Get Findings
| guardduty_get_findings | R Documentation |
Describes Amazon GuardDuty findings specified by finding IDs¶
Description¶
Describes Amazon GuardDuty findings specified by finding IDs.
Usage¶
Arguments¶
DetectorId[required] The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
FindingIds[required] The IDs of the findings that you want to retrieve.
SortCriteriaRepresents the criteria used for sorting findings.
Value¶
A list with the following syntax:
list(
Findings = list(
list(
AccountId = "string",
Arn = "string",
Confidence = 123.0,
CreatedAt = "string",
Description = "string",
Id = "string",
Partition = "string",
Region = "string",
Resource = list(
AccessKeyDetails = list(
AccessKeyId = "string",
PrincipalId = "string",
UserName = "string",
UserType = "string"
),
S3BucketDetails = list(
list(
Arn = "string",
Name = "string",
Type = "string",
CreatedAt = as.POSIXct(
"2015-01-01"
),
Owner = list(
Id = "string"
),
Tags = list(
list(
Key = "string",
Value = "string"
)
),
DefaultServerSideEncryption = list(
EncryptionType = "string",
KmsMasterKeyArn = "string"
),
PublicAccess = list(
PermissionConfiguration = list(
BucketLevelPermissions = list(
AccessControlList = list(
AllowsPublicReadAccess = TRUE|FALSE,
AllowsPublicWriteAccess = TRUE|FALSE
),
BucketPolicy = list(
AllowsPublicReadAccess = TRUE|FALSE,
AllowsPublicWriteAccess = TRUE|FALSE
),
BlockPublicAccess = list(
IgnorePublicAcls = TRUE|FALSE,
RestrictPublicBuckets = TRUE|FALSE,
BlockPublicAcls = TRUE|FALSE,
BlockPublicPolicy = TRUE|FALSE
)
),
AccountLevelPermissions = list(
BlockPublicAccess = list(
IgnorePublicAcls = TRUE|FALSE,
RestrictPublicBuckets = TRUE|FALSE,
BlockPublicAcls = TRUE|FALSE,
BlockPublicPolicy = TRUE|FALSE
)
)
),
EffectivePermission = "string"
),
S3ObjectDetails = list(
list(
ObjectArn = "string",
Key = "string",
ETag = "string",
Hash = "string",
VersionId = "string"
)
)
)
),
InstanceDetails = list(
AvailabilityZone = "string",
IamInstanceProfile = list(
Arn = "string",
Id = "string"
),
ImageDescription = "string",
ImageId = "string",
InstanceId = "string",
InstanceState = "string",
InstanceType = "string",
OutpostArn = "string",
LaunchTime = "string",
NetworkInterfaces = list(
list(
Ipv6Addresses = list(
"string"
),
NetworkInterfaceId = "string",
PrivateDnsName = "string",
PrivateIpAddress = "string",
PrivateIpAddresses = list(
list(
PrivateDnsName = "string",
PrivateIpAddress = "string"
)
),
PublicDnsName = "string",
PublicIp = "string",
SecurityGroups = list(
list(
GroupId = "string",
GroupName = "string"
)
),
SubnetId = "string",
VpcId = "string"
)
),
Platform = "string",
ProductCodes = list(
list(
Code = "string",
ProductType = "string"
)
),
Tags = list(
list(
Key = "string",
Value = "string"
)
)
),
EksClusterDetails = list(
Name = "string",
Arn = "string",
VpcId = "string",
Status = "string",
Tags = list(
list(
Key = "string",
Value = "string"
)
),
CreatedAt = as.POSIXct(
"2015-01-01"
)
),
KubernetesDetails = list(
KubernetesUserDetails = list(
Username = "string",
Uid = "string",
Groups = list(
"string"
),
SessionName = list(
"string"
),
ImpersonatedUser = list(
Username = "string",
Groups = list(
"string"
)
)
),
KubernetesWorkloadDetails = list(
Name = "string",
Type = "string",
Uid = "string",
Namespace = "string",
HostNetwork = TRUE|FALSE,
Containers = list(
list(
ContainerRuntime = "string",
Id = "string",
Name = "string",
Image = "string",
ImagePrefix = "string",
VolumeMounts = list(
list(
Name = "string",
MountPath = "string"
)
),
SecurityContext = list(
Privileged = TRUE|FALSE,
AllowPrivilegeEscalation = TRUE|FALSE
)
)
),
Volumes = list(
list(
Name = "string",
HostPath = list(
Path = "string"
)
)
),
ServiceAccountName = "string",
HostIPC = TRUE|FALSE,
HostPID = TRUE|FALSE
)
),
ResourceType = "string",
EbsVolumeDetails = list(
ScannedVolumeDetails = list(
list(
VolumeArn = "string",
VolumeType = "string",
DeviceName = "string",
VolumeSizeInGB = 123,
EncryptionType = "string",
SnapshotArn = "string",
KmsKeyArn = "string"
)
),
SkippedVolumeDetails = list(
list(
VolumeArn = "string",
VolumeType = "string",
DeviceName = "string",
VolumeSizeInGB = 123,
EncryptionType = "string",
SnapshotArn = "string",
KmsKeyArn = "string"
)
)
),
EcsClusterDetails = list(
Name = "string",
Arn = "string",
Status = "string",
ActiveServicesCount = 123,
RegisteredContainerInstancesCount = 123,
RunningTasksCount = 123,
Tags = list(
list(
Key = "string",
Value = "string"
)
),
TaskDetails = list(
Arn = "string",
DefinitionArn = "string",
Version = "string",
TaskCreatedAt = as.POSIXct(
"2015-01-01"
),
StartedAt = as.POSIXct(
"2015-01-01"
),
StartedBy = "string",
Tags = list(
list(
Key = "string",
Value = "string"
)
),
Volumes = list(
list(
Name = "string",
HostPath = list(
Path = "string"
)
)
),
Containers = list(
list(
ContainerRuntime = "string",
Id = "string",
Name = "string",
Image = "string",
ImagePrefix = "string",
VolumeMounts = list(
list(
Name = "string",
MountPath = "string"
)
),
SecurityContext = list(
Privileged = TRUE|FALSE,
AllowPrivilegeEscalation = TRUE|FALSE
)
)
),
Group = "string"
)
),
ContainerDetails = list(
ContainerRuntime = "string",
Id = "string",
Name = "string",
Image = "string",
ImagePrefix = "string",
VolumeMounts = list(
list(
Name = "string",
MountPath = "string"
)
),
SecurityContext = list(
Privileged = TRUE|FALSE,
AllowPrivilegeEscalation = TRUE|FALSE
)
),
RdsDbInstanceDetails = list(
DbInstanceIdentifier = "string",
Engine = "string",
EngineVersion = "string",
DbClusterIdentifier = "string",
DbInstanceArn = "string",
Tags = list(
list(
Key = "string",
Value = "string"
)
)
),
RdsDbUserDetails = list(
User = "string",
Application = "string",
Database = "string",
Ssl = "string",
AuthMethod = "string"
),
LambdaDetails = list(
FunctionArn = "string",
FunctionName = "string",
Description = "string",
LastModifiedAt = as.POSIXct(
"2015-01-01"
),
RevisionId = "string",
FunctionVersion = "string",
Role = "string",
VpcConfig = list(
SubnetIds = list(
"string"
),
VpcId = "string",
SecurityGroups = list(
list(
GroupId = "string",
GroupName = "string"
)
)
),
Tags = list(
list(
Key = "string",
Value = "string"
)
)
)
),
SchemaVersion = "string",
Service = list(
Action = list(
ActionType = "string",
AwsApiCallAction = list(
Api = "string",
CallerType = "string",
DomainDetails = list(
Domain = "string"
),
ErrorCode = "string",
UserAgent = "string",
RemoteIpDetails = list(
City = list(
CityName = "string"
),
Country = list(
CountryCode = "string",
CountryName = "string"
),
GeoLocation = list(
Lat = 123.0,
Lon = 123.0
),
IpAddressV4 = "string",
IpAddressV6 = "string",
Organization = list(
Asn = "string",
AsnOrg = "string",
Isp = "string",
Org = "string"
)
),
ServiceName = "string",
RemoteAccountDetails = list(
AccountId = "string",
Affiliated = TRUE|FALSE
),
AffectedResources = list(
"string"
)
),
DnsRequestAction = list(
Domain = "string",
Protocol = "string",
Blocked = TRUE|FALSE,
DomainWithSuffix = "string"
),
NetworkConnectionAction = list(
Blocked = TRUE|FALSE,
ConnectionDirection = "string",
LocalPortDetails = list(
Port = 123,
PortName = "string"
),
Protocol = "string",
LocalIpDetails = list(
IpAddressV4 = "string",
IpAddressV6 = "string"
),
RemoteIpDetails = list(
City = list(
CityName = "string"
),
Country = list(
CountryCode = "string",
CountryName = "string"
),
GeoLocation = list(
Lat = 123.0,
Lon = 123.0
),
IpAddressV4 = "string",
IpAddressV6 = "string",
Organization = list(
Asn = "string",
AsnOrg = "string",
Isp = "string",
Org = "string"
)
),
RemotePortDetails = list(
Port = 123,
PortName = "string"
)
),
PortProbeAction = list(
Blocked = TRUE|FALSE,
PortProbeDetails = list(
list(
LocalPortDetails = list(
Port = 123,
PortName = "string"
),
LocalIpDetails = list(
IpAddressV4 = "string",
IpAddressV6 = "string"
),
RemoteIpDetails = list(
City = list(
CityName = "string"
),
Country = list(
CountryCode = "string",
CountryName = "string"
),
GeoLocation = list(
Lat = 123.0,
Lon = 123.0
),
IpAddressV4 = "string",
IpAddressV6 = "string",
Organization = list(
Asn = "string",
AsnOrg = "string",
Isp = "string",
Org = "string"
)
)
)
)
),
KubernetesApiCallAction = list(
RequestUri = "string",
Verb = "string",
SourceIps = list(
"string"
),
UserAgent = "string",
RemoteIpDetails = list(
City = list(
CityName = "string"
),
Country = list(
CountryCode = "string",
CountryName = "string"
),
GeoLocation = list(
Lat = 123.0,
Lon = 123.0
),
IpAddressV4 = "string",
IpAddressV6 = "string",
Organization = list(
Asn = "string",
AsnOrg = "string",
Isp = "string",
Org = "string"
)
),
StatusCode = 123,
Parameters = "string",
Resource = "string",
Subresource = "string",
Namespace = "string",
ResourceName = "string"
),
RdsLoginAttemptAction = list(
RemoteIpDetails = list(
City = list(
CityName = "string"
),
Country = list(
CountryCode = "string",
CountryName = "string"
),
GeoLocation = list(
Lat = 123.0,
Lon = 123.0
),
IpAddressV4 = "string",
IpAddressV6 = "string",
Organization = list(
Asn = "string",
AsnOrg = "string",
Isp = "string",
Org = "string"
)
),
LoginAttributes = list(
list(
User = "string",
Application = "string",
FailedLoginAttempts = 123,
SuccessfulLoginAttempts = 123
)
)
),
KubernetesPermissionCheckedDetails = list(
Verb = "string",
Resource = "string",
Namespace = "string",
Allowed = TRUE|FALSE
),
KubernetesRoleBindingDetails = list(
Kind = "string",
Name = "string",
Uid = "string",
RoleRefName = "string",
RoleRefKind = "string"
),
KubernetesRoleDetails = list(
Kind = "string",
Name = "string",
Uid = "string"
)
),
Evidence = list(
ThreatIntelligenceDetails = list(
list(
ThreatListName = "string",
ThreatNames = list(
"string"
),
ThreatFileSha256 = "string"
)
)
),
Archived = TRUE|FALSE,
Count = 123,
DetectorId = "string",
EventFirstSeen = "string",
EventLastSeen = "string",
ResourceRole = "string",
ServiceName = "string",
UserFeedback = "string",
AdditionalInfo = list(
Value = "string",
Type = "string"
),
FeatureName = "string",
EbsVolumeScanDetails = list(
ScanId = "string",
ScanStartedAt = as.POSIXct(
"2015-01-01"
),
ScanCompletedAt = as.POSIXct(
"2015-01-01"
),
TriggerFindingId = "string",
Sources = list(
"string"
),
ScanDetections = list(
ScannedItemCount = list(
TotalGb = 123,
Files = 123,
Volumes = 123
),
ThreatsDetectedItemCount = list(
Files = 123
),
HighestSeverityThreatDetails = list(
Severity = "string",
ThreatName = "string",
Count = 123
),
ThreatDetectedByName = list(
ItemCount = 123,
UniqueThreatNameCount = 123,
Shortened = TRUE|FALSE,
ThreatNames = list(
list(
Name = "string",
Severity = "string",
ItemCount = 123,
FilePaths = list(
list(
FilePath = "string",
VolumeArn = "string",
Hash = "string",
FileName = "string"
)
)
)
)
)
),
ScanType = "GUARDDUTY_INITIATED"|"ON_DEMAND"
),
RuntimeDetails = list(
Process = list(
Name = "string",
ExecutablePath = "string",
ExecutableSha256 = "string",
NamespacePid = 123,
Pwd = "string",
Pid = 123,
StartTime = as.POSIXct(
"2015-01-01"
),
Uuid = "string",
ParentUuid = "string",
User = "string",
UserId = 123,
Euid = 123,
Lineage = list(
list(
StartTime = as.POSIXct(
"2015-01-01"
),
NamespacePid = 123,
UserId = 123,
Name = "string",
Pid = 123,
Uuid = "string",
ExecutablePath = "string",
Euid = 123,
ParentUuid = "string"
)
)
),
Context = list(
ModifyingProcess = list(
Name = "string",
ExecutablePath = "string",
ExecutableSha256 = "string",
NamespacePid = 123,
Pwd = "string",
Pid = 123,
StartTime = as.POSIXct(
"2015-01-01"
),
Uuid = "string",
ParentUuid = "string",
User = "string",
UserId = 123,
Euid = 123,
Lineage = list(
list(
StartTime = as.POSIXct(
"2015-01-01"
),
NamespacePid = 123,
UserId = 123,
Name = "string",
Pid = 123,
Uuid = "string",
ExecutablePath = "string",
Euid = 123,
ParentUuid = "string"
)
)
),
ModifiedAt = as.POSIXct(
"2015-01-01"
),
ScriptPath = "string",
LibraryPath = "string",
LdPreloadValue = "string",
SocketPath = "string",
RuncBinaryPath = "string",
ReleaseAgentPath = "string",
MountSource = "string",
MountTarget = "string",
FileSystemType = "string",
Flags = list(
"string"
),
ModuleName = "string",
ModuleFilePath = "string",
ModuleSha256 = "string",
ShellHistoryFilePath = "string",
TargetProcess = list(
Name = "string",
ExecutablePath = "string",
ExecutableSha256 = "string",
NamespacePid = 123,
Pwd = "string",
Pid = 123,
StartTime = as.POSIXct(
"2015-01-01"
),
Uuid = "string",
ParentUuid = "string",
User = "string",
UserId = 123,
Euid = 123,
Lineage = list(
list(
StartTime = as.POSIXct(
"2015-01-01"
),
NamespacePid = 123,
UserId = 123,
Name = "string",
Pid = 123,
Uuid = "string",
ExecutablePath = "string",
Euid = 123,
ParentUuid = "string"
)
)
),
AddressFamily = "string",
IanaProtocolNumber = 123,
MemoryRegions = list(
"string"
),
ToolName = "string",
ToolCategory = "string",
ServiceName = "string",
CommandLineExample = "string",
ThreatFilePath = "string"
)
),
Detection = list(
Anomaly = list(
Profiles = list(
list(
list(
list(
ProfileType = "FREQUENCY",
ProfileSubtype = "FREQUENT"|"INFREQUENT"|"UNSEEN"|"RARE",
Observations = list(
Text = list(
"string"
)
)
)
)
)
),
Unusual = list(
Behavior = list(
list(
list(
ProfileType = "FREQUENCY",
ProfileSubtype = "FREQUENT"|"INFREQUENT"|"UNSEEN"|"RARE",
Observations = list(
Text = list(
"string"
)
)
)
)
)
)
)
),
MalwareScanDetails = list(
Threats = list(
list(
Name = "string",
Source = "string",
ItemPaths = list(
list(
NestedItemPath = "string",
Hash = "string"
)
)
)
)
)
),
Severity = 123.0,
Title = "string",
Type = "string",
UpdatedAt = "string"
)
)
)