IoT / Client / describe_audit_mitigation_actions_task
describe_audit_mitigation_actions_task#
- IoT.Client.describe_audit_mitigation_actions_task(**kwargs)#
Gets information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings. Properties include the actions being applied, the audit checks to which they’re being applied, the task status, and aggregated task statistics.
See also: AWS API Documentation
Request Syntax
response = client.describe_audit_mitigation_actions_task( taskId='string' )
- Parameters:
taskId (string) –
[REQUIRED]
The unique identifier for the audit mitigation task.
- Return type:
dict
- Returns:
Response Syntax
{ 'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED', 'startTime': datetime(2015, 1, 1), 'endTime': datetime(2015, 1, 1), 'taskStatistics': { 'string': { 'totalFindingsCount': 123, 'failedFindingsCount': 123, 'succeededFindingsCount': 123, 'skippedFindingsCount': 123, 'canceledFindingsCount': 123 } }, 'target': { 'auditTaskId': 'string', 'findingIds': [ 'string', ], 'auditCheckToReasonCodeFilter': { 'string': [ 'string', ] } }, 'auditCheckToActionsMapping': { 'string': [ 'string', ] }, 'actionsDefinition': [ { 'name': 'string', 'id': 'string', 'roleArn': 'string', 'actionParams': { 'updateDeviceCertificateParams': { 'action': 'DEACTIVATE' }, 'updateCACertificateParams': { 'action': 'DEACTIVATE' }, 'addThingsToThingGroupParams': { 'thingGroupNames': [ 'string', ], 'overrideDynamicGroups': True|False }, 'replaceDefaultPolicyVersionParams': { 'templateName': 'BLANK_POLICY' }, 'enableIoTLoggingParams': { 'roleArnForLogging': 'string', 'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED' }, 'publishFindingToSnsParams': { 'topicArn': 'string' } } }, ] }
Response Structure
(dict) –
taskStatus (string) –
The current status of the task.
startTime (datetime) –
The date and time when the task was started.
endTime (datetime) –
The date and time when the task was completed or canceled.
taskStatistics (dict) –
Aggregate counts of the results when the mitigation tasks were applied to the findings for this audit mitigation actions task.
(string) –
An audit check name. Checks must be enabled for your account. (Use
DescribeAccountAuditConfigurationto see the list of all checks, including those that are enabled or useUpdateAccountAuditConfigurationto select which checks are enabled.)(dict) –
Provides summary counts of how many tasks for findings are in a particular state. This information is included in the response from DescribeAuditMitigationActionsTask.
totalFindingsCount (integer) –
The total number of findings to which a task is being applied.
failedFindingsCount (integer) –
The number of findings for which at least one of the actions failed when applied.
succeededFindingsCount (integer) –
The number of findings for which all mitigation actions succeeded when applied.
skippedFindingsCount (integer) –
The number of findings skipped because of filter conditions provided in the parameters to the command.
canceledFindingsCount (integer) –
The number of findings to which the mitigation action task was canceled when applied.
target (dict) –
Identifies the findings to which the mitigation actions are applied. This can be by audit checks, by audit task, or a set of findings.
auditTaskId (string) –
If the task will apply a mitigation action to findings from a specific audit, this value uniquely identifies the audit.
findingIds (list) –
If the task will apply a mitigation action to one or more listed findings, this value uniquely identifies those findings.
(string) –
auditCheckToReasonCodeFilter (dict) –
Specifies a filter in the form of an audit check and set of reason codes that identify the findings from the audit to which the audit mitigation actions task apply.
(string) –
An audit check name. Checks must be enabled for your account. (Use
DescribeAccountAuditConfigurationto see the list of all checks, including those that are enabled or useUpdateAccountAuditConfigurationto select which checks are enabled.)(list) –
(string) –
auditCheckToActionsMapping (dict) –
Specifies the mitigation actions that should be applied to specific audit checks.
(string) –
An audit check name. Checks must be enabled for your account. (Use
DescribeAccountAuditConfigurationto see the list of all checks, including those that are enabled or useUpdateAccountAuditConfigurationto select which checks are enabled.)(list) –
(string) –
actionsDefinition (list) –
Specifies the mitigation actions and their parameters that are applied as part of this task.
(dict) –
Describes which changes should be applied as part of a mitigation action.
name (string) –
A user-friendly name for the mitigation action.
id (string) –
A unique identifier for the mitigation action.
roleArn (string) –
The IAM role ARN used to apply this mitigation action.
actionParams (dict) –
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
updateDeviceCertificateParams (dict) –
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) –
The action that you want to apply to the device certificate. The only supported value is
DEACTIVATE.
updateCACertificateParams (dict) –
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) –
The action that you want to apply to the CA certificate. The only supported value is
DEACTIVATE.
addThingsToThingGroupParams (dict) –
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) –
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can’t add a thing to more than one group in the same hierarchy.
(string) –
overrideDynamicGroups (boolean) –
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
replaceDefaultPolicyVersionParams (dict) –
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) –
The name of the template to be applied. The only supported value is
BLANK_POLICY.
enableIoTLoggingParams (dict) –
Parameters to define a mitigation action that enables Amazon Web Services IoT Core logging at a specified level of detail.
roleArnForLogging (string) –
The Amazon Resource Name (ARN) of the IAM role used for logging.
logLevel (string) –
Specifies the type of information to be logged.
publishFindingToSnsParams (dict) –
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) –
The ARN of the topic to which you want to publish the findings.
Exceptions
IoT.Client.exceptions.InvalidRequestExceptionIoT.Client.exceptions.ResourceNotFoundExceptionIoT.Client.exceptions.ThrottlingExceptionIoT.Client.exceptions.InternalFailureException