List Host Findings
POST/resource/external_finding
Returns a list of all host findings for the current resource.
Supported finding types:
| Finding Type | Key |
|---|---|
| AWS GuardDuty Host | guard_duty_host |
| AWS GuardDuty IAM | guard_duty_iam |
| AWS Inspector Security Best Practices | inspector_sbp |
| AWS Runtime Behavior Analysis | inspector_rba_count |
| CIS Compliance | compliance_cis |
| Host Vulnerability | host_vulnerability_cve |
Only the rrn parameter in the request body is used for this API. Ignore the timelineItemId field for this API.
An example request body with a specified finding type is:
\{
"findingType": [ "host_vulnerability_cve", "inspector_sbp" ],
"rrn": "rrn::instance:us-east-1:i-xxxxxxxxxx"
\}
An example request body for all finding types is:
\{
"rrn": "rrn::instance:us-east-1:i-xxxxxxxxxx"
\}
<Heading
id={"request"}
as={"h2"}
className={"openapi-tabs__heading"}
children={"Request"}
>
</Heading>
<ParamsDetails
parameters={undefined}
>
</ParamsDetails>
<RequestSchema
title={"Body"}
body={{"content":{"application/json; charset=UTF-8":{"schema":{"properties":{"excludeSeverityList":{"description":"External Findings Severitys to exclude","items":{"type":"string"},"type":"array"},"findingSource":{"description":"External Finding Sources","items":{"enum":["AWS_INSPECTOR","AWS_GUARD_DUTY","TENABLE","QUALYS","PRISMA_CLOUD","AZURE_SECURITY_CENTER"],"type":"string"},"readOnly":true,"type":"array"},"findingType":{"description":"External Finding Types","items":{"type":"string"},"type":"array"},"riskFactors":{"description":"External finding risk factors","items":{"enum":["CRITICAL_SEVERITY","HIGH_SEVERITY","MEDIUM_SEVERITY","HAS_FIX","REMOTE_EXECUTION","DOS","RECENT_VULNERABILITY","EXPLOIT_EXISTS","ATTACK_COMPLEXITY_LOW","ATTACK_VECTOR_NETWORK","REACHABLE_FROM_THE_INTERNET","LISTENING_PORTS","CONTAINER_IS_RUNNING_AS_ROOT","NO_MANDATORY_SECURITY_PROFILE_APPLIED","RUNNING_AS_PRIVILEGED_CONTAINER","PACKAGE_IN_USE"],"type":"string"},"type":"array"},"rrn":{"description":"Restricted Resource Name","type":"string"},"rrnList":{"description":"Restricted Resource Name","items":{"type":"string"},"type":"array"},"timelineItemId":{"description":"Timeline Item ID","type":"string"}},"type":"object","title":"ResourceExplorerRequest"}}}}}
>
</RequestSchema>
<StatusCodes
id={undefined}
label={undefined}
responses={{"200":{"content":{"application/json; charset=UTF-8":{"schema":{"items":{"properties":{"accountId":{"type":"string"},"apiId":{"format":"int32","type":"integer"},"count":{"type":"string"},"createdOn":{"format":"int64","type":"integer"},"customerId":{"format":"int32","type":"integer"},"cveId":{"type":"string"},"description":{"type":"string"},"externalFindingId":{"format":"int64","type":"integer"},"findingId":{"type":"string"},"normalizedName":{"type":"string"},"normalizedNames":{"items":{"type":"string"},"type":"array"},"nvdUrl":{"type":"string"},"rawData":{"type":"string"},"regionId":{"type":"string"},"resourceCloudId":{"type":"string"},"resourceId":{"format":"int64","type":"integer"},"resourceUrl":{"type":"string"},"riskFactors":{"items":{"enum":["CRITICAL_SEVERITY","HIGH_SEVERITY","MEDIUM_SEVERITY","HAS_FIX","REMOTE_EXECUTION","DOS","RECENT_VULNERABILITY","EXPLOIT_EXISTS","ATTACK_COMPLEXITY_LOW","ATTACK_VECTOR_NETWORK","REACHABLE_FROM_THE_INTERNET","LISTENING_PORTS","CONTAINER_IS_RUNNING_AS_ROOT","NO_MANDATORY_SECURITY_PROFILE_APPLIED","RUNNING_AS_PRIVILEGED_CONTAINER","PACKAGE_IN_USE"],"type":"string"},"type":"array","uniqueItems":true},"rlUpdatedOn":{"format":"int64","type":"integer"},"scanId":{"type":"string"},"score":{"type":"object"},"severity":{"enum":["INFORMATIONAL","LOW","MEDIUM","HIGH","CRITICAL"],"type":"string"},"source":{"enum":["AWS_INSPECTOR","AWS_GUARD_DUTY","TENABLE","QUALYS","PRISMA_CLOUD","AZURE_SECURITY_CENTER"],"type":"string"},"sourceData":{"additionalProperties":{"type":"object"},"type":"object"},"status":{"enum":["PENDING","NO_ERROR","ERROR","ENABLED","DISABLED","OPEN","DISMISSED","RESOLVED","DESCOPED","RISK_SCORING_ERROR","ACTIVE","CLOSED","SUPPRESSED"],"type":"string"},"title":{"type":"string"},"type":{"enum":["HOST_VULNERABILITY_CVE","COMPLIANCE_ISSUE_CIS","AWS_INSPECTOR_SECURITY_BEST_PRACTICES","AWS_INSPECTOR_RUNTIME_BEHAVIOR_ANALYSIS","AWS_GUARD_DUTY_HOST_FINDING","AWS_GUARD_DUTY_IAM_FINDING","SERVERLESS_VULNERABILITY","AZURE_SECURITY_CENTER_ALERTS","PACKAGE_VULNERABILITY","NETWORK_REACHABILITY","AWS_GUARD_DUTY_EKS_FINDING","AWS_GUARD_DUTY_ECS_FINDING","AWS_GUARD_DUTY_CONTAINER_FINDING"],"type":"string"},"updatedOn":{"format":"int64","type":"integer"}},"type":"object","title":"ExternalFindingView"},"type":"array"}}},"description":"successful operation"},"400":{"description":"bad_request / invalid_parameter_value"}}}
>
</StatusCodes>