GetFindings Powershell Example
Add-Type -Path "C:\chilkat\ChilkatDotNet47-9.5.0-x64\ChilkatDotNet47.dll"
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$rest = New-Object Chilkat.Rest
$authAws = New-Object Chilkat.AuthAws
$authAws.AccessKey = "AWS_ACCESS_KEY"
$authAws.SecretKey = "AWS_SECRET_KEY"
# Don't forget to change the region to your particular region. (Also make the same change in the call to Connect below.)
$authAws.Region = "us-west-2"
$authAws.ServiceName = "guardduty"
# SetAuthAws causes Chilkat to automatically add the following headers: Authorization, X-Amz-Date
$rest.SetAuthAws($authAws)
# URL: https://guardduty.us-west-2.amazonaws.com/
# Use the same region as specified above.
$success = $rest.Connect("guardduty.us-west-2.amazonaws.com",443,$true,$true)
if ($success -ne $true) {
$("ConnectFailReason: " + $rest.ConnectFailReason)
$($rest.LastErrorText)
exit
}
# The following code creates the JSON request body.
# The JSON created by this code is shown below.
# Use this online tool to generate code from sample JSON:
# Generate Code to Create JSON
$json = New-Object Chilkat.JsonObject
$json.UpdateString("findingIds[0]","string")
$json.UpdateString("sortCriteria.attributeName","string")
$json.UpdateString("sortCriteria.orderBy","string")
# The JSON request body created by the above code:
# {
# "findingIds": [
# "string"
# ],
# "sortCriteria": {
# "attributeName": "string",
# "orderBy": "string"
# }
# }
$rest.AddHeader("Content-Type","application/x-amz-json-1.1")
$rest.AddHeader("X-Amz-Target","GetFindings")
$sbRequestBody = New-Object Chilkat.StringBuilder
$json.EmitSb($sbRequestBody)
$sbResponseBody = New-Object Chilkat.StringBuilder
$success = $rest.FullRequestSb("POST","/detector/{detectorId}/findings/get",$sbRequestBody,$sbResponseBody)
if ($success -ne $true) {
$($rest.LastErrorText)
exit
}
$respStatusCode = $rest.ResponseStatusCode
$("response status code = " + $respStatusCode)
if ($respStatusCode -ne 200) {
$("Response Header:")
$($rest.ResponseHeader)
$("Response Body:")
$($sbResponseBody.GetAsString())
exit
}
$jResp = New-Object Chilkat.JsonObject
$jResp.LoadSb($sbResponseBody)
# The following code parses the JSON response.
# A sample JSON response is shown below the sample code.
# Use this online tool to generate parsing code from sample JSON:
# Generate Parsing Code from JSON
$i = 0
$count_i = $jResp.SizeOfArray("findings")
while ($i -lt $count_i) {
$jResp.I = $i
$accountId = $jResp.StringOf("findings[i].accountId")
$arn = $jResp.StringOf("findings[i].arn")
$confidence = $jResp.IntOf("findings[i].confidence")
$createdAt = $jResp.StringOf("findings[i].createdAt")
$description = $jResp.StringOf("findings[i].description")
$id = $jResp.StringOf("findings[i].id")
$partition = $jResp.StringOf("findings[i].partition")
$region = $jResp.StringOf("findings[i].region")
$AccessKeyId = $jResp.StringOf("findings[i].resource.accessKeyDetails.accessKeyId")
$PrincipalId = $jResp.StringOf("findings[i].resource.accessKeyDetails.principalId")
$UserName = $jResp.StringOf("findings[i].resource.accessKeyDetails.userName")
$UserType = $jResp.StringOf("findings[i].resource.accessKeyDetails.userType")
$Arn = $jResp.StringOf("findings[i].resource.eksClusterDetails.arn")
$CreatedAt = $jResp.IntOf("findings[i].resource.eksClusterDetails.createdAt")
$Name = $jResp.StringOf("findings[i].resource.eksClusterDetails.name")
$Status = $jResp.StringOf("findings[i].resource.eksClusterDetails.status")
$VpcId = $jResp.StringOf("findings[i].resource.eksClusterDetails.vpcId")
$AvailabilityZone = $jResp.StringOf("findings[i].resource.instanceDetails.availabilityZone")
$IamInstanceProfileArn = $jResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.arn")
$Id = $jResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.id")
$ImageDescription = $jResp.StringOf("findings[i].resource.instanceDetails.imageDescription")
$ImageId = $jResp.StringOf("findings[i].resource.instanceDetails.imageId")
$InstanceId = $jResp.StringOf("findings[i].resource.instanceDetails.instanceId")
$InstanceState = $jResp.StringOf("findings[i].resource.instanceDetails.instanceState")
$InstanceType = $jResp.StringOf("findings[i].resource.instanceDetails.instanceType")
$LaunchTime = $jResp.StringOf("findings[i].resource.instanceDetails.launchTime")
$OutpostArn = $jResp.StringOf("findings[i].resource.instanceDetails.outpostArn")
$Platform = $jResp.StringOf("findings[i].resource.instanceDetails.platform")
$Uid = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.uid")
$Username = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.username")
$HostNetwork = $jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.hostNetwork")
$KubernetesWorkloadDetailsName = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.name")
$Namespace = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.namespace")
$v_Type = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.type")
$KubernetesWorkloadDetailsUid = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.uid")
$ResourceType = $jResp.StringOf("findings[i].resource.resourceType")
$schemaVersion = $jResp.StringOf("findings[i].schemaVersion")
$ActionType = $jResp.StringOf("findings[i].service.action.actionType")
$Api = $jResp.StringOf("findings[i].service.action.awsApiCallAction.api")
$CallerType = $jResp.StringOf("findings[i].service.action.awsApiCallAction.callerType")
$Domain = $jResp.StringOf("findings[i].service.action.awsApiCallAction.domainDetails.domain")
$ErrorCode = $jResp.StringOf("findings[i].service.action.awsApiCallAction.errorCode")
$AccountId = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.accountId")
$Affiliated = $jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.affiliated")
$CityName = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.city.cityName")
$CountryCode = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryCode")
$CountryName = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryName")
$Lat = $jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lat")
$Lon = $jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lon")
$IpAddressV4 = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.ipAddressV4")
$v_Asn = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asn")
$AsnOrg = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg")
$Isp = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.isp")
$Org = $jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.org")
$ServiceName = $jResp.StringOf("findings[i].service.action.awsApiCallAction.serviceName")
$UserAgent = $jResp.StringOf("findings[i].service.action.awsApiCallAction.userAgent")
$DnsRequestActionDomain = $jResp.StringOf("findings[i].service.action.dnsRequestAction.domain")
$Parameters = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.parameters")
$CityCityName = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.city.cityName")
$CountryCountryCode = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryCode")
$CountryCountryName = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryName")
$GeoLocationLat = $jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lat")
$GeoLocationLon = $jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lon")
$RemoteIpDetailsIpAddressV4 = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4")
$OrganizationAsn = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn")
$OrganizationAsnOrg = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asnOrg")
$OrganizationIsp = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.isp")
$OrganizationOrg = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.org")
$RequestUri = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.requestUri")
$StatusCode = $jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.statusCode")
$KubernetesApiCallActionUserAgent = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.userAgent")
$Verb = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.verb")
$Blocked = $jResp.IntOf("findings[i].service.action.networkConnectionAction.blocked")
$ConnectionDirection = $jResp.StringOf("findings[i].service.action.networkConnectionAction.connectionDirection")
$LocalIpDetailsIpAddressV4 = $jResp.StringOf("findings[i].service.action.networkConnectionAction.localIpDetails.ipAddressV4")
$Port = $jResp.IntOf("findings[i].service.action.networkConnectionAction.localPortDetails.port")
$PortName = $jResp.StringOf("findings[i].service.action.networkConnectionAction.localPortDetails.portName")
$Protocol = $jResp.StringOf("findings[i].service.action.networkConnectionAction.protocol")
$CityCityName = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.city.cityName")
$CountryCountryCode = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryCode")
$CountryCountryName = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryName")
$GeoLocationLat = $jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lat")
$GeoLocationLon = $jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lon")
$RemoteIpDetailsIpAddressV4 = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.ipAddressV4")
$OrganizationAsn = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asn")
$OrganizationAsnOrg = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg")
$OrganizationIsp = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.isp")
$OrganizationOrg = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.org")
$RemotePortDetailsPort = $jResp.IntOf("findings[i].service.action.networkConnectionAction.remotePortDetails.port")
$RemotePortDetailsPortName = $jResp.StringOf("findings[i].service.action.networkConnectionAction.remotePortDetails.portName")
$PortProbeActionBlocked = $jResp.IntOf("findings[i].service.action.portProbeAction.blocked")
$Archived = $jResp.IntOf("findings[i].service.archived")
$Count = $jResp.IntOf("findings[i].service.count")
$DetectorId = $jResp.StringOf("findings[i].service.detectorId")
$EventFirstSeen = $jResp.StringOf("findings[i].service.eventFirstSeen")
$EventLastSeen = $jResp.StringOf("findings[i].service.eventLastSeen")
$ResourceRole = $jResp.StringOf("findings[i].service.resourceRole")
$serviceServiceName = $jResp.StringOf("findings[i].service.serviceName")
$UserFeedback = $jResp.StringOf("findings[i].service.userFeedback")
$severity = $jResp.IntOf("findings[i].severity")
$title = $jResp.StringOf("findings[i].title")
$v_type = $jResp.StringOf("findings[i].type")
$updatedAt = $jResp.StringOf("findings[i].updatedAt")
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].resource.eksClusterDetails.tags")
while ($j -lt $count_j) {
$jResp.J = $j
$key = $jResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].key")
$value = $jResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].value")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces")
while ($j -lt $count_j) {
$jResp.J = $j
$networkInterfaceId = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].networkInterfaceId")
$privateDnsName = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateDnsName")
$privateIpAddress = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddress")
$publicDnsName = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicDnsName")
$publicIp = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicIp")
$subnetId = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].subnetId")
$vpcId = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].vpcId")
$k = 0
$count_k = $jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses")
while ($k -lt $count_k) {
$jResp.K = $k
$strVal = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses[k]")
$k = $k + 1
}
$k = 0
$count_k = $jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses")
while ($k -lt $count_k) {
$jResp.K = $k
$privateDnsName = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateDnsName")
$privateIpAddress = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateIpAddress")
$k = $k + 1
}
$k = 0
$count_k = $jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups")
while ($k -lt $count_k) {
$jResp.K = $k
$groupId = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupId")
$groupName = $jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupName")
$k = $k + 1
}
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].resource.instanceDetails.productCodes")
while ($j -lt $count_j) {
$jResp.J = $j
$code = $jResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].code")
$productType = $jResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].productType")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].resource.instanceDetails.tags")
while ($j -lt $count_j) {
$jResp.J = $j
$key = $jResp.StringOf("findings[i].resource.instanceDetails.tags[j].key")
$value = $jResp.StringOf("findings[i].resource.instanceDetails.tags[j].value")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups")
while ($j -lt $count_j) {
$jResp.J = $j
$strVal = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups[j]")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers")
while ($j -lt $count_j) {
$jResp.J = $j
$containerRuntime = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].containerRuntime")
$id = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].id")
$image = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].image")
$imagePrefix = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].imagePrefix")
$name = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].name")
$Privileged = $jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].securityContext.privileged")
$k = 0
$count_k = $jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts")
while ($k -lt $count_k) {
$jResp.K = $k
$mountPath = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].mountPath")
$name = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].name")
$k = $k + 1
}
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes")
while ($j -lt $count_j) {
$jResp.J = $j
$Path = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].hostPath.path")
$name = $jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].name")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].resource.s3BucketDetails")
while ($j -lt $count_j) {
$jResp.J = $j
$arn = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].arn")
$createdAt_int = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].createdAt")
$EncryptionType = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.encryptionType")
$KmsMasterKeyArn = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.kmsMasterKeyArn")
$name = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].name")
$ownerId = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].owner.id")
$EffectivePermission = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].publicAccess.effectivePermission")
$BlockPublicAcls = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls")
$BlockPublicPolicy = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy")
$IgnorePublicAcls = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls")
$RestrictPublicBuckets = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets")
$AllowsPublicReadAccess = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess")
$AllowsPublicWriteAccess = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess")
$BlockPublicAccessBlockPublicAcls = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls")
$BlockPublicAccessBlockPublicPolicy = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy")
$BlockPublicAccessIgnorePublicAcls = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls")
$BlockPublicAccessRestrictPublicBuckets = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets")
$BucketPolicyAllowsPublicReadAccess = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess")
$BucketPolicyAllowsPublicWriteAccess = $jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess")
$v_type = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].type")
$k = 0
$count_k = $jResp.SizeOfArray("findings[i].resource.s3BucketDetails[j].tags")
while ($k -lt $count_k) {
$jResp.K = $k
$key = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].key")
$value = $jResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].value")
$k = $k + 1
}
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].service.action.kubernetesApiCallAction.sourceIps")
while ($j -lt $count_j) {
$jResp.J = $j
$strVal = $jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.sourceIps[j]")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].service.action.portProbeAction.portProbeDetails")
while ($j -lt $count_j) {
$jResp.J = $j
$localIpDetailsIpAddressV4 = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localIpDetails.ipAddressV4")
$localPortDetailsPort = $jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.port")
$localPortDetailsPortName = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.portName")
$CityCityName = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.city.cityName")
$CountryCountryCode = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryCode")
$CountryCountryName = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryName")
$GeoLocationLat = $jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lat")
$GeoLocationLon = $jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lon")
$remoteIpDetailsIpAddressV4 = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.ipAddressV4")
$OrganizationAsn = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asn")
$OrganizationAsnOrg = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asnOrg")
$OrganizationIsp = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.isp")
$OrganizationOrg = $jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.org")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails")
while ($j -lt $count_j) {
$jResp.J = $j
$threatListName = $jResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatListName")
$k = 0
$count_k = $jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames")
while ($k -lt $count_k) {
$jResp.K = $k
$strVal = $jResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames[k]")
$k = $k + 1
}
$j = $j + 1
}
$i = $i + 1
}
# A sample JSON response body parsed by the above code:
# {
# "findings": [
# {
# "accountId": "string",
# "arn": "string",
# "confidence": number,
# "createdAt": "string",
# "description": "string",
# "id": "string",
# "partition": "string",
# "region": "string",
# "resource": {
# "accessKeyDetails": {
# "accessKeyId": "string",
# "principalId": "string",
# "userName": "string",
# "userType": "string"
# },
# "eksClusterDetails": {
# "arn": "string",
# "createdAt": number,
# "name": "string",
# "status": "string",
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ],
# "vpcId": "string"
# },
# "instanceDetails": {
# "availabilityZone": "string",
# "iamInstanceProfile": {
# "arn": "string",
# "id": "string"
# },
# "imageDescription": "string",
# "imageId": "string",
# "instanceId": "string",
# "instanceState": "string",
# "instanceType": "string",
# "launchTime": "string",
# "networkInterfaces": [
# {
# "ipv6Addresses": [
# "string"
# ],
# "networkInterfaceId": "string",
# "privateDnsName": "string",
# "privateIpAddress": "string",
# "privateIpAddresses": [
# {
# "privateDnsName": "string",
# "privateIpAddress": "string"
# }
# ],
# "publicDnsName": "string",
# "publicIp": "string",
# "securityGroups": [
# {
# "groupId": "string",
# "groupName": "string"
# }
# ],
# "subnetId": "string",
# "vpcId": "string"
# }
# ],
# "outpostArn": "string",
# "platform": "string",
# "productCodes": [
# {
# "code": "string",
# "productType": "string"
# }
# ],
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ]
# },
# "kubernetesDetails": {
# "kubernetesUserDetails": {
# "groups": [
# "string"
# ],
# "uid": "string",
# "username": "string"
# },
# "kubernetesWorkloadDetails": {
# "containers": [
# {
# "containerRuntime": "string",
# "id": "string",
# "image": "string",
# "imagePrefix": "string",
# "name": "string",
# "securityContext": {
# "privileged": boolean
# },
# "volumeMounts": [
# {
# "mountPath": "string",
# "name": "string"
# }
# ]
# }
# ],
# "hostNetwork": boolean,
# "name": "string",
# "namespace": "string",
# "type": "string",
# "uid": "string",
# "volumes": [
# {
# "hostPath": {
# "path": "string"
# },
# "name": "string"
# }
# ]
# }
# },
# "resourceType": "string",
# "s3BucketDetails": [
# {
# "arn": "string",
# "createdAt": number,
# "defaultServerSideEncryption": {
# "encryptionType": "string",
# "kmsMasterKeyArn": "string"
# },
# "name": "string",
# "owner": {
# "id": "string"
# },
# "publicAccess": {
# "effectivePermission": "string",
# "permissionConfiguration": {
# "accountLevelPermissions": {
# "blockPublicAccess": {
# "blockPublicAcls": boolean,
# "blockPublicPolicy": boolean,
# "ignorePublicAcls": boolean,
# "restrictPublicBuckets": boolean
# }
# },
# "bucketLevelPermissions": {
# "accessControlList": {
# "allowsPublicReadAccess": boolean,
# "allowsPublicWriteAccess": boolean
# },
# "blockPublicAccess": {
# "blockPublicAcls": boolean,
# "blockPublicPolicy": boolean,
# "ignorePublicAcls": boolean,
# "restrictPublicBuckets": boolean
# },
# "bucketPolicy": {
# "allowsPublicReadAccess": boolean,
# "allowsPublicWriteAccess": boolean
# }
# }
# }
# },
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ],
# "type": "string"
# }
# ]
# },
# "schemaVersion": "string",
# "service": {
# "action": {
# "actionType": "string",
# "awsApiCallAction": {
# "api": "string",
# "callerType": "string",
# "domainDetails": {
# "domain": "string"
# },
# "errorCode": "string",
# "remoteAccountDetails": {
# "accountId": "string",
# "affiliated": boolean
# },
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "serviceName": "string",
# "userAgent": "string"
# },
# "dnsRequestAction": {
# "domain": "string"
# },
# "kubernetesApiCallAction": {
# "parameters": "string",
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "requestUri": "string",
# "sourceIps": [
# "string"
# ],
# "statusCode": number,
# "userAgent": "string",
# "verb": "string"
# },
# "networkConnectionAction": {
# "blocked": boolean,
# "connectionDirection": "string",
# "localIpDetails": {
# "ipAddressV4": "string"
# },
# "localPortDetails": {
# "port": number,
# "portName": "string"
# },
# "protocol": "string",
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "remotePortDetails": {
# "port": number,
# "portName": "string"
# }
# },
# "portProbeAction": {
# "blocked": boolean,
# "portProbeDetails": [
# {
# "localIpDetails": {
# "ipAddressV4": "string"
# },
# "localPortDetails": {
# "port": number,
# "portName": "string"
# },
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# }
# }
# ]
# }
# },
# "archived": boolean,
# "count": number,
# "detectorId": "string",
# "eventFirstSeen": "string",
# "eventLastSeen": "string",
# "evidence": {
# "threatIntelligenceDetails": [
# {
# "threatListName": "string",
# "threatNames": [
# "string"
# ]
# }
# ]
# },
# "resourceRole": "string",
# "serviceName": "string",
# "userFeedback": "string"
# },
# "severity": number,
# "title": "string",
# "type": "string",
# "updatedAt": "string"
# }
# ]
# }
