GetFindings Python Example
import sys
import chilkat2
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
rest = chilkat2.Rest()
authAws = chilkat2.AuthAws()
authAws.AccessKey = "AWS_ACCESS_KEY"
authAws.SecretKey = "AWS_SECRET_KEY"
# Don't forget to change the region to your particular region. (Also make the same change in the call to Connect below.)
authAws.Region = "us-west-2"
authAws.ServiceName = "guardduty"
# SetAuthAws causes Chilkat to automatically add the following headers: Authorization, X-Amz-Date
rest.SetAuthAws(authAws)
# URL: https://guardduty.us-west-2.amazonaws.com/
# Use the same region as specified above.
success = rest.Connect("guardduty.us-west-2.amazonaws.com",443,True,True)
if (success != True):
print("ConnectFailReason: " + str(rest.ConnectFailReason))
print(rest.LastErrorText)
sys.exit()
# The following code creates the JSON request body.
# The JSON created by this code is shown below.
# Use this online tool to generate code from sample JSON:
# Generate Code to Create JSON
json = chilkat2.JsonObject()
json.UpdateString("findingIds[0]","string")
json.UpdateString("sortCriteria.attributeName","string")
json.UpdateString("sortCriteria.orderBy","string")
# The JSON request body created by the above code:
# {
# "findingIds": [
# "string"
# ],
# "sortCriteria": {
# "attributeName": "string",
# "orderBy": "string"
# }
# }
rest.AddHeader("Content-Type","application/x-amz-json-1.1")
rest.AddHeader("X-Amz-Target","GetFindings")
sbRequestBody = chilkat2.StringBuilder()
json.EmitSb(sbRequestBody)
sbResponseBody = chilkat2.StringBuilder()
success = rest.FullRequestSb("POST","/detector/{detectorId}/findings/get",sbRequestBody,sbResponseBody)
if (success != True):
print(rest.LastErrorText)
sys.exit()
respStatusCode = rest.ResponseStatusCode
print("response status code = " + str(respStatusCode))
if (respStatusCode != 200):
print("Response Header:")
print(rest.ResponseHeader)
print("Response Body:")
print(sbResponseBody.GetAsString())
sys.exit()
jResp = chilkat2.JsonObject()
jResp.LoadSb(sbResponseBody)
# The following code parses the JSON response.
# A sample JSON response is shown below the sample code.
# Use this online tool to generate parsing code from sample JSON:
# Generate Parsing Code from JSON
i = 0
count_i = jResp.SizeOfArray("findings")
while i < count_i :
jResp.I = i
accountId = jResp.StringOf("findings[i].accountId")
arn = jResp.StringOf("findings[i].arn")
confidence = jResp.IntOf("findings[i].confidence")
createdAt = jResp.StringOf("findings[i].createdAt")
description = jResp.StringOf("findings[i].description")
id = jResp.StringOf("findings[i].id")
partition = jResp.StringOf("findings[i].partition")
region = jResp.StringOf("findings[i].region")
AccessKeyId = jResp.StringOf("findings[i].resource.accessKeyDetails.accessKeyId")
PrincipalId = jResp.StringOf("findings[i].resource.accessKeyDetails.principalId")
UserName = jResp.StringOf("findings[i].resource.accessKeyDetails.userName")
UserType = jResp.StringOf("findings[i].resource.accessKeyDetails.userType")
Arn = jResp.StringOf("findings[i].resource.eksClusterDetails.arn")
CreatedAt = jResp.IntOf("findings[i].resource.eksClusterDetails.createdAt")
Name = jResp.StringOf("findings[i].resource.eksClusterDetails.name")
Status = jResp.StringOf("findings[i].resource.eksClusterDetails.status")
VpcId = jResp.StringOf("findings[i].resource.eksClusterDetails.vpcId")
AvailabilityZone = jResp.StringOf("findings[i].resource.instanceDetails.availabilityZone")
IamInstanceProfileArn = jResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.arn")
Id = jResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.id")
ImageDescription = jResp.StringOf("findings[i].resource.instanceDetails.imageDescription")
ImageId = jResp.StringOf("findings[i].resource.instanceDetails.imageId")
InstanceId = jResp.StringOf("findings[i].resource.instanceDetails.instanceId")
InstanceState = jResp.StringOf("findings[i].resource.instanceDetails.instanceState")
InstanceType = jResp.StringOf("findings[i].resource.instanceDetails.instanceType")
LaunchTime = jResp.StringOf("findings[i].resource.instanceDetails.launchTime")
OutpostArn = jResp.StringOf("findings[i].resource.instanceDetails.outpostArn")
Platform = jResp.StringOf("findings[i].resource.instanceDetails.platform")
Uid = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.uid")
Username = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.username")
HostNetwork = jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.hostNetwork")
KubernetesWorkloadDetailsName = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.name")
Namespace = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.namespace")
v_Type = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.type")
KubernetesWorkloadDetailsUid = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.uid")
ResourceType = jResp.StringOf("findings[i].resource.resourceType")
schemaVersion = jResp.StringOf("findings[i].schemaVersion")
ActionType = jResp.StringOf("findings[i].service.action.actionType")
Api = jResp.StringOf("findings[i].service.action.awsApiCallAction.api")
CallerType = jResp.StringOf("findings[i].service.action.awsApiCallAction.callerType")
Domain = jResp.StringOf("findings[i].service.action.awsApiCallAction.domainDetails.domain")
ErrorCode = jResp.StringOf("findings[i].service.action.awsApiCallAction.errorCode")
AccountId = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.accountId")
Affiliated = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.affiliated")
CityName = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.city.cityName")
CountryCode = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryCode")
CountryName = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryName")
Lat = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lat")
Lon = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lon")
IpAddressV4 = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.ipAddressV4")
v_Asn = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asn")
AsnOrg = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg")
Isp = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.isp")
Org = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.org")
ServiceName = jResp.StringOf("findings[i].service.action.awsApiCallAction.serviceName")
UserAgent = jResp.StringOf("findings[i].service.action.awsApiCallAction.userAgent")
DnsRequestActionDomain = jResp.StringOf("findings[i].service.action.dnsRequestAction.domain")
Parameters = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.parameters")
CityCityName = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.org")
RequestUri = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.requestUri")
StatusCode = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.statusCode")
KubernetesApiCallActionUserAgent = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.userAgent")
Verb = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.verb")
Blocked = jResp.IntOf("findings[i].service.action.networkConnectionAction.blocked")
ConnectionDirection = jResp.StringOf("findings[i].service.action.networkConnectionAction.connectionDirection")
LocalIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.networkConnectionAction.localIpDetails.ipAddressV4")
Port = jResp.IntOf("findings[i].service.action.networkConnectionAction.localPortDetails.port")
PortName = jResp.StringOf("findings[i].service.action.networkConnectionAction.localPortDetails.portName")
Protocol = jResp.StringOf("findings[i].service.action.networkConnectionAction.protocol")
CityCityName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.org")
RemotePortDetailsPort = jResp.IntOf("findings[i].service.action.networkConnectionAction.remotePortDetails.port")
RemotePortDetailsPortName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remotePortDetails.portName")
PortProbeActionBlocked = jResp.IntOf("findings[i].service.action.portProbeAction.blocked")
Archived = jResp.IntOf("findings[i].service.archived")
Count = jResp.IntOf("findings[i].service.count")
DetectorId = jResp.StringOf("findings[i].service.detectorId")
EventFirstSeen = jResp.StringOf("findings[i].service.eventFirstSeen")
EventLastSeen = jResp.StringOf("findings[i].service.eventLastSeen")
ResourceRole = jResp.StringOf("findings[i].service.resourceRole")
serviceServiceName = jResp.StringOf("findings[i].service.serviceName")
UserFeedback = jResp.StringOf("findings[i].service.userFeedback")
severity = jResp.IntOf("findings[i].severity")
title = jResp.StringOf("findings[i].title")
v_type = jResp.StringOf("findings[i].type")
updatedAt = jResp.StringOf("findings[i].updatedAt")
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.eksClusterDetails.tags")
while j < count_j :
jResp.J = j
key = jResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].key")
value = jResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].value")
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces")
while j < count_j :
jResp.J = j
networkInterfaceId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].networkInterfaceId")
privateDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateDnsName")
privateIpAddress = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddress")
publicDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicDnsName")
publicIp = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicIp")
subnetId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].subnetId")
vpcId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].vpcId")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses")
while k < count_k :
jResp.K = k
strVal = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses[k]")
k = k + 1
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses")
while k < count_k :
jResp.K = k
privateDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateDnsName")
privateIpAddress = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateIpAddress")
k = k + 1
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups")
while k < count_k :
jResp.K = k
groupId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupId")
groupName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupName")
k = k + 1
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.productCodes")
while j < count_j :
jResp.J = j
code = jResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].code")
productType = jResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].productType")
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.tags")
while j < count_j :
jResp.J = j
key = jResp.StringOf("findings[i].resource.instanceDetails.tags[j].key")
value = jResp.StringOf("findings[i].resource.instanceDetails.tags[j].value")
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups")
while j < count_j :
jResp.J = j
strVal = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups[j]")
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers")
while j < count_j :
jResp.J = j
containerRuntime = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].containerRuntime")
id = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].id")
image = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].image")
imagePrefix = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].imagePrefix")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].name")
Privileged = jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].securityContext.privileged")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts")
while k < count_k :
jResp.K = k
mountPath = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].mountPath")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].name")
k = k + 1
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes")
while j < count_j :
jResp.J = j
Path = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].hostPath.path")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].name")
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.s3BucketDetails")
while j < count_j :
jResp.J = j
arn = jResp.StringOf("findings[i].resource.s3BucketDetails[j].arn")
createdAt_int = jResp.IntOf("findings[i].resource.s3BucketDetails[j].createdAt")
EncryptionType = jResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.encryptionType")
KmsMasterKeyArn = jResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.kmsMasterKeyArn")
name = jResp.StringOf("findings[i].resource.s3BucketDetails[j].name")
ownerId = jResp.StringOf("findings[i].resource.s3BucketDetails[j].owner.id")
EffectivePermission = jResp.StringOf("findings[i].resource.s3BucketDetails[j].publicAccess.effectivePermission")
BlockPublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicPolicy = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy")
IgnorePublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls")
RestrictPublicBuckets = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets")
AllowsPublicReadAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess")
AllowsPublicWriteAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess")
BlockPublicAccessBlockPublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicAccessBlockPublicPolicy = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy")
BlockPublicAccessIgnorePublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls")
BlockPublicAccessRestrictPublicBuckets = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets")
BucketPolicyAllowsPublicReadAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess")
BucketPolicyAllowsPublicWriteAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess")
v_type = jResp.StringOf("findings[i].resource.s3BucketDetails[j].type")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.s3BucketDetails[j].tags")
while k < count_k :
jResp.K = k
key = jResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].key")
value = jResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].value")
k = k + 1
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].service.action.kubernetesApiCallAction.sourceIps")
while j < count_j :
jResp.J = j
strVal = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.sourceIps[j]")
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].service.action.portProbeAction.portProbeDetails")
while j < count_j :
jResp.J = j
localIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localIpDetails.ipAddressV4")
localPortDetailsPort = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.port")
localPortDetailsPortName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.portName")
CityCityName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lon")
remoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.org")
j = j + 1
j = 0
count_j = jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails")
while j < count_j :
jResp.J = j
threatListName = jResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatListName")
k = 0
count_k = jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames")
while k < count_k :
jResp.K = k
strVal = jResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames[k]")
k = k + 1
j = j + 1
i = i + 1
# A sample JSON response body parsed by the above code:
# {
# "findings": [
# {
# "accountId": "string",
# "arn": "string",
# "confidence": number,
# "createdAt": "string",
# "description": "string",
# "id": "string",
# "partition": "string",
# "region": "string",
# "resource": {
# "accessKeyDetails": {
# "accessKeyId": "string",
# "principalId": "string",
# "userName": "string",
# "userType": "string"
# },
# "eksClusterDetails": {
# "arn": "string",
# "createdAt": number,
# "name": "string",
# "status": "string",
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ],
# "vpcId": "string"
# },
# "instanceDetails": {
# "availabilityZone": "string",
# "iamInstanceProfile": {
# "arn": "string",
# "id": "string"
# },
# "imageDescription": "string",
# "imageId": "string",
# "instanceId": "string",
# "instanceState": "string",
# "instanceType": "string",
# "launchTime": "string",
# "networkInterfaces": [
# {
# "ipv6Addresses": [
# "string"
# ],
# "networkInterfaceId": "string",
# "privateDnsName": "string",
# "privateIpAddress": "string",
# "privateIpAddresses": [
# {
# "privateDnsName": "string",
# "privateIpAddress": "string"
# }
# ],
# "publicDnsName": "string",
# "publicIp": "string",
# "securityGroups": [
# {
# "groupId": "string",
# "groupName": "string"
# }
# ],
# "subnetId": "string",
# "vpcId": "string"
# }
# ],
# "outpostArn": "string",
# "platform": "string",
# "productCodes": [
# {
# "code": "string",
# "productType": "string"
# }
# ],
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ]
# },
# "kubernetesDetails": {
# "kubernetesUserDetails": {
# "groups": [
# "string"
# ],
# "uid": "string",
# "username": "string"
# },
# "kubernetesWorkloadDetails": {
# "containers": [
# {
# "containerRuntime": "string",
# "id": "string",
# "image": "string",
# "imagePrefix": "string",
# "name": "string",
# "securityContext": {
# "privileged": boolean
# },
# "volumeMounts": [
# {
# "mountPath": "string",
# "name": "string"
# }
# ]
# }
# ],
# "hostNetwork": boolean,
# "name": "string",
# "namespace": "string",
# "type": "string",
# "uid": "string",
# "volumes": [
# {
# "hostPath": {
# "path": "string"
# },
# "name": "string"
# }
# ]
# }
# },
# "resourceType": "string",
# "s3BucketDetails": [
# {
# "arn": "string",
# "createdAt": number,
# "defaultServerSideEncryption": {
# "encryptionType": "string",
# "kmsMasterKeyArn": "string"
# },
# "name": "string",
# "owner": {
# "id": "string"
# },
# "publicAccess": {
# "effectivePermission": "string",
# "permissionConfiguration": {
# "accountLevelPermissions": {
# "blockPublicAccess": {
# "blockPublicAcls": boolean,
# "blockPublicPolicy": boolean,
# "ignorePublicAcls": boolean,
# "restrictPublicBuckets": boolean
# }
# },
# "bucketLevelPermissions": {
# "accessControlList": {
# "allowsPublicReadAccess": boolean,
# "allowsPublicWriteAccess": boolean
# },
# "blockPublicAccess": {
# "blockPublicAcls": boolean,
# "blockPublicPolicy": boolean,
# "ignorePublicAcls": boolean,
# "restrictPublicBuckets": boolean
# },
# "bucketPolicy": {
# "allowsPublicReadAccess": boolean,
# "allowsPublicWriteAccess": boolean
# }
# }
# }
# },
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ],
# "type": "string"
# }
# ]
# },
# "schemaVersion": "string",
# "service": {
# "action": {
# "actionType": "string",
# "awsApiCallAction": {
# "api": "string",
# "callerType": "string",
# "domainDetails": {
# "domain": "string"
# },
# "errorCode": "string",
# "remoteAccountDetails": {
# "accountId": "string",
# "affiliated": boolean
# },
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "serviceName": "string",
# "userAgent": "string"
# },
# "dnsRequestAction": {
# "domain": "string"
# },
# "kubernetesApiCallAction": {
# "parameters": "string",
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "requestUri": "string",
# "sourceIps": [
# "string"
# ],
# "statusCode": number,
# "userAgent": "string",
# "verb": "string"
# },
# "networkConnectionAction": {
# "blocked": boolean,
# "connectionDirection": "string",
# "localIpDetails": {
# "ipAddressV4": "string"
# },
# "localPortDetails": {
# "port": number,
# "portName": "string"
# },
# "protocol": "string",
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "remotePortDetails": {
# "port": number,
# "portName": "string"
# }
# },
# "portProbeAction": {
# "blocked": boolean,
# "portProbeDetails": [
# {
# "localIpDetails": {
# "ipAddressV4": "string"
# },
# "localPortDetails": {
# "port": number,
# "portName": "string"
# },
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# }
# }
# ]
# }
# },
# "archived": boolean,
# "count": number,
# "detectorId": "string",
# "eventFirstSeen": "string",
# "eventLastSeen": "string",
# "evidence": {
# "threatIntelligenceDetails": [
# {
# "threatListName": "string",
# "threatNames": [
# "string"
# ]
# }
# ]
# },
# "resourceRole": "string",
# "serviceName": "string",
# "userFeedback": "string"
# },
# "severity": number,
# "title": "string",
# "type": "string",
# "updatedAt": "string"
# }
# ]
# }
