list_control_domain_insights

AuditManager.Client.list_control_domain_insights(**kwargs)

Lists the latest analytics data for control domains across all of your active assessments.

Note

A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights . If this condition isn’t met, no data is listed for that control domain.

See also: AWS API Documentation

Request Syntax

response = client.list_control_domain_insights(
    nextToken='string',
    maxResults=123
)

Parameters

• nextToken (string) -- The pagination token that's used to fetch the next set of results.
• maxResults (integer) -- Represents the maximum number of results on a page or for an API request call.

Return type

dict

Returns

Response Syntax

{
    'controlDomainInsights': [
        {
            'name': 'string',
            'id': 'string',
            'controlsCountByNoncompliantEvidence': 123,
            'totalControlsCount': 123,
            'evidenceInsights': {
                'noncompliantEvidenceCount': 123,
                'compliantEvidenceCount': 123,
                'inconclusiveEvidenceCount': 123
            },
            'lastUpdated': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • controlDomainInsights (list) --

    The control domain analytics data that the ListControlDomainInsights API returned.

    • (dict) --

      A summary of the latest analytics data for a specific control domain.

      Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

      • name (string) --

        The name of the control domain.

      • id (string) --

        The unique identifier for the control domain.

      • controlsCountByNoncompliantEvidence (integer) --

        The number of controls in the control domain that collected non-compliant evidence on the lastUpdated date.

      • totalControlsCount (integer) --

        The total number of controls in the control domain.

      • evidenceInsights (dict) --

        A breakdown of the compliance check status for the evidence that’s associated with the control domain.

        • noncompliantEvidenceCount (integer) --

          The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.

        • compliantEvidenceCount (integer) --

          The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.

        • inconclusiveEvidenceCount (integer) --

          The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).

          Note

          If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in EvidenceInsights data.

      • lastUpdated (datetime) --

        The time when the control domain insights were last updated.

  • nextToken (string) --

    The pagination token that's used to fetch the next set of results.

Exceptions

• AuditManager.Client.exceptions.ResourceNotFoundException
• AuditManager.Client.exceptions.AccessDeniedException
• AuditManager.Client.exceptions.InternalServerException
• AuditManager.Client.exceptions.ValidationException