list_control_domain_insights
(**kwargs)¶Lists the latest analytics data for control domains across all of your active assessments.
Note
A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated
date of controlDomainInsights
. If this condition isn’t met, no data is listed for that control domain.
See also: AWS API Documentation
Request Syntax
response = client.list_control_domain_insights(
nextToken='string',
maxResults=123
)
dict
Response Syntax
{
'controlDomainInsights': [
{
'name': 'string',
'id': 'string',
'controlsCountByNoncompliantEvidence': 123,
'totalControlsCount': 123,
'evidenceInsights': {
'noncompliantEvidenceCount': 123,
'compliantEvidenceCount': 123,
'inconclusiveEvidenceCount': 123
},
'lastUpdated': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
controlDomainInsights (list) --
The control domain analytics data that the ListControlDomainInsights
API returned.
(dict) --
A summary of the latest analytics data for a specific control domain.
Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.
name (string) --
The name of the control domain.
id (string) --
The unique identifier for the control domain.
controlsCountByNoncompliantEvidence (integer) --
The number of controls in the control domain that collected non-compliant evidence on the lastUpdated
date.
totalControlsCount (integer) --
The total number of controls in the control domain.
evidenceInsights (dict) --
A breakdown of the compliance check status for the evidence that’s associated with the control domain.
noncompliantEvidenceCount (integer) --
The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.
compliantEvidenceCount (integer) --
The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.
inconclusiveEvidenceCount (integer) --
The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).
Note
If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in EvidenceInsights
data.
lastUpdated (datetime) --
The time when the control domain insights were last updated.
nextToken (string) --
The pagination token that's used to fetch the next set of results.
Exceptions
AuditManager.Client.exceptions.ResourceNotFoundException
AuditManager.Client.exceptions.AccessDeniedException
AuditManager.Client.exceptions.InternalServerException
AuditManager.Client.exceptions.ValidationException