list_control_domain_insights_by_assessment

AuditManager.Client.list_control_domain_insights_by_assessment(**kwargs)

Lists analytics data for control domains within a specified active assessment.

Note

A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights . If this condition isn’t met, no data is listed for that domain.

See also: AWS API Documentation

Request Syntax

response = client.list_control_domain_insights_by_assessment(
    assessmentId='string',
    nextToken='string',
    maxResults=123
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The unique identifier for the active assessment.

  • nextToken (string) -- The pagination token that's used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results on a page or for an API request call.
Return type

dict

Returns

Response Syntax

{
    'controlDomainInsights': [
        {
            'name': 'string',
            'id': 'string',
            'controlsCountByNoncompliantEvidence': 123,
            'totalControlsCount': 123,
            'evidenceInsights': {
                'noncompliantEvidenceCount': 123,
                'compliantEvidenceCount': 123,
                'inconclusiveEvidenceCount': 123
            },
            'lastUpdated': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • controlDomainInsights (list) --

      The control domain analytics data that the ListControlDomainInsightsByAssessment API returned.

      • (dict) --

        A summary of the latest analytics data for a specific control domain.

        Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

        • name (string) --

          The name of the control domain.

        • id (string) --

          The unique identifier for the control domain.

        • controlsCountByNoncompliantEvidence (integer) --

          The number of controls in the control domain that collected non-compliant evidence on the lastUpdated date.

        • totalControlsCount (integer) --

          The total number of controls in the control domain.

        • evidenceInsights (dict) --

          A breakdown of the compliance check status for the evidence that’s associated with the control domain.

          • noncompliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.

          • compliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.

          • inconclusiveEvidenceCount (integer) --

            The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).

            Note

            If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in EvidenceInsights data.

        • lastUpdated (datetime) --

          The time when the control domain insights were last updated.

    • nextToken (string) --

      The pagination token that's used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException