GetFindings autoit Example
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
$oRest = ObjCreate("Chilkat_9_5_0.Rest")
Local $bSuccess
$oAuthAws = ObjCreate("Chilkat_9_5_0.AuthAws")
$oAuthAws.AccessKey = "AWS_ACCESS_KEY"
$oAuthAws.SecretKey = "AWS_SECRET_KEY"
; Don't forget to change the region to your particular region. (Also make the same change in the call to Connect below.)
$oAuthAws.Region = "us-west-2"
$oAuthAws.ServiceName = "guardduty"
; SetAuthAws causes Chilkat to automatically add the following headers: Authorization, X-Amz-Date
$oRest.SetAuthAws($oAuthAws)
; URL: https://guardduty.us-west-2.amazonaws.com/
; Use the same region as specified above.
$bSuccess = $oRest.Connect("guardduty.us-west-2.amazonaws.com",443,True,True)
If ($bSuccess <> True) Then
ConsoleWrite("ConnectFailReason: " & $oRest.ConnectFailReason & @CRLF)
ConsoleWrite($oRest.LastErrorText & @CRLF)
Exit
EndIf
; The following code creates the JSON request body.
; The JSON created by this code is shown below.
; Use this online tool to generate code from sample JSON:
; Generate Code to Create JSON
$oJson = ObjCreate("Chilkat_9_5_0.JsonObject")
$oJson.UpdateString("findingIds[0]","string")
$oJson.UpdateString("sortCriteria.attributeName","string")
$oJson.UpdateString("sortCriteria.orderBy","string")
; The JSON request body created by the above code:
; {
; "findingIds": [
; "string"
; ],
; "sortCriteria": {
; "attributeName": "string",
; "orderBy": "string"
; }
; }
$oRest.AddHeader("Content-Type","application/x-amz-json-1.1")
$oRest.AddHeader("X-Amz-Target","GetFindings")
$oSbRequestBody = ObjCreate("Chilkat_9_5_0.StringBuilder")
$oJson.EmitSb($oSbRequestBody)
$oSbResponseBody = ObjCreate("Chilkat_9_5_0.StringBuilder")
$bSuccess = $oRest.FullRequestSb("POST","/detector/{detectorId}/findings/get",$oSbRequestBody,$oSbResponseBody)
If ($bSuccess <> True) Then
ConsoleWrite($oRest.LastErrorText & @CRLF)
Exit
EndIf
Local $iRespStatusCode = $oRest.ResponseStatusCode
ConsoleWrite("response status code = " & $iRespStatusCode & @CRLF)
If ($iRespStatusCode <> 200) Then
ConsoleWrite("Response Header:" & @CRLF)
ConsoleWrite($oRest.ResponseHeader & @CRLF)
ConsoleWrite("Response Body:" & @CRLF)
ConsoleWrite($oSbResponseBody.GetAsString() & @CRLF)
Exit
EndIf
$oJResp = ObjCreate("Chilkat_9_5_0.JsonObject")
$oJResp.LoadSb($oSbResponseBody)
; The following code parses the JSON response.
; A sample JSON response is shown below the sample code.
; Use this online tool to generate parsing code from sample JSON:
; Generate Parsing Code from JSON
Local $sAccountId
Local $sArn
Local $iConfidence
Local $sCreatedAt
Local $sDescription
Local $sId
Local $sPartition
Local $sRegion
Local $sAccessKeyId
Local $sPrincipalId
Local $sUserName
Local $sUserType
Local $sArn
Local $iCreatedAt
Local $sName
Local $sStatus
Local $sVpcId
Local $sAvailabilityZone
Local $sIamInstanceProfileArn
Local $sId
Local $sImageDescription
Local $sImageId
Local $sInstanceId
Local $sInstanceState
Local $sInstanceType
Local $sLaunchTime
Local $sOutpostArn
Local $sPlatform
Local $sUid
Local $sUsername
Local $iHostNetwork
Local $sKubernetesWorkloadDetailsName
Local $sNamespace
Local $sV_Type
Local $sKubernetesWorkloadDetailsUid
Local $sResourceType
Local $schemaVersion
Local $sActionType
Local $sApi
Local $sCallerType
Local $sDomain
Local $sErrorCode
Local $sAccountId
Local $iAffiliated
Local $sCityName
Local $sCountryCode
Local $sCountryName
Local $iLat
Local $iLon
Local $sIpAddressV4
Local $sV_Asn
Local $sAsnOrg
Local $sIsp
Local $sOrg
Local $sServiceName
Local $sUserAgent
Local $sDnsRequestActionDomain
Local $sParameters
Local $sCityCityName
Local $sCountryCountryCode
Local $sCountryCountryName
Local $iGeoLocationLat
Local $iGeoLocationLon
Local $sRemoteIpDetailsIpAddressV4
Local $sOrganizationAsn
Local $sOrganizationAsnOrg
Local $sOrganizationIsp
Local $sOrganizationOrg
Local $sRequestUri
Local $iStatusCode
Local $sKubernetesApiCallActionUserAgent
Local $sVerb
Local $iBlocked
Local $sConnectionDirection
Local $sLocalIpDetailsIpAddressV4
Local $iPort
Local $sPortName
Local $sProtocol
Local $iRemotePortDetailsPort
Local $sRemotePortDetailsPortName
Local $iPortProbeActionBlocked
Local $iArchived
Local $iCount
Local $sDetectorId
Local $sEventFirstSeen
Local $sEventLastSeen
Local $sResourceRole
Local $serviceServiceName
Local $sUserFeedback
Local $iSeverity
Local $sTitle
Local $sV_type
Local $sUpdatedAt
Local $iJ
Local $iCount_j
Local $sKey
Local $sValue
Local $sNetworkInterfaceId
Local $sPrivateDnsName
Local $sPrivateIpAddress
Local $sPublicDnsName
Local $sPublicIp
Local $subnetId
Local $sVpcId
Local $iK
Local $iCount_k
Local $strVal
Local $sGroupId
Local $sGroupName
Local $sCode
Local $sProductType
Local $sContainerRuntime
Local $sImage
Local $sImagePrefix
Local $sName
Local $iPrivileged
Local $sMountPath
Local $sPath
Local $iCreatedAt_int
Local $sEncryptionType
Local $sKmsMasterKeyArn
Local $sOwnerId
Local $sEffectivePermission
Local $iBlockPublicAcls
Local $iBlockPublicPolicy
Local $iIgnorePublicAcls
Local $iRestrictPublicBuckets
Local $iAllowsPublicReadAccess
Local $iAllowsPublicWriteAccess
Local $iBlockPublicAccessBlockPublicAcls
Local $iBlockPublicAccessBlockPublicPolicy
Local $iBlockPublicAccessIgnorePublicAcls
Local $iBlockPublicAccessRestrictPublicBuckets
Local $iBucketPolicyAllowsPublicReadAccess
Local $iBucketPolicyAllowsPublicWriteAccess
Local $sLocalIpDetailsIpAddressV4
Local $iLocalPortDetailsPort
Local $sLocalPortDetailsPortName
Local $sRemoteIpDetailsIpAddressV4
Local $sThreatListName
Local $i = 0
Local $iCount_i = $oJResp.SizeOfArray("findings")
While $i < $iCount_i
$oJResp.I = $i
$sAccountId = $oJResp.StringOf("findings[i].accountId")
$sArn = $oJResp.StringOf("findings[i].arn")
$iConfidence = $oJResp.IntOf("findings[i].confidence")
$sCreatedAt = $oJResp.StringOf("findings[i].createdAt")
$sDescription = $oJResp.StringOf("findings[i].description")
$sId = $oJResp.StringOf("findings[i].id")
$sPartition = $oJResp.StringOf("findings[i].partition")
$sRegion = $oJResp.StringOf("findings[i].region")
$sAccessKeyId = $oJResp.StringOf("findings[i].resource.accessKeyDetails.accessKeyId")
$sPrincipalId = $oJResp.StringOf("findings[i].resource.accessKeyDetails.principalId")
$sUserName = $oJResp.StringOf("findings[i].resource.accessKeyDetails.userName")
$sUserType = $oJResp.StringOf("findings[i].resource.accessKeyDetails.userType")
$sArn = $oJResp.StringOf("findings[i].resource.eksClusterDetails.arn")
$iCreatedAt = $oJResp.IntOf("findings[i].resource.eksClusterDetails.createdAt")
$sName = $oJResp.StringOf("findings[i].resource.eksClusterDetails.name")
$sStatus = $oJResp.StringOf("findings[i].resource.eksClusterDetails.status")
$sVpcId = $oJResp.StringOf("findings[i].resource.eksClusterDetails.vpcId")
$sAvailabilityZone = $oJResp.StringOf("findings[i].resource.instanceDetails.availabilityZone")
$sIamInstanceProfileArn = $oJResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.arn")
$sId = $oJResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.id")
$sImageDescription = $oJResp.StringOf("findings[i].resource.instanceDetails.imageDescription")
$sImageId = $oJResp.StringOf("findings[i].resource.instanceDetails.imageId")
$sInstanceId = $oJResp.StringOf("findings[i].resource.instanceDetails.instanceId")
$sInstanceState = $oJResp.StringOf("findings[i].resource.instanceDetails.instanceState")
$sInstanceType = $oJResp.StringOf("findings[i].resource.instanceDetails.instanceType")
$sLaunchTime = $oJResp.StringOf("findings[i].resource.instanceDetails.launchTime")
$sOutpostArn = $oJResp.StringOf("findings[i].resource.instanceDetails.outpostArn")
$sPlatform = $oJResp.StringOf("findings[i].resource.instanceDetails.platform")
$sUid = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.uid")
$sUsername = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.username")
$iHostNetwork = $oJResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.hostNetwork")
$sKubernetesWorkloadDetailsName = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.name")
$sNamespace = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.namespace")
$sV_Type = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.type")
$sKubernetesWorkloadDetailsUid = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.uid")
$sResourceType = $oJResp.StringOf("findings[i].resource.resourceType")
$schemaVersion = $oJResp.StringOf("findings[i].schemaVersion")
$sActionType = $oJResp.StringOf("findings[i].service.action.actionType")
$sApi = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.api")
$sCallerType = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.callerType")
$sDomain = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.domainDetails.domain")
$sErrorCode = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.errorCode")
$sAccountId = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.accountId")
$iAffiliated = $oJResp.IntOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.affiliated")
$sCityName = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.city.cityName")
$sCountryCode = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryCode")
$sCountryName = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryName")
$iLat = $oJResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lat")
$iLon = $oJResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lon")
$sIpAddressV4 = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.ipAddressV4")
$sV_Asn = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asn")
$sAsnOrg = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg")
$sIsp = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.isp")
$sOrg = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.org")
$sServiceName = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.serviceName")
$sUserAgent = $oJResp.StringOf("findings[i].service.action.awsApiCallAction.userAgent")
$sDnsRequestActionDomain = $oJResp.StringOf("findings[i].service.action.dnsRequestAction.domain")
$sParameters = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.parameters")
$sCityCityName = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.city.cityName")
$sCountryCountryCode = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryCode")
$sCountryCountryName = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryName")
$iGeoLocationLat = $oJResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lat")
$iGeoLocationLon = $oJResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lon")
$sRemoteIpDetailsIpAddressV4 = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4")
$sOrganizationAsn = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn")
$sOrganizationAsnOrg = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asnOrg")
$sOrganizationIsp = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.isp")
$sOrganizationOrg = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.org")
$sRequestUri = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.requestUri")
$iStatusCode = $oJResp.IntOf("findings[i].service.action.kubernetesApiCallAction.statusCode")
$sKubernetesApiCallActionUserAgent = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.userAgent")
$sVerb = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.verb")
$iBlocked = $oJResp.IntOf("findings[i].service.action.networkConnectionAction.blocked")
$sConnectionDirection = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.connectionDirection")
$sLocalIpDetailsIpAddressV4 = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.localIpDetails.ipAddressV4")
$iPort = $oJResp.IntOf("findings[i].service.action.networkConnectionAction.localPortDetails.port")
$sPortName = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.localPortDetails.portName")
$sProtocol = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.protocol")
$sCityCityName = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.city.cityName")
$sCountryCountryCode = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryCode")
$sCountryCountryName = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryName")
$iGeoLocationLat = $oJResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lat")
$iGeoLocationLon = $oJResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lon")
$sRemoteIpDetailsIpAddressV4 = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.ipAddressV4")
$sOrganizationAsn = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asn")
$sOrganizationAsnOrg = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg")
$sOrganizationIsp = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.isp")
$sOrganizationOrg = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.org")
$iRemotePortDetailsPort = $oJResp.IntOf("findings[i].service.action.networkConnectionAction.remotePortDetails.port")
$sRemotePortDetailsPortName = $oJResp.StringOf("findings[i].service.action.networkConnectionAction.remotePortDetails.portName")
$iPortProbeActionBlocked = $oJResp.IntOf("findings[i].service.action.portProbeAction.blocked")
$iArchived = $oJResp.IntOf("findings[i].service.archived")
$iCount = $oJResp.IntOf("findings[i].service.count")
$sDetectorId = $oJResp.StringOf("findings[i].service.detectorId")
$sEventFirstSeen = $oJResp.StringOf("findings[i].service.eventFirstSeen")
$sEventLastSeen = $oJResp.StringOf("findings[i].service.eventLastSeen")
$sResourceRole = $oJResp.StringOf("findings[i].service.resourceRole")
$serviceServiceName = $oJResp.StringOf("findings[i].service.serviceName")
$sUserFeedback = $oJResp.StringOf("findings[i].service.userFeedback")
$iSeverity = $oJResp.IntOf("findings[i].severity")
$sTitle = $oJResp.StringOf("findings[i].title")
$sV_type = $oJResp.StringOf("findings[i].type")
$sUpdatedAt = $oJResp.StringOf("findings[i].updatedAt")
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].resource.eksClusterDetails.tags")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sKey = $oJResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].key")
$sValue = $oJResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].value")
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sNetworkInterfaceId = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].networkInterfaceId")
$sPrivateDnsName = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateDnsName")
$sPrivateIpAddress = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddress")
$sPublicDnsName = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicDnsName")
$sPublicIp = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicIp")
$subnetId = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].subnetId")
$sVpcId = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].vpcId")
$iK = 0
$iCount_k = $oJResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses")
While $iK < $iCount_k
$oJResp.K = $iK
$strVal = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses[k]")
$iK = $iK + 1
Wend
$iK = 0
$iCount_k = $oJResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses")
While $iK < $iCount_k
$oJResp.K = $iK
$sPrivateDnsName = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateDnsName")
$sPrivateIpAddress = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateIpAddress")
$iK = $iK + 1
Wend
$iK = 0
$iCount_k = $oJResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups")
While $iK < $iCount_k
$oJResp.K = $iK
$sGroupId = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupId")
$sGroupName = $oJResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupName")
$iK = $iK + 1
Wend
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].resource.instanceDetails.productCodes")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sCode = $oJResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].code")
$sProductType = $oJResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].productType")
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].resource.instanceDetails.tags")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sKey = $oJResp.StringOf("findings[i].resource.instanceDetails.tags[j].key")
$sValue = $oJResp.StringOf("findings[i].resource.instanceDetails.tags[j].value")
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups")
While $iJ < $iCount_j
$oJResp.J = $iJ
$strVal = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups[j]")
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sContainerRuntime = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].containerRuntime")
$sId = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].id")
$sImage = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].image")
$sImagePrefix = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].imagePrefix")
$sName = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].name")
$iPrivileged = $oJResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].securityContext.privileged")
$iK = 0
$iCount_k = $oJResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts")
While $iK < $iCount_k
$oJResp.K = $iK
$sMountPath = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].mountPath")
$sName = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].name")
$iK = $iK + 1
Wend
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sPath = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].hostPath.path")
$sName = $oJResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].name")
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].resource.s3BucketDetails")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sArn = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].arn")
$iCreatedAt_int = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].createdAt")
$sEncryptionType = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.encryptionType")
$sKmsMasterKeyArn = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.kmsMasterKeyArn")
$sName = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].name")
$sOwnerId = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].owner.id")
$sEffectivePermission = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].publicAccess.effectivePermission")
$iBlockPublicAcls = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls")
$iBlockPublicPolicy = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy")
$iIgnorePublicAcls = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls")
$iRestrictPublicBuckets = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets")
$iAllowsPublicReadAccess = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess")
$iAllowsPublicWriteAccess = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess")
$iBlockPublicAccessBlockPublicAcls = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls")
$iBlockPublicAccessBlockPublicPolicy = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy")
$iBlockPublicAccessIgnorePublicAcls = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls")
$iBlockPublicAccessRestrictPublicBuckets = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets")
$iBucketPolicyAllowsPublicReadAccess = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess")
$iBucketPolicyAllowsPublicWriteAccess = $oJResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess")
$sV_type = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].type")
$iK = 0
$iCount_k = $oJResp.SizeOfArray("findings[i].resource.s3BucketDetails[j].tags")
While $iK < $iCount_k
$oJResp.K = $iK
$sKey = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].key")
$sValue = $oJResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].value")
$iK = $iK + 1
Wend
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].service.action.kubernetesApiCallAction.sourceIps")
While $iJ < $iCount_j
$oJResp.J = $iJ
$strVal = $oJResp.StringOf("findings[i].service.action.kubernetesApiCallAction.sourceIps[j]")
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].service.action.portProbeAction.portProbeDetails")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sLocalIpDetailsIpAddressV4 = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localIpDetails.ipAddressV4")
$iLocalPortDetailsPort = $oJResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.port")
$sLocalPortDetailsPortName = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.portName")
$sCityCityName = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.city.cityName")
$sCountryCountryCode = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryCode")
$sCountryCountryName = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryName")
$iGeoLocationLat = $oJResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lat")
$iGeoLocationLon = $oJResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lon")
$sRemoteIpDetailsIpAddressV4 = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.ipAddressV4")
$sOrganizationAsn = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asn")
$sOrganizationAsnOrg = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asnOrg")
$sOrganizationIsp = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.isp")
$sOrganizationOrg = $oJResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.org")
$iJ = $iJ + 1
Wend
$iJ = 0
$iCount_j = $oJResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails")
While $iJ < $iCount_j
$oJResp.J = $iJ
$sThreatListName = $oJResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatListName")
$iK = 0
$iCount_k = $oJResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames")
While $iK < $iCount_k
$oJResp.K = $iK
$strVal = $oJResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames[k]")
$iK = $iK + 1
Wend
$iJ = $iJ + 1
Wend
$i = $i + 1
Wend
; A sample JSON response body parsed by the above code:
; {
; "findings": [
; {
; "accountId": "string",
; "arn": "string",
; "confidence": number,
; "createdAt": "string",
; "description": "string",
; "id": "string",
; "partition": "string",
; "region": "string",
; "resource": {
; "accessKeyDetails": {
; "accessKeyId": "string",
; "principalId": "string",
; "userName": "string",
; "userType": "string"
; },
; "eksClusterDetails": {
; "arn": "string",
; "createdAt": number,
; "name": "string",
; "status": "string",
; "tags": [
; {
; "key": "string",
; "value": "string"
; }
; ],
; "vpcId": "string"
; },
; "instanceDetails": {
; "availabilityZone": "string",
; "iamInstanceProfile": {
; "arn": "string",
; "id": "string"
; },
; "imageDescription": "string",
; "imageId": "string",
; "instanceId": "string",
; "instanceState": "string",
; "instanceType": "string",
; "launchTime": "string",
; "networkInterfaces": [
; {
; "ipv6Addresses": [
; "string"
; ],
; "networkInterfaceId": "string",
; "privateDnsName": "string",
; "privateIpAddress": "string",
; "privateIpAddresses": [
; {
; "privateDnsName": "string",
; "privateIpAddress": "string"
; }
; ],
; "publicDnsName": "string",
; "publicIp": "string",
; "securityGroups": [
; {
; "groupId": "string",
; "groupName": "string"
; }
; ],
; "subnetId": "string",
; "vpcId": "string"
; }
; ],
; "outpostArn": "string",
; "platform": "string",
; "productCodes": [
; {
; "code": "string",
; "productType": "string"
; }
; ],
; "tags": [
; {
; "key": "string",
; "value": "string"
; }
; ]
; },
; "kubernetesDetails": {
; "kubernetesUserDetails": {
; "groups": [
; "string"
; ],
; "uid": "string",
; "username": "string"
; },
; "kubernetesWorkloadDetails": {
; "containers": [
; {
; "containerRuntime": "string",
; "id": "string",
; "image": "string",
; "imagePrefix": "string",
; "name": "string",
; "securityContext": {
; "privileged": boolean
; },
; "volumeMounts": [
; {
; "mountPath": "string",
; "name": "string"
; }
; ]
; }
; ],
; "hostNetwork": boolean,
; "name": "string",
; "namespace": "string",
; "type": "string",
; "uid": "string",
; "volumes": [
; {
; "hostPath": {
; "path": "string"
; },
; "name": "string"
; }
; ]
; }
; },
; "resourceType": "string",
; "s3BucketDetails": [
; {
; "arn": "string",
; "createdAt": number,
; "defaultServerSideEncryption": {
; "encryptionType": "string",
; "kmsMasterKeyArn": "string"
; },
; "name": "string",
; "owner": {
; "id": "string"
; },
; "publicAccess": {
; "effectivePermission": "string",
; "permissionConfiguration": {
; "accountLevelPermissions": {
; "blockPublicAccess": {
; "blockPublicAcls": boolean,
; "blockPublicPolicy": boolean,
; "ignorePublicAcls": boolean,
; "restrictPublicBuckets": boolean
; }
; },
; "bucketLevelPermissions": {
; "accessControlList": {
; "allowsPublicReadAccess": boolean,
; "allowsPublicWriteAccess": boolean
; },
; "blockPublicAccess": {
; "blockPublicAcls": boolean,
; "blockPublicPolicy": boolean,
; "ignorePublicAcls": boolean,
; "restrictPublicBuckets": boolean
; },
; "bucketPolicy": {
; "allowsPublicReadAccess": boolean,
; "allowsPublicWriteAccess": boolean
; }
; }
; }
; },
; "tags": [
; {
; "key": "string",
; "value": "string"
; }
; ],
; "type": "string"
; }
; ]
; },
; "schemaVersion": "string",
; "service": {
; "action": {
; "actionType": "string",
; "awsApiCallAction": {
; "api": "string",
; "callerType": "string",
; "domainDetails": {
; "domain": "string"
; },
; "errorCode": "string",
; "remoteAccountDetails": {
; "accountId": "string",
; "affiliated": boolean
; },
; "remoteIpDetails": {
; "city": {
; "cityName": "string"
; },
; "country": {
; "countryCode": "string",
; "countryName": "string"
; },
; "geoLocation": {
; "lat": number,
; "lon": number
; },
; "ipAddressV4": "string",
; "organization": {
; "asn": "string",
; "asnOrg": "string",
; "isp": "string",
; "org": "string"
; }
; },
; "serviceName": "string",
; "userAgent": "string"
; },
; "dnsRequestAction": {
; "domain": "string"
; },
; "kubernetesApiCallAction": {
; "parameters": "string",
; "remoteIpDetails": {
; "city": {
; "cityName": "string"
; },
; "country": {
; "countryCode": "string",
; "countryName": "string"
; },
; "geoLocation": {
; "lat": number,
; "lon": number
; },
; "ipAddressV4": "string",
; "organization": {
; "asn": "string",
; "asnOrg": "string",
; "isp": "string",
; "org": "string"
; }
; },
; "requestUri": "string",
; "sourceIps": [
; "string"
; ],
; "statusCode": number,
; "userAgent": "string",
; "verb": "string"
; },
; "networkConnectionAction": {
; "blocked": boolean,
; "connectionDirection": "string",
; "localIpDetails": {
; "ipAddressV4": "string"
; },
; "localPortDetails": {
; "port": number,
; "portName": "string"
; },
; "protocol": "string",
; "remoteIpDetails": {
; "city": {
; "cityName": "string"
; },
; "country": {
; "countryCode": "string",
; "countryName": "string"
; },
; "geoLocation": {
; "lat": number,
; "lon": number
; },
; "ipAddressV4": "string",
; "organization": {
; "asn": "string",
; "asnOrg": "string",
; "isp": "string",
; "org": "string"
; }
; },
; "remotePortDetails": {
; "port": number,
; "portName": "string"
; }
; },
; "portProbeAction": {
; "blocked": boolean,
; "portProbeDetails": [
; {
; "localIpDetails": {
; "ipAddressV4": "string"
; },
; "localPortDetails": {
; "port": number,
; "portName": "string"
; },
; "remoteIpDetails": {
; "city": {
; "cityName": "string"
; },
; "country": {
; "countryCode": "string",
; "countryName": "string"
; },
; "geoLocation": {
; "lat": number,
; "lon": number
; },
; "ipAddressV4": "string",
; "organization": {
; "asn": "string",
; "asnOrg": "string",
; "isp": "string",
; "org": "string"
; }
; }
; }
; ]
; }
; },
; "archived": boolean,
; "count": number,
; "detectorId": "string",
; "eventFirstSeen": "string",
; "eventLastSeen": "string",
; "evidence": {
; "threatIntelligenceDetails": [
; {
; "threatListName": "string",
; "threatNames": [
; "string"
; ]
; }
; ]
; },
; "resourceRole": "string",
; "serviceName": "string",
; "userFeedback": "string"
; },
; "severity": number,
; "title": "string",
; "type": "string",
; "updatedAt": "string"
; }
; ]
; }
