key_uid"|"resources.device.image.uid"|"resources.image.architecture"|"resources.image.registry_uid"|"resources.image.repository_name"|"resources.image.uid"|"resources.subnet_info.uid"|"resources.vpc_uid"|"vulnerabilities.affected_code.file.path"|"vulnerabilities.affected_packages.name"|"vulnerabilities.cve.epss.score"|"vulnerabilities.cve.uid"|"vulnerabilities.related_vulnerabilities"|"cloud.account.name"|"vendor_attributes.severity",
            Filter = list(
              Value = "string",
              Comparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"|"CONTAINS_WORD"
            )
          )
        ),
        DateFilters = list(
          list(
            FieldName = "finding_info.created_time_dt"|"finding_info.first_seen_time_dt"|"finding_info.last_seen_time_dt"|"finding_info.modified_time_dt"|"resources.image.created_time_dt"|"resources.image.last_used_time_dt"|"resources.modified_time_dt",
            Filter = list(
              Start = "string",
              End = "string",
              DateRange = list(
                Value = 123,
                Unit = "DAYS",
                Comparison = "WITHIN"|"OLDER_THAN"
              )
            )
          )
        ),
        BooleanFilters = list(
          list(
            FieldName = "compliance.assessments.meets_criteria"|"vulnerabilities.is_exploit_available"|"vulnerabilities.is_fix_available",
            Filter = list(
              Value = TRUE|FALSE
            )
          )
        ),
        NumberFilters = list(
          list(
            FieldName = "activity_id"|"compliance.status_id"|"confidence_score"|"severity_id"|"status_id"|"finding_info.related_events_count"|"evidences.api.response.code"|"evidences.dst_endpoint.autonomous_system.number"|"evidences.dst_endpoint.port"|"evidences.src_endpoint.autonomous_system.number"|"evidences.src_endpoint.port"|"resources.image.in_use_count"|"vulnerabilities.cve.cvss.base_score"|"vendor_attributes.severity_id",
            Filter = list(
              Gte = 123.0,
              Lte = 123.0,
              Eq = 123.0,
              Gt = 123.0,
              Lt = 123.0
            )
          )
        ),
        MapFilters = list(
          list(
            FieldName = "resources.tags"|"compliance.control_parameters"|"databucket.tags"|"finding_info.tags",
            Filter = list(
              Key = "string",
              Value = "string",
              Comparison = "EQUALS"|"NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"
            )
          )
        ),
        IpFilters = list(
          list(
            FieldName = "evidences.dst_endpoint.ip"|"evidences.src_endpoint.ip",
            Filter = list(
              Cidr = "string"
            )
          )
        ),
        NestedCompositeFilters = list(),
        Operator = "AND"|"OR"
      )
    ),
    CompositeOperator = "AND"|"OR"
  ),
  Scopes = list(
    AwsOrganizations = list(
      list(
        OrganizationId = "string",
        OrganizationalUnitId = "string"
      )
    )
  ),
  SortCriteria = list(
    list(
      Field = "string",
      SortOrder = "asc"|"desc"
    )
  ),
  NextToken = "string",
  MaxResults = 123
)