Skip to main content

List Host Findings

POST 

/resource/external_finding

Returns a list of all host findings for the current resource.

Supported finding types:

Finding TypeKey
AWS GuardDuty Hostguard_duty_host
AWS GuardDuty IAMguard_duty_iam
AWS Inspector Security Best Practicesinspector_sbp
AWS Runtime Behavior Analysisinspector_rba_count
CIS Compliancecompliance_cis
Host Vulnerabilityhost_vulnerability_cve

Only the rrn parameter in the request body is used for this API. Ignore the timelineItemId field for this API.

An example request body with a specified finding type is:

{
"findingType": [ "host_vulnerability_cve", "inspector_sbp" ],
"rrn": "rrn::instance:us-east-1:i-xxxxxxxxxx"
}

An example request body for all finding types is:

{
"rrn": "rrn::instance:us-east-1:i-xxxxxxxxxx"
}


## Request

<MimeTabs className={"openapi-tabs__mime"}><TabItem label={"application/json; charset=UTF-8"} value={"application/json; charset=UTF-8-schema"}><details style={{}} className={"openapi-markdown__details mime"} data-collapsed={false} open={true}><summary style={{}} className={"openapi-markdown__details-summary-mime"}><h3 className={"openapi-markdown__details-summary-header-body"}>Body</h3></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"excludeSeverityList"} required={false} schemaName={"string[]"} qualifierMessage={undefined} schema={{"description":"External Findings Severitys to exclude","items":{"type":"string"},"type":"array"}}></SchemaItem><SchemaItem collapsible={false} name={"findingType"} required={false} schemaName={"string[]"} qualifierMessage={undefined} schema={{"description":"External Finding Types","items":{"type":"string"},"type":"array"}}></SchemaItem><SchemaItem collapsible={false} name={"riskFactors"} required={false} schemaName={"string[]"} qualifierMessage={"**Possible values:** [`CRITICAL_SEVERITY`, `HIGH_SEVERITY`, `MEDIUM_SEVERITY`, `HAS_FIX`, `REMOTE_EXECUTION`, `DOS`, `RECENT_VULNERABILITY`, `EXPLOIT_EXISTS`, `ATTACK_COMPLEXITY_LOW`, `ATTACK_VECTOR_NETWORK`, `REACHABLE_FROM_THE_INTERNET`, `LISTENING_PORTS`, `CONTAINER_IS_RUNNING_AS_ROOT`, `NO_MANDATORY_SECURITY_PROFILE_APPLIED`, `RUNNING_AS_PRIVILEGED_CONTAINER`, `PACKAGE_IN_USE`]"} schema={{"description":"External finding risk factors","items":{"enum":["CRITICAL_SEVERITY","HIGH_SEVERITY","MEDIUM_SEVERITY","HAS_FIX","REMOTE_EXECUTION","DOS","RECENT_VULNERABILITY","EXPLOIT_EXISTS","ATTACK_COMPLEXITY_LOW","ATTACK_VECTOR_NETWORK","REACHABLE_FROM_THE_INTERNET","LISTENING_PORTS","CONTAINER_IS_RUNNING_AS_ROOT","NO_MANDATORY_SECURITY_PROFILE_APPLIED","RUNNING_AS_PRIVILEGED_CONTAINER","PACKAGE_IN_USE"],"type":"string"},"type":"array"}}></SchemaItem><SchemaItem collapsible={false} name={"rrn"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"description":"Restricted Resource Name","type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"rrnList"} required={false} schemaName={"string[]"} qualifierMessage={undefined} schema={{"description":"Restricted Resource Name","items":{"type":"string"},"type":"array"}}></SchemaItem><SchemaItem collapsible={false} name={"timelineItemId"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"description":"Timeline Item ID","type":"string"}}></SchemaItem></ul></details></TabItem></MimeTabs><div><div><ApiTabs label={undefined} id={undefined}><TabItem label={"200"} value={"200"}><div>

successful operation

</div><div><MimeTabs className={"openapi-tabs__mime"} schemaType={"response"}><TabItem label={"application/json; charset=UTF-8"} value={"application/json; charset=UTF-8"}><SchemaTabs className={"openapi-tabs__schema"}><TabItem label={"Schema"} value={"Schema"}><details style={{}} className={"openapi-markdown__details response"} data-collapsed={false} open={true}><summary style={{}} className={"openapi-markdown__details-summary-response"}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><li><div style={{"fontSize":"var(--ifm-code-font-size)","opacity":"0.6","marginLeft":"-.5rem","paddingBottom":".5rem"}}>Array [</div></li><SchemaItem collapsible={false} name={"accountId"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"apiId"} required={false} schemaName={"int32"} qualifierMessage={undefined} schema={{"format":"int32","type":"integer"}}></SchemaItem><SchemaItem collapsible={false} name={"count"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"createdOn"} required={false} schemaName={"int64"} qualifierMessage={undefined} schema={{"format":"int64","type":"integer"}}></SchemaItem><SchemaItem collapsible={false} name={"customerId"} required={false} schemaName={"int32"} qualifierMessage={undefined} schema={{"format":"int32","type":"integer"}}></SchemaItem><SchemaItem collapsible={false} name={"cveId"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"description"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"externalFindingId"} required={false} schemaName={"int64"} qualifierMessage={undefined} schema={{"format":"int64","type":"integer"}}></SchemaItem><SchemaItem collapsible={false} name={"findingId"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"normalizedName"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"normalizedNames"} required={false} schemaName={"string[]"} qualifierMessage={undefined} schema={{"items":{"type":"string"},"type":"array"}}></SchemaItem><SchemaItem collapsible={false} name={"nvdUrl"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"rawData"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"regionId"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"resourceCloudId"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"resourceId"} required={false} schemaName={"int64"} qualifierMessage={undefined} schema={{"format":"int64","type":"integer"}}></SchemaItem><SchemaItem collapsible={false} name={"resourceUrl"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"riskFactors"} required={false} schemaName={"string[]"} qualifierMessage={"**Possible values:** [`CRITICAL_SEVERITY`, `HIGH_SEVERITY`, `MEDIUM_SEVERITY`, `HAS_FIX`, `REMOTE_EXECUTION`, `DOS`, `RECENT_VULNERABILITY`, `EXPLOIT_EXISTS`, `ATTACK_COMPLEXITY_LOW`, `ATTACK_VECTOR_NETWORK`, `REACHABLE_FROM_THE_INTERNET`, `LISTENING_PORTS`, `CONTAINER_IS_RUNNING_AS_ROOT`, `NO_MANDATORY_SECURITY_PROFILE_APPLIED`, `RUNNING_AS_PRIVILEGED_CONTAINER`, `PACKAGE_IN_USE`]"} schema={{"items":{"enum":["CRITICAL_SEVERITY","HIGH_SEVERITY","MEDIUM_SEVERITY","HAS_FIX","REMOTE_EXECUTION","DOS","RECENT_VULNERABILITY","EXPLOIT_EXISTS","ATTACK_COMPLEXITY_LOW","ATTACK_VECTOR_NETWORK","REACHABLE_FROM_THE_INTERNET","LISTENING_PORTS","CONTAINER_IS_RUNNING_AS_ROOT","NO_MANDATORY_SECURITY_PROFILE_APPLIED","RUNNING_AS_PRIVILEGED_CONTAINER","PACKAGE_IN_USE"],"type":"string"},"type":"array","uniqueItems":true}}></SchemaItem><SchemaItem collapsible={false} name={"rlUpdatedOn"} required={false} schemaName={"int64"} qualifierMessage={undefined} schema={{"format":"int64","type":"integer"}}></SchemaItem><SchemaItem collapsible={false} name={"scanId"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"score"} required={false} schemaName={"object"} qualifierMessage={undefined} schema={{"type":"object"}}></SchemaItem><SchemaItem collapsible={false} name={"severity"} required={false} schemaName={"string"} qualifierMessage={"**Possible values:** [`INFORMATIONAL`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`]"} schema={{"enum":["INFORMATIONAL","LOW","MEDIUM","HIGH","CRITICAL"],"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"source"} required={false} schemaName={"string"} qualifierMessage={"**Possible values:** [`AWS_INSPECTOR`, `AWS_GUARD_DUTY`, `TENABLE`, `QUALYS`, `PRISMA_CLOUD`, `AZURE_SECURITY_CENTER`]"} schema={{"enum":["AWS_INSPECTOR","AWS_GUARD_DUTY","TENABLE","QUALYS","PRISMA_CLOUD","AZURE_SECURITY_CENTER"],"type":"string"}}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}} className={"openapi-markdown__details"}><summary style={{}}><span className={"openapi-schema__container"}><strong className={"openapi-schema__property"}>sourceData</strong><span className={"openapi-schema__name"}> object</span></span></summary><div style={{"marginLeft":"1rem"}}><SchemaItem name={"property name*"} required={false} schemaName={"object"} qualifierMessage={undefined} schema={{"type":"object"}} collapsible={false} discriminator={false}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"status"} required={false} schemaName={"string"} qualifierMessage={"**Possible values:** [`PENDING`, `NO_ERROR`, `ERROR`, `ENABLED`, `DISABLED`, `OPEN`, `DISMISSED`, `RESOLVED`, `DESCOPED`, `RISK_SCORING_ERROR`, `ACTIVE`, `CLOSED`, `SUPPRESSED`]"} schema={{"enum":["PENDING","NO_ERROR","ERROR","ENABLED","DISABLED","OPEN","DISMISSED","RESOLVED","DESCOPED","RISK_SCORING_ERROR","ACTIVE","CLOSED","SUPPRESSED"],"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"title"} required={false} schemaName={"string"} qualifierMessage={undefined} schema={{"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"type"} required={false} schemaName={"string"} qualifierMessage={"**Possible values:** [`HOST_VULNERABILITY_CVE`, `COMPLIANCE_ISSUE_CIS`, `AWS_INSPECTOR_SECURITY_BEST_PRACTICES`, `AWS_INSPECTOR_RUNTIME_BEHAVIOR_ANALYSIS`, `AWS_GUARD_DUTY_HOST_FINDING`, `AWS_GUARD_DUTY_IAM_FINDING`, `SERVERLESS_VULNERABILITY`, `AZURE_SECURITY_CENTER_ALERTS`, `PACKAGE_VULNERABILITY`, `NETWORK_REACHABILITY`, `AWS_GUARD_DUTY_EKS_FINDING`, `AWS_GUARD_DUTY_ECS_FINDING`, `AWS_GUARD_DUTY_CONTAINER_FINDING`]"} schema={{"enum":["HOST_VULNERABILITY_CVE","COMPLIANCE_ISSUE_CIS","AWS_INSPECTOR_SECURITY_BEST_PRACTICES","AWS_INSPECTOR_RUNTIME_BEHAVIOR_ANALYSIS","AWS_GUARD_DUTY_HOST_FINDING","AWS_GUARD_DUTY_IAM_FINDING","SERVERLESS_VULNERABILITY","AZURE_SECURITY_CENTER_ALERTS","PACKAGE_VULNERABILITY","NETWORK_REACHABILITY","AWS_GUARD_DUTY_EKS_FINDING","AWS_GUARD_DUTY_ECS_FINDING","AWS_GUARD_DUTY_CONTAINER_FINDING"],"type":"string"}}></SchemaItem><SchemaItem collapsible={false} name={"updatedOn"} required={false} schemaName={"int64"} qualifierMessage={undefined} schema={{"format":"int64","type":"integer"}}></SchemaItem><li><div style={{"fontSize":"var(--ifm-code-font-size)","opacity":"0.6","marginLeft":"-.5rem"}}>]</div></li></ul></details></TabItem><TabItem label={"Example (from schema)"} value={"Example (from schema)"}><ResponseSamples responseExample={"[\n {\n \"accountId\": \"string\",\n \"apiId\": 0,\n \"count\": \"string\",\n \"createdOn\": 0,\n \"customerId\": 0,\n \"cveId\": \"string\",\n \"description\": \"string\",\n \"externalFindingId\": 0,\n \"findingId\": \"string\",\n \"normalizedName\": \"string\",\n \"normalizedNames\": [\n \"string\"\n ],\n \"nvdUrl\": \"string\",\n \"rawData\": \"string\",\n \"regionId\": \"string\",\n \"resourceCloudId\": \"string\",\n \"resourceId\": 0,\n \"resourceUrl\": \"string\",\n \"riskFactors\": [\n \"CRITICAL_SEVERITY\"\n ],\n \"rlUpdatedOn\": 0,\n \"scanId\": \"string\",\n \"score\": {},\n \"severity\": \"INFORMATIONAL\",\n \"source\": \"AWS_INSPECTOR\",\n \"sourceData\": {},\n \"status\": \"PENDING\",\n \"title\": \"string\",\n \"type\": \"HOST_VULNERABILITY_CVE\",\n \"updatedOn\": 0\n }\n]"} language={"json"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"400"} value={"400"}><div>

bad_request / invalid_parameter_value

</div><div></div></TabItem></ApiTabs></div></div>
Loading...