GetFindings PureBasic Example
IncludeFile "CkJsonObject.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkRest.pb"
IncludeFile "CkAuthAws.pb"
Procedure ChilkatExample()
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
rest.i = CkRest::ckCreate()
If rest.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success.i
authAws.i = CkAuthAws::ckCreate()
If authAws.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkAuthAws::setCkAccessKey(authAws, "AWS_ACCESS_KEY")
CkAuthAws::setCkSecretKey(authAws, "AWS_SECRET_KEY")
; Don't forget to change the region to your particular region. (Also make the same change in the call to Connect below.)
CkAuthAws::setCkRegion(authAws, "us-west-2")
CkAuthAws::setCkServiceName(authAws, "guardduty")
; SetAuthAws causes Chilkat to automatically add the following headers: Authorization, X-Amz-Date
CkRest::ckSetAuthAws(rest,authAws)
; URL: https://guardduty.us-west-2.amazonaws.com/
; Use the same region as specified above.
success = CkRest::ckConnect(rest,"guardduty.us-west-2.amazonaws.com",443,1,1)
If success <> 1
Debug "ConnectFailReason: " + Str(CkRest::ckConnectFailReason(rest))
Debug CkRest::ckLastErrorText(rest)
CkRest::ckDispose(rest)
CkAuthAws::ckDispose(authAws)
ProcedureReturn
EndIf
; The following code creates the JSON request body.
; The JSON created by this code is shown below.
; Use this online tool to generate code from sample JSON:
; Generate Code to Create JSON
json.i = CkJsonObject::ckCreate()
If json.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckUpdateString(json,"findingIds[0]","string")
CkJsonObject::ckUpdateString(json,"sortCriteria.attributeName","string")
CkJsonObject::ckUpdateString(json,"sortCriteria.orderBy","string")
; The JSON request body created by the above code:
; {
; "findingIds": [
; "string"
; ],
; "sortCriteria": {
; "attributeName": "string",
; "orderBy": "string"
; }
; }
CkRest::ckAddHeader(rest,"Content-Type","application/x-amz-json-1.1")
CkRest::ckAddHeader(rest,"X-Amz-Target","GetFindings")
sbRequestBody.i = CkStringBuilder::ckCreate()
If sbRequestBody.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckEmitSb(json,sbRequestBody)
sbResponseBody.i = CkStringBuilder::ckCreate()
If sbResponseBody.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkRest::ckFullRequestSb(rest,"POST","/detector/{detectorId}/findings/get",sbRequestBody,sbResponseBody)
If success <> 1
Debug CkRest::ckLastErrorText(rest)
CkRest::ckDispose(rest)
CkAuthAws::ckDispose(authAws)
CkJsonObject::ckDispose(json)
CkStringBuilder::ckDispose(sbRequestBody)
CkStringBuilder::ckDispose(sbResponseBody)
ProcedureReturn
EndIf
respStatusCode.i = CkRest::ckResponseStatusCode(rest)
Debug "response status code = " + Str(respStatusCode)
If respStatusCode <> 200
Debug "Response Header:"
Debug CkRest::ckResponseHeader(rest)
Debug "Response Body:"
Debug CkStringBuilder::ckGetAsString(sbResponseBody)
CkRest::ckDispose(rest)
CkAuthAws::ckDispose(authAws)
CkJsonObject::ckDispose(json)
CkStringBuilder::ckDispose(sbRequestBody)
CkStringBuilder::ckDispose(sbResponseBody)
ProcedureReturn
EndIf
jResp.i = CkJsonObject::ckCreate()
If jResp.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckLoadSb(jResp,sbResponseBody)
; The following code parses the JSON response.
; A sample JSON response is shown below the sample code.
; Use this online tool to generate parsing code from sample JSON:
; Generate Parsing Code from JSON
accountId.s
arn.s
confidence.i
createdAt.s
description.s
id.s
partition.s
region.s
AccessKeyId.s
PrincipalId.s
UserName.s
UserType.s
Arn.s
CreatedAt.i
Name.s
Status.s
VpcId.s
AvailabilityZone.s
IamInstanceProfileArn.s
Id.s
ImageDescription.s
ImageId.s
InstanceId.s
InstanceState.s
InstanceType.s
LaunchTime.s
OutpostArn.s
Platform.s
Uid.s
Username.s
HostNetwork.i
KubernetesWorkloadDetailsName.s
Namespace.s
v_Type.s
KubernetesWorkloadDetailsUid.s
ResourceType.s
schemaVersion.s
ActionType.s
Api.s
CallerType.s
Domain.s
ErrorCode.s
AccountId.s
Affiliated.i
CityName.s
CountryCode.s
CountryName.s
Lat.i
Lon.i
IpAddressV4.s
v_Asn.s
AsnOrg.s
Isp.s
Org.s
ServiceName.s
UserAgent.s
DnsRequestActionDomain.s
Parameters.s
CityCityName.s
CountryCountryCode.s
CountryCountryName.s
GeoLocationLat.i
GeoLocationLon.i
RemoteIpDetailsIpAddressV4.s
OrganizationAsn.s
OrganizationAsnOrg.s
OrganizationIsp.s
OrganizationOrg.s
RequestUri.s
StatusCode.i
KubernetesApiCallActionUserAgent.s
Verb.s
Blocked.i
ConnectionDirection.s
LocalIpDetailsIpAddressV4.s
Port.i
PortName.s
Protocol.s
RemotePortDetailsPort.i
RemotePortDetailsPortName.s
PortProbeActionBlocked.i
Archived.i
Count.i
DetectorId.s
EventFirstSeen.s
EventLastSeen.s
ResourceRole.s
serviceServiceName.s
UserFeedback.s
severity.i
title.s
v_type.s
updatedAt.s
j.i
count_j.i
key.s
value.s
networkInterfaceId.s
privateDnsName.s
privateIpAddress.s
publicDnsName.s
publicIp.s
subnetId.s
vpcId.s
k.i
count_k.i
strVal.s
groupId.s
groupName.s
code.s
productType.s
containerRuntime.s
image.s
imagePrefix.s
name.s
Privileged.i
mountPath.s
Path.s
createdAt_int.i
EncryptionType.s
KmsMasterKeyArn.s
ownerId.s
EffectivePermission.s
BlockPublicAcls.i
BlockPublicPolicy.i
IgnorePublicAcls.i
RestrictPublicBuckets.i
AllowsPublicReadAccess.i
AllowsPublicWriteAccess.i
BlockPublicAccessBlockPublicAcls.i
BlockPublicAccessBlockPublicPolicy.i
BlockPublicAccessIgnorePublicAcls.i
BlockPublicAccessRestrictPublicBuckets.i
BucketPolicyAllowsPublicReadAccess.i
BucketPolicyAllowsPublicWriteAccess.i
localIpDetailsIpAddressV4.s
localPortDetailsPort.i
localPortDetailsPortName.s
remoteIpDetailsIpAddressV4.s
threatListName.s
i.i = 0
count_i.i = CkJsonObject::ckSizeOfArray(jResp,"findings")
While i < count_i
CkJsonObject::setCkI(jResp, i)
accountId = CkJsonObject::ckStringOf(jResp,"findings[i].accountId")
arn = CkJsonObject::ckStringOf(jResp,"findings[i].arn")
confidence = CkJsonObject::ckIntOf(jResp,"findings[i].confidence")
createdAt = CkJsonObject::ckStringOf(jResp,"findings[i].createdAt")
description = CkJsonObject::ckStringOf(jResp,"findings[i].description")
id = CkJsonObject::ckStringOf(jResp,"findings[i].id")
partition = CkJsonObject::ckStringOf(jResp,"findings[i].partition")
region = CkJsonObject::ckStringOf(jResp,"findings[i].region")
AccessKeyId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.accessKeyDetails.accessKeyId")
PrincipalId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.accessKeyDetails.principalId")
UserName = CkJsonObject::ckStringOf(jResp,"findings[i].resource.accessKeyDetails.userName")
UserType = CkJsonObject::ckStringOf(jResp,"findings[i].resource.accessKeyDetails.userType")
Arn = CkJsonObject::ckStringOf(jResp,"findings[i].resource.eksClusterDetails.arn")
CreatedAt = CkJsonObject::ckIntOf(jResp,"findings[i].resource.eksClusterDetails.createdAt")
Name = CkJsonObject::ckStringOf(jResp,"findings[i].resource.eksClusterDetails.name")
Status = CkJsonObject::ckStringOf(jResp,"findings[i].resource.eksClusterDetails.status")
VpcId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.eksClusterDetails.vpcId")
AvailabilityZone = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.availabilityZone")
IamInstanceProfileArn = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.iamInstanceProfile.arn")
Id = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.iamInstanceProfile.id")
ImageDescription = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.imageDescription")
ImageId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.imageId")
InstanceId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.instanceId")
InstanceState = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.instanceState")
InstanceType = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.instanceType")
LaunchTime = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.launchTime")
OutpostArn = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.outpostArn")
Platform = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.platform")
Uid = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesUserDetails.uid")
Username = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesUserDetails.username")
HostNetwork = CkJsonObject::ckIntOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.hostNetwork")
KubernetesWorkloadDetailsName = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.name")
Namespace = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.namespace")
v_Type = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.type")
KubernetesWorkloadDetailsUid = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.uid")
ResourceType = CkJsonObject::ckStringOf(jResp,"findings[i].resource.resourceType")
schemaVersion = CkJsonObject::ckStringOf(jResp,"findings[i].schemaVersion")
ActionType = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.actionType")
Api = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.api")
CallerType = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.callerType")
Domain = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.domainDetails.domain")
ErrorCode = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.errorCode")
AccountId = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteAccountDetails.accountId")
Affiliated = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.awsApiCallAction.remoteAccountDetails.affiliated")
CityName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.city.cityName")
CountryCode = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryCode")
CountryName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryName")
Lat = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lat")
Lon = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lon")
IpAddressV4 = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.ipAddressV4")
v_Asn = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asn")
AsnOrg = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg")
Isp = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.isp")
Org = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.org")
ServiceName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.serviceName")
UserAgent = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.awsApiCallAction.userAgent")
DnsRequestActionDomain = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.dnsRequestAction.domain")
Parameters = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.parameters")
CityCityName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.city.cityName")
CountryCountryCode = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryCode")
CountryCountryName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryName")
GeoLocationLat = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.isp")
OrganizationOrg = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.org")
RequestUri = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.requestUri")
StatusCode = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.kubernetesApiCallAction.statusCode")
KubernetesApiCallActionUserAgent = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.userAgent")
Verb = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.verb")
Blocked = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.networkConnectionAction.blocked")
ConnectionDirection = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.connectionDirection")
LocalIpDetailsIpAddressV4 = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.localIpDetails.ipAddressV4")
Port = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.networkConnectionAction.localPortDetails.port")
PortName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.localPortDetails.portName")
Protocol = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.protocol")
CityCityName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.city.cityName")
CountryCountryCode = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryCode")
CountryCountryName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryName")
GeoLocationLat = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.isp")
OrganizationOrg = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.org")
RemotePortDetailsPort = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.networkConnectionAction.remotePortDetails.port")
RemotePortDetailsPortName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.networkConnectionAction.remotePortDetails.portName")
PortProbeActionBlocked = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.portProbeAction.blocked")
Archived = CkJsonObject::ckIntOf(jResp,"findings[i].service.archived")
Count = CkJsonObject::ckIntOf(jResp,"findings[i].service.count")
DetectorId = CkJsonObject::ckStringOf(jResp,"findings[i].service.detectorId")
EventFirstSeen = CkJsonObject::ckStringOf(jResp,"findings[i].service.eventFirstSeen")
EventLastSeen = CkJsonObject::ckStringOf(jResp,"findings[i].service.eventLastSeen")
ResourceRole = CkJsonObject::ckStringOf(jResp,"findings[i].service.resourceRole")
serviceServiceName = CkJsonObject::ckStringOf(jResp,"findings[i].service.serviceName")
UserFeedback = CkJsonObject::ckStringOf(jResp,"findings[i].service.userFeedback")
severity = CkJsonObject::ckIntOf(jResp,"findings[i].severity")
title = CkJsonObject::ckStringOf(jResp,"findings[i].title")
v_type = CkJsonObject::ckStringOf(jResp,"findings[i].type")
updatedAt = CkJsonObject::ckStringOf(jResp,"findings[i].updatedAt")
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.eksClusterDetails.tags")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
key = CkJsonObject::ckStringOf(jResp,"findings[i].resource.eksClusterDetails.tags[j].key")
value = CkJsonObject::ckStringOf(jResp,"findings[i].resource.eksClusterDetails.tags[j].value")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.instanceDetails.networkInterfaces")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
networkInterfaceId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].networkInterfaceId")
privateDnsName = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].privateDnsName")
privateIpAddress = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddress")
publicDnsName = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].publicDnsName")
publicIp = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].publicIp")
subnetId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].subnetId")
vpcId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].vpcId")
k = 0
count_k = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses")
While k < count_k
CkJsonObject::setCkK(jResp, k)
strVal = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses[k]")
k = k + 1
Wend
k = 0
count_k = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses")
While k < count_k
CkJsonObject::setCkK(jResp, k)
privateDnsName = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateDnsName")
privateIpAddress = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateIpAddress")
k = k + 1
Wend
k = 0
count_k = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups")
While k < count_k
CkJsonObject::setCkK(jResp, k)
groupId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupId")
groupName = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupName")
k = k + 1
Wend
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.instanceDetails.productCodes")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
code = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.productCodes[j].code")
productType = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.productCodes[j].productType")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.instanceDetails.tags")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
key = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.tags[j].key")
value = CkJsonObject::ckStringOf(jResp,"findings[i].resource.instanceDetails.tags[j].value")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
strVal = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups[j]")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
containerRuntime = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].containerRuntime")
id = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].id")
image = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].image")
imagePrefix = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].imagePrefix")
name = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].name")
Privileged = CkJsonObject::ckIntOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].securityContext.privileged")
k = 0
count_k = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts")
While k < count_k
CkJsonObject::setCkK(jResp, k)
mountPath = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].mountPath")
name = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].name")
k = k + 1
Wend
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
Path = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].hostPath.path")
name = CkJsonObject::ckStringOf(jResp,"findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].name")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.s3BucketDetails")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
arn = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].arn")
createdAt_int = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].createdAt")
EncryptionType = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.encryptionType")
KmsMasterKeyArn = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.kmsMasterKeyArn")
name = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].name")
ownerId = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].owner.id")
EffectivePermission = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.effectivePermission")
BlockPublicAcls = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicPolicy = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy")
IgnorePublicAcls = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls")
RestrictPublicBuckets = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets")
AllowsPublicReadAccess = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess")
AllowsPublicWriteAccess = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess")
BlockPublicAccessBlockPublicAcls = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicAccessBlockPublicPolicy = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy")
BlockPublicAccessIgnorePublicAcls = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls")
BlockPublicAccessRestrictPublicBuckets = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets")
BucketPolicyAllowsPublicReadAccess = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess")
BucketPolicyAllowsPublicWriteAccess = CkJsonObject::ckIntOf(jResp,"findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess")
v_type = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].type")
k = 0
count_k = CkJsonObject::ckSizeOfArray(jResp,"findings[i].resource.s3BucketDetails[j].tags")
While k < count_k
CkJsonObject::setCkK(jResp, k)
key = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].tags[k].key")
value = CkJsonObject::ckStringOf(jResp,"findings[i].resource.s3BucketDetails[j].tags[k].value")
k = k + 1
Wend
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].service.action.kubernetesApiCallAction.sourceIps")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
strVal = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.kubernetesApiCallAction.sourceIps[j]")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].service.action.portProbeAction.portProbeDetails")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
localIpDetailsIpAddressV4 = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].localIpDetails.ipAddressV4")
localPortDetailsPort = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.port")
localPortDetailsPortName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.portName")
CityCityName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.city.cityName")
CountryCountryCode = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryCode")
CountryCountryName = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryName")
GeoLocationLat = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lat")
GeoLocationLon = CkJsonObject::ckIntOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lon")
remoteIpDetailsIpAddressV4 = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.ipAddressV4")
OrganizationAsn = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asn")
OrganizationAsnOrg = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asnOrg")
OrganizationIsp = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.isp")
OrganizationOrg = CkJsonObject::ckStringOf(jResp,"findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.org")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"findings[i].service.evidence.threatIntelligenceDetails")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
threatListName = CkJsonObject::ckStringOf(jResp,"findings[i].service.evidence.threatIntelligenceDetails[j].threatListName")
k = 0
count_k = CkJsonObject::ckSizeOfArray(jResp,"findings[i].service.evidence.threatIntelligenceDetails[j].threatNames")
While k < count_k
CkJsonObject::setCkK(jResp, k)
strVal = CkJsonObject::ckStringOf(jResp,"findings[i].service.evidence.threatIntelligenceDetails[j].threatNames[k]")
k = k + 1
Wend
j = j + 1
Wend
i = i + 1
Wend
; A sample JSON response body parsed by the above code:
; {
; "findings": [
; {
; "accountId": "string",
; "arn": "string",
; "confidence": number,
; "createdAt": "string",
; "description": "string",
; "id": "string",
; "partition": "string",
; "region": "string",
; "resource": {
; "accessKeyDetails": {
; "accessKeyId": "string",
; "principalId": "string",
; "userName": "string",
; "userType": "string"
; },
; "eksClusterDetails": {
; "arn": "string",
; "createdAt": number,
; "name": "string",
; "status": "string",
; "tags": [
; {
; "key": "string",
; "value": "string"
; }
; ],
; "vpcId": "string"
; },
; "instanceDetails": {
; "availabilityZone": "string",
; "iamInstanceProfile": {
; "arn": "string",
; "id": "string"
; },
; "imageDescription": "string",
; "imageId": "string",
; "instanceId": "string",
; "instanceState": "string",
; "instanceType": "string",
; "launchTime": "string",
; "networkInterfaces": [
; {
; "ipv6Addresses": [
; "string"
; ],
; "networkInterfaceId": "string",
; "privateDnsName": "string",
; "privateIpAddress": "string",
; "privateIpAddresses": [
; {
; "privateDnsName": "string",
; "privateIpAddress": "string"
; }
; ],
; "publicDnsName": "string",
; "publicIp": "string",
; "securityGroups": [
; {
; "groupId": "string",
; "groupName": "string"
; }
; ],
; "subnetId": "string",
; "vpcId": "string"
; }
; ],
; "outpostArn": "string",
; "platform": "string",
; "productCodes": [
; {
; "code": "string",
; "productType": "string"
; }
; ],
; "tags": [
; {
; "key": "string",
; "value": "string"
; }
; ]
; },
; "kubernetesDetails": {
; "kubernetesUserDetails": {
; "groups": [
; "string"
; ],
; "uid": "string",
; "username": "string"
; },
; "kubernetesWorkloadDetails": {
; "containers": [
; {
; "containerRuntime": "string",
; "id": "string",
; "image": "string",
; "imagePrefix": "string",
; "name": "string",
; "securityContext": {
; "privileged": boolean
; },
; "volumeMounts": [
; {
; "mountPath": "string",
; "name": "string"
; }
; ]
; }
; ],
; "hostNetwork": boolean,
; "name": "string",
; "namespace": "string",
; "type": "string",
; "uid": "string",
; "volumes": [
; {
; "hostPath": {
; "path": "string"
; },
; "name": "string"
; }
; ]
; }
; },
; "resourceType": "string",
; "s3BucketDetails": [
; {
; "arn": "string",
; "createdAt": number,
; "defaultServerSideEncryption": {
; "encryptionType": "string",
; "kmsMasterKeyArn": "string"
; },
; "name": "string",
; "owner": {
; "id": "string"
; },
; "publicAccess": {
; "effectivePermission": "string",
; "permissionConfiguration": {
; "accountLevelPermissions": {
; "blockPublicAccess": {
; "blockPublicAcls": boolean,
; "blockPublicPolicy": boolean,
; "ignorePublicAcls": boolean,
; "restrictPublicBuckets": boolean
; }
; },
; "bucketLevelPermissions": {
; "accessControlList": {
; "allowsPublicReadAccess": boolean,
; "allowsPublicWriteAccess": boolean
; },
; "blockPublicAccess": {
; "blockPublicAcls": boolean,
; "blockPublicPolicy": boolean,
; "ignorePublicAcls": boolean,
; "restrictPublicBuckets": boolean
; },
; "bucketPolicy": {
; "allowsPublicReadAccess": boolean,
; "allowsPublicWriteAccess": boolean
; }
; }
; }
; },
; "tags": [
; {
; "key": "string",
; "value": "string"
; }
; ],
; "type": "string"
; }
; ]
; },
; "schemaVersion": "string",
; "service": {
; "action": {
; "actionType": "string",
; "awsApiCallAction": {
; "api": "string",
; "callerType": "string",
; "domainDetails": {
; "domain": "string"
; },
; "errorCode": "string",
; "remoteAccountDetails": {
; "accountId": "string",
; "affiliated": boolean
; },
; "remoteIpDetails": {
; "city": {
; "cityName": "string"
; },
; "country": {
; "countryCode": "string",
; "countryName": "string"
; },
; "geoLocation": {
; "lat": number,
; "lon": number
; },
; "ipAddressV4": "string",
; "organization": {
; "asn": "string",
; "asnOrg": "string",
; "isp": "string",
; "org": "string"
; }
; },
; "serviceName": "string",
; "userAgent": "string"
; },
; "dnsRequestAction": {
; "domain": "string"
; },
; "kubernetesApiCallAction": {
; "parameters": "string",
; "remoteIpDetails": {
; "city": {
; "cityName": "string"
; },
; "country": {
; "countryCode": "string",
; "countryName": "string"
; },
; "geoLocation": {
; "lat": number,
; "lon": number
; },
; "ipAddressV4": "string",
; "organization": {
; "asn": "string",
; "asnOrg": "string",
; "isp": "string",
; "org": "string"
; }
; },
; "requestUri": "string",
; "sourceIps": [
; "string"
; ],
; "statusCode": number,
; "userAgent": "string",
; "verb": "string"
; },
; "networkConnectionAction": {
; "blocked": boolean,
; "connectionDirection": "string",
; "localIpDetails": {
; "ipAddressV4": "string"
; },
; "localPortDetails": {
; "port": number,
; "portName": "string"
; },
; "protocol": "string",
; "remoteIpDetails": {
; "city": {
; "cityName": "string"
; },
; "country": {
; "countryCode": "string",
; "countryName": "string"
; },
; "geoLocation": {
; "lat": number,
; "lon": number
; },
; "ipAddressV4": "string",
; "organization": {
; "asn": "string",
; "asnOrg": "string",
; "isp": "string",
; "org": "string"
; }
; },
; "remotePortDetails": {
; "port": number,
; "portName": "string"
; }
; },
; "portProbeAction": {
; "blocked": boolean,
; "portProbeDetails": [
; {
; "localIpDetails": {
; "ipAddressV4": "string"
; },
; "localPortDetails": {
; "port": number,
; "portName": "string"
; },
; "remoteIpDetails": {
; "city": {
; "cityName": "string"
; },
; "country": {
; "countryCode": "string",
; "countryName": "string"
; },
; "geoLocation": {
; "lat": number,
; "lon": number
; },
; "ipAddressV4": "string",
; "organization": {
; "asn": "string",
; "asnOrg": "string",
; "isp": "string",
; "org": "string"
; }
; }
; }
; ]
; }
; },
; "archived": boolean,
; "count": number,
; "detectorId": "string",
; "eventFirstSeen": "string",
; "eventLastSeen": "string",
; "evidence": {
; "threatIntelligenceDetails": [
; {
; "threatListName": "string",
; "threatNames": [
; "string"
; ]
; }
; ]
; },
; "resourceRole": "string",
; "serviceName": "string",
; "userFeedback": "string"
; },
; "severity": number,
; "title": "string",
; "type": "string",
; "updatedAt": "string"
; }
; ]
; }
CkRest::ckDispose(rest)
CkAuthAws::ckDispose(authAws)
CkJsonObject::ckDispose(json)
CkStringBuilder::ckDispose(sbRequestBody)
CkStringBuilder::ckDispose(sbResponseBody)
CkJsonObject::ckDispose(jResp)
ProcedureReturn
EndProcedure
