GetFindings Ruby Example
require 'chilkat'
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
rest = Chilkat::CkRest.new()
authAws = Chilkat::CkAuthAws.new()
authAws.put_AccessKey("AWS_ACCESS_KEY")
authAws.put_SecretKey("AWS_SECRET_KEY")
# Don't forget to change the region to your particular region. (Also make the same change in the call to Connect below.)
authAws.put_Region("us-west-2")
authAws.put_ServiceName("guardduty")
# SetAuthAws causes Chilkat to automatically add the following headers: Authorization, X-Amz-Date
rest.SetAuthAws(authAws)
# URL: https://guardduty.us-west-2.amazonaws.com/
# Use the same region as specified above.
success = rest.Connect("guardduty.us-west-2.amazonaws.com",443,true,true)
if (success != true)
print "ConnectFailReason: " + rest.get_ConnectFailReason().to_s() + "\n";
print rest.lastErrorText() + "\n";
exit
end
# The following code creates the JSON request body.
# The JSON created by this code is shown below.
# Use this online tool to generate code from sample JSON:
# Generate Code to Create JSON
json = Chilkat::CkJsonObject.new()
json.UpdateString("findingIds[0]","string")
json.UpdateString("sortCriteria.attributeName","string")
json.UpdateString("sortCriteria.orderBy","string")
# The JSON request body created by the above code:
# {
# "findingIds": [
# "string"
# ],
# "sortCriteria": {
# "attributeName": "string",
# "orderBy": "string"
# }
# }
rest.AddHeader("Content-Type","application/x-amz-json-1.1")
rest.AddHeader("X-Amz-Target","GetFindings")
sbRequestBody = Chilkat::CkStringBuilder.new()
json.EmitSb(sbRequestBody)
sbResponseBody = Chilkat::CkStringBuilder.new()
success = rest.FullRequestSb("POST","/detector/{detectorId}/findings/get",sbRequestBody,sbResponseBody)
if (success != true)
print rest.lastErrorText() + "\n";
exit
end
respStatusCode = rest.get_ResponseStatusCode()
print "response status code = " + respStatusCode.to_s() + "\n";
if (respStatusCode != 200)
print "Response Header:" + "\n";
print rest.responseHeader() + "\n";
print "Response Body:" + "\n";
print sbResponseBody.getAsString() + "\n";
exit
end
jResp = Chilkat::CkJsonObject.new()
jResp.LoadSb(sbResponseBody)
# The following code parses the JSON response.
# A sample JSON response is shown below the sample code.
# Use this online tool to generate parsing code from sample JSON:
# Generate Parsing Code from JSON
i = 0
count_i = jResp.SizeOfArray("findings")
while i < count_i
jResp.put_I(i)
accountId = jResp.stringOf("findings[i].accountId")
arn = jResp.stringOf("findings[i].arn")
confidence = jResp.IntOf("findings[i].confidence")
createdAt = jResp.stringOf("findings[i].createdAt")
description = jResp.stringOf("findings[i].description")
id = jResp.stringOf("findings[i].id")
partition = jResp.stringOf("findings[i].partition")
region = jResp.stringOf("findings[i].region")
AccessKeyId = jResp.stringOf("findings[i].resource.accessKeyDetails.accessKeyId")
PrincipalId = jResp.stringOf("findings[i].resource.accessKeyDetails.principalId")
UserName = jResp.stringOf("findings[i].resource.accessKeyDetails.userName")
UserType = jResp.stringOf("findings[i].resource.accessKeyDetails.userType")
Arn = jResp.stringOf("findings[i].resource.eksClusterDetails.arn")
CreatedAt = jResp.IntOf("findings[i].resource.eksClusterDetails.createdAt")
Name = jResp.stringOf("findings[i].resource.eksClusterDetails.name")
Status = jResp.stringOf("findings[i].resource.eksClusterDetails.status")
VpcId = jResp.stringOf("findings[i].resource.eksClusterDetails.vpcId")
AvailabilityZone = jResp.stringOf("findings[i].resource.instanceDetails.availabilityZone")
IamInstanceProfileArn = jResp.stringOf("findings[i].resource.instanceDetails.iamInstanceProfile.arn")
Id = jResp.stringOf("findings[i].resource.instanceDetails.iamInstanceProfile.id")
ImageDescription = jResp.stringOf("findings[i].resource.instanceDetails.imageDescription")
ImageId = jResp.stringOf("findings[i].resource.instanceDetails.imageId")
InstanceId = jResp.stringOf("findings[i].resource.instanceDetails.instanceId")
InstanceState = jResp.stringOf("findings[i].resource.instanceDetails.instanceState")
InstanceType = jResp.stringOf("findings[i].resource.instanceDetails.instanceType")
LaunchTime = jResp.stringOf("findings[i].resource.instanceDetails.launchTime")
OutpostArn = jResp.stringOf("findings[i].resource.instanceDetails.outpostArn")
Platform = jResp.stringOf("findings[i].resource.instanceDetails.platform")
Uid = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.uid")
Username = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.username")
HostNetwork = jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.hostNetwork")
KubernetesWorkloadDetailsName = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.name")
Namespace = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.namespace")
v_Type = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.type")
KubernetesWorkloadDetailsUid = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.uid")
ResourceType = jResp.stringOf("findings[i].resource.resourceType")
schemaVersion = jResp.stringOf("findings[i].schemaVersion")
ActionType = jResp.stringOf("findings[i].service.action.actionType")
Api = jResp.stringOf("findings[i].service.action.awsApiCallAction.api")
CallerType = jResp.stringOf("findings[i].service.action.awsApiCallAction.callerType")
Domain = jResp.stringOf("findings[i].service.action.awsApiCallAction.domainDetails.domain")
ErrorCode = jResp.stringOf("findings[i].service.action.awsApiCallAction.errorCode")
AccountId = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.accountId")
Affiliated = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.affiliated")
CityName = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.city.cityName")
CountryCode = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryCode")
CountryName = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryName")
Lat = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lat")
Lon = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lon")
IpAddressV4 = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.ipAddressV4")
v_Asn = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asn")
AsnOrg = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg")
Isp = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.isp")
Org = jResp.stringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.org")
ServiceName = jResp.stringOf("findings[i].service.action.awsApiCallAction.serviceName")
UserAgent = jResp.stringOf("findings[i].service.action.awsApiCallAction.userAgent")
DnsRequestActionDomain = jResp.stringOf("findings[i].service.action.dnsRequestAction.domain")
Parameters = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.parameters")
CityCityName = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.city.cityName")
CountryCountryCode = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryCode")
CountryCountryName = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.isp")
OrganizationOrg = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.org")
RequestUri = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.requestUri")
StatusCode = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.statusCode")
KubernetesApiCallActionUserAgent = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.userAgent")
Verb = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.verb")
Blocked = jResp.IntOf("findings[i].service.action.networkConnectionAction.blocked")
ConnectionDirection = jResp.stringOf("findings[i].service.action.networkConnectionAction.connectionDirection")
LocalIpDetailsIpAddressV4 = jResp.stringOf("findings[i].service.action.networkConnectionAction.localIpDetails.ipAddressV4")
Port = jResp.IntOf("findings[i].service.action.networkConnectionAction.localPortDetails.port")
PortName = jResp.stringOf("findings[i].service.action.networkConnectionAction.localPortDetails.portName")
Protocol = jResp.stringOf("findings[i].service.action.networkConnectionAction.protocol")
CityCityName = jResp.stringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.city.cityName")
CountryCountryCode = jResp.stringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryCode")
CountryCountryName = jResp.stringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = jResp.stringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.stringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.stringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.stringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.isp")
OrganizationOrg = jResp.stringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.org")
RemotePortDetailsPort = jResp.IntOf("findings[i].service.action.networkConnectionAction.remotePortDetails.port")
RemotePortDetailsPortName = jResp.stringOf("findings[i].service.action.networkConnectionAction.remotePortDetails.portName")
PortProbeActionBlocked = jResp.IntOf("findings[i].service.action.portProbeAction.blocked")
Archived = jResp.IntOf("findings[i].service.archived")
Count = jResp.IntOf("findings[i].service.count")
DetectorId = jResp.stringOf("findings[i].service.detectorId")
EventFirstSeen = jResp.stringOf("findings[i].service.eventFirstSeen")
EventLastSeen = jResp.stringOf("findings[i].service.eventLastSeen")
ResourceRole = jResp.stringOf("findings[i].service.resourceRole")
serviceServiceName = jResp.stringOf("findings[i].service.serviceName")
UserFeedback = jResp.stringOf("findings[i].service.userFeedback")
severity = jResp.IntOf("findings[i].severity")
title = jResp.stringOf("findings[i].title")
v_type = jResp.stringOf("findings[i].type")
updatedAt = jResp.stringOf("findings[i].updatedAt")
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.eksClusterDetails.tags")
while j < count_j
jResp.put_J(j)
key = jResp.stringOf("findings[i].resource.eksClusterDetails.tags[j].key")
value = jResp.stringOf("findings[i].resource.eksClusterDetails.tags[j].value")
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces")
while j < count_j
jResp.put_J(j)
networkInterfaceId = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].networkInterfaceId")
privateDnsName = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateDnsName")
privateIpAddress = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddress")
publicDnsName = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicDnsName")
publicIp = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicIp")
subnetId = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].subnetId")
vpcId = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].vpcId")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses")
while k < count_k
jResp.put_K(k)
strVal = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses[k]")
k = k + 1
end
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses")
while k < count_k
jResp.put_K(k)
privateDnsName = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateDnsName")
privateIpAddress = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateIpAddress")
k = k + 1
end
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups")
while k < count_k
jResp.put_K(k)
groupId = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupId")
groupName = jResp.stringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupName")
k = k + 1
end
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.productCodes")
while j < count_j
jResp.put_J(j)
code = jResp.stringOf("findings[i].resource.instanceDetails.productCodes[j].code")
productType = jResp.stringOf("findings[i].resource.instanceDetails.productCodes[j].productType")
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.tags")
while j < count_j
jResp.put_J(j)
key = jResp.stringOf("findings[i].resource.instanceDetails.tags[j].key")
value = jResp.stringOf("findings[i].resource.instanceDetails.tags[j].value")
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups")
while j < count_j
jResp.put_J(j)
strVal = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups[j]")
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers")
while j < count_j
jResp.put_J(j)
containerRuntime = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].containerRuntime")
id = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].id")
image = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].image")
imagePrefix = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].imagePrefix")
name = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].name")
Privileged = jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].securityContext.privileged")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts")
while k < count_k
jResp.put_K(k)
mountPath = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].mountPath")
name = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].name")
k = k + 1
end
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes")
while j < count_j
jResp.put_J(j)
Path = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].hostPath.path")
name = jResp.stringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].name")
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.s3BucketDetails")
while j < count_j
jResp.put_J(j)
arn = jResp.stringOf("findings[i].resource.s3BucketDetails[j].arn")
createdAt_int = jResp.IntOf("findings[i].resource.s3BucketDetails[j].createdAt")
EncryptionType = jResp.stringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.encryptionType")
KmsMasterKeyArn = jResp.stringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.kmsMasterKeyArn")
name = jResp.stringOf("findings[i].resource.s3BucketDetails[j].name")
ownerId = jResp.stringOf("findings[i].resource.s3BucketDetails[j].owner.id")
EffectivePermission = jResp.stringOf("findings[i].resource.s3BucketDetails[j].publicAccess.effectivePermission")
BlockPublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicPolicy = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy")
IgnorePublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls")
RestrictPublicBuckets = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets")
AllowsPublicReadAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess")
AllowsPublicWriteAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess")
BlockPublicAccessBlockPublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicAccessBlockPublicPolicy = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy")
BlockPublicAccessIgnorePublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls")
BlockPublicAccessRestrictPublicBuckets = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets")
BucketPolicyAllowsPublicReadAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess")
BucketPolicyAllowsPublicWriteAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess")
v_type = jResp.stringOf("findings[i].resource.s3BucketDetails[j].type")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.s3BucketDetails[j].tags")
while k < count_k
jResp.put_K(k)
key = jResp.stringOf("findings[i].resource.s3BucketDetails[j].tags[k].key")
value = jResp.stringOf("findings[i].resource.s3BucketDetails[j].tags[k].value")
k = k + 1
end
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].service.action.kubernetesApiCallAction.sourceIps")
while j < count_j
jResp.put_J(j)
strVal = jResp.stringOf("findings[i].service.action.kubernetesApiCallAction.sourceIps[j]")
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].service.action.portProbeAction.portProbeDetails")
while j < count_j
jResp.put_J(j)
localIpDetailsIpAddressV4 = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localIpDetails.ipAddressV4")
localPortDetailsPort = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.port")
localPortDetailsPortName = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.portName")
CityCityName = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.city.cityName")
CountryCountryCode = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryCode")
CountryCountryName = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lon")
remoteIpDetailsIpAddressV4 = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.isp")
OrganizationOrg = jResp.stringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.org")
j = j + 1
end
j = 0
count_j = jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails")
while j < count_j
jResp.put_J(j)
threatListName = jResp.stringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatListName")
k = 0
count_k = jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames")
while k < count_k
jResp.put_K(k)
strVal = jResp.stringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames[k]")
k = k + 1
end
j = j + 1
end
i = i + 1
end
# A sample JSON response body parsed by the above code:
# {
# "findings": [
# {
# "accountId": "string",
# "arn": "string",
# "confidence": number,
# "createdAt": "string",
# "description": "string",
# "id": "string",
# "partition": "string",
# "region": "string",
# "resource": {
# "accessKeyDetails": {
# "accessKeyId": "string",
# "principalId": "string",
# "userName": "string",
# "userType": "string"
# },
# "eksClusterDetails": {
# "arn": "string",
# "createdAt": number,
# "name": "string",
# "status": "string",
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ],
# "vpcId": "string"
# },
# "instanceDetails": {
# "availabilityZone": "string",
# "iamInstanceProfile": {
# "arn": "string",
# "id": "string"
# },
# "imageDescription": "string",
# "imageId": "string",
# "instanceId": "string",
# "instanceState": "string",
# "instanceType": "string",
# "launchTime": "string",
# "networkInterfaces": [
# {
# "ipv6Addresses": [
# "string"
# ],
# "networkInterfaceId": "string",
# "privateDnsName": "string",
# "privateIpAddress": "string",
# "privateIpAddresses": [
# {
# "privateDnsName": "string",
# "privateIpAddress": "string"
# }
# ],
# "publicDnsName": "string",
# "publicIp": "string",
# "securityGroups": [
# {
# "groupId": "string",
# "groupName": "string"
# }
# ],
# "subnetId": "string",
# "vpcId": "string"
# }
# ],
# "outpostArn": "string",
# "platform": "string",
# "productCodes": [
# {
# "code": "string",
# "productType": "string"
# }
# ],
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ]
# },
# "kubernetesDetails": {
# "kubernetesUserDetails": {
# "groups": [
# "string"
# ],
# "uid": "string",
# "username": "string"
# },
# "kubernetesWorkloadDetails": {
# "containers": [
# {
# "containerRuntime": "string",
# "id": "string",
# "image": "string",
# "imagePrefix": "string",
# "name": "string",
# "securityContext": {
# "privileged": boolean
# },
# "volumeMounts": [
# {
# "mountPath": "string",
# "name": "string"
# }
# ]
# }
# ],
# "hostNetwork": boolean,
# "name": "string",
# "namespace": "string",
# "type": "string",
# "uid": "string",
# "volumes": [
# {
# "hostPath": {
# "path": "string"
# },
# "name": "string"
# }
# ]
# }
# },
# "resourceType": "string",
# "s3BucketDetails": [
# {
# "arn": "string",
# "createdAt": number,
# "defaultServerSideEncryption": {
# "encryptionType": "string",
# "kmsMasterKeyArn": "string"
# },
# "name": "string",
# "owner": {
# "id": "string"
# },
# "publicAccess": {
# "effectivePermission": "string",
# "permissionConfiguration": {
# "accountLevelPermissions": {
# "blockPublicAccess": {
# "blockPublicAcls": boolean,
# "blockPublicPolicy": boolean,
# "ignorePublicAcls": boolean,
# "restrictPublicBuckets": boolean
# }
# },
# "bucketLevelPermissions": {
# "accessControlList": {
# "allowsPublicReadAccess": boolean,
# "allowsPublicWriteAccess": boolean
# },
# "blockPublicAccess": {
# "blockPublicAcls": boolean,
# "blockPublicPolicy": boolean,
# "ignorePublicAcls": boolean,
# "restrictPublicBuckets": boolean
# },
# "bucketPolicy": {
# "allowsPublicReadAccess": boolean,
# "allowsPublicWriteAccess": boolean
# }
# }
# }
# },
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ],
# "type": "string"
# }
# ]
# },
# "schemaVersion": "string",
# "service": {
# "action": {
# "actionType": "string",
# "awsApiCallAction": {
# "api": "string",
# "callerType": "string",
# "domainDetails": {
# "domain": "string"
# },
# "errorCode": "string",
# "remoteAccountDetails": {
# "accountId": "string",
# "affiliated": boolean
# },
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "serviceName": "string",
# "userAgent": "string"
# },
# "dnsRequestAction": {
# "domain": "string"
# },
# "kubernetesApiCallAction": {
# "parameters": "string",
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "requestUri": "string",
# "sourceIps": [
# "string"
# ],
# "statusCode": number,
# "userAgent": "string",
# "verb": "string"
# },
# "networkConnectionAction": {
# "blocked": boolean,
# "connectionDirection": "string",
# "localIpDetails": {
# "ipAddressV4": "string"
# },
# "localPortDetails": {
# "port": number,
# "portName": "string"
# },
# "protocol": "string",
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "remotePortDetails": {
# "port": number,
# "portName": "string"
# }
# },
# "portProbeAction": {
# "blocked": boolean,
# "portProbeDetails": [
# {
# "localIpDetails": {
# "ipAddressV4": "string"
# },
# "localPortDetails": {
# "port": number,
# "portName": "string"
# },
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# }
# }
# ]
# }
# },
# "archived": boolean,
# "count": number,
# "detectorId": "string",
# "eventFirstSeen": "string",
# "eventLastSeen": "string",
# "evidence": {
# "threatIntelligenceDetails": [
# {
# "threatListName": "string",
# "threatNames": [
# "string"
# ]
# }
# ]
# },
# "resourceRole": "string",
# "serviceName": "string",
# "userFeedback": "string"
# },
# "severity": number,
# "title": "string",
# "type": "string",
# "updatedAt": "string"
# }
# ]
# }
