Table Of Contents

  1. Docs
  2. Available services
  3. GuardDuty
  4. list_findings

list_findings

GuardDuty.Client.list_findings(**kwargs)

Lists Amazon GuardDuty findings for the specified detector ID.

See also: AWS API Documentation

Request Syntax

response = client.list_findings(
    DetectorId='string',
    FindingCriteria={
        'Criterion': {
            'string': {
                'Eq': [
                    'string',
                ],
                'Neq': [
                    'string',
                ],
                'Gt': 123,
                'Gte': 123,
                'Lt': 123,
                'Lte': 123,
                'Equals': [
                    'string',
                ],
                'NotEquals': [
                    'string',
                ],
                'GreaterThan': 123,
                'GreaterThanOrEqual': 123,
                'LessThan': 123,
                'LessThanOrEqual': 123
            }
        }
    },
    SortCriteria={
        'AttributeName': 'string',
        'OrderBy': 'ASC'|'DESC'
    },
    MaxResults=123,
    NextToken='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector that specifies the GuardDuty service whose findings you want to list.

  • FindingCriteria (dict) --

    Represents the criteria used for querying findings. Valid values include:

    • JSON field name
    • accountId
    • region
    • confidence
    • id
    • resource.accessKeyDetails.accessKeyId
    • resource.accessKeyDetails.principalId
    • resource.accessKeyDetails.userName
    • resource.accessKeyDetails.userType
    • resource.instanceDetails.iamInstanceProfile.id
    • resource.instanceDetails.imageId
    • resource.instanceDetails.instanceId
    • resource.instanceDetails.networkInterfaces.ipv6Addresses
    • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
    • resource.instanceDetails.networkInterfaces.publicDnsName
    • resource.instanceDetails.networkInterfaces.publicIp
    • resource.instanceDetails.networkInterfaces.securityGroups.groupId
    • resource.instanceDetails.networkInterfaces.securityGroups.groupName
    • resource.instanceDetails.networkInterfaces.subnetId
    • resource.instanceDetails.networkInterfaces.vpcId
    • resource.instanceDetails.tags.key
    • resource.instanceDetails.tags.value
    • resource.resourceType
    • service.action.actionType
    • service.action.awsApiCallAction.api
    • service.action.awsApiCallAction.callerType
    • service.action.awsApiCallAction.remoteIpDetails.city.cityName
    • service.action.awsApiCallAction.remoteIpDetails.country.countryName
    • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
    • service.action.awsApiCallAction.remoteIpDetails.organization.asn
    • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
    • service.action.awsApiCallAction.serviceName
    • service.action.dnsRequestAction.domain
    • service.action.networkConnectionAction.blocked
    • service.action.networkConnectionAction.connectionDirection
    • service.action.networkConnectionAction.localPortDetails.port
    • service.action.networkConnectionAction.protocol
    • service.action.networkConnectionAction.remoteIpDetails.country.countryName
    • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
    • service.action.networkConnectionAction.remoteIpDetails.organization.asn
    • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
    • service.action.networkConnectionAction.remotePortDetails.port
    • service.additionalInfo.threatListName
    • service.archived When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
    • service.resourceRole
    • severity
    • type
    • updatedAt Type: Timestamp in Unix Epoch millisecond format: 1486685375000
    • Criterion (dict) --

      Represents a map of finding properties that match specified conditions and values when querying findings.

      • (string) --
        • (dict) --

          Contains information about the condition.

          • Eq (list) --

            Represents the equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Neq (list) --

            Represents the not equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Gt (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • Gte (integer) --

            Represents a greater than or equal condition to be applied to a single field when querying for findings.

          • Lt (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • Lte (integer) --

            Represents a less than or equal condition to be applied to a single field when querying for findings.

          • Equals (list) --

            Represents an equal condition to be applied to a single field when querying for findings.

            • (string) --
          • NotEquals (list) --

            Represents a not equal condition to be applied to a single field when querying for findings.

            • (string) --
          • GreaterThan (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • GreaterThanOrEqual (integer) --

            Represents a greater than or equal condition to be applied to a single field when querying for findings.

          • LessThan (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • LessThanOrEqual (integer) --

            Represents a less than or equal condition to be applied to a single field when querying for findings.

  • SortCriteria (dict) --

    Represents the criteria used for sorting findings.

    • AttributeName (string) --

      Represents the finding attribute, such as accountId , that sorts the findings.

    • OrderBy (string) --

      The order by which the sorted findings are to be displayed.

  • MaxResults (integer) -- You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • NextToken (string) -- You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Return type

dict

Returns

Response Syntax

{
    'FindingIds': [
        'string',
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • FindingIds (list) --

      The IDs of the findings that you're listing.

      • (string) --

    • NextToken (string) --

      The pagination parameter to be used on the next list operation to retrieve more items.

Exceptions

  • GuardDuty.Client.exceptions.BadRequestException
  • GuardDuty.Client.exceptions.InternalServerErrorException
list_filters
list_invitations
Privacy | Site Terms | Cookie preferences | © Copyright 2023, Amazon Web Services, Inc. Created using Sphinx.