GetFindings TCL Example
load ./chilkat.dll
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set rest [new_CkRest]
set authAws [new_CkAuthAws]
CkAuthAws_put_AccessKey $authAws "AWS_ACCESS_KEY"
CkAuthAws_put_SecretKey $authAws "AWS_SECRET_KEY"
# Don't forget to change the region to your particular region. (Also make the same change in the call to Connect below.)
CkAuthAws_put_Region $authAws "us-west-2"
CkAuthAws_put_ServiceName $authAws "guardduty"
# SetAuthAws causes Chilkat to automatically add the following headers: Authorization, X-Amz-Date
CkRest_SetAuthAws $rest $authAws
# URL: https://guardduty.us-west-2.amazonaws.com/
# Use the same region as specified above.
set success [CkRest_Connect $rest "guardduty.us-west-2.amazonaws.com" 443 1 1]
if {$success != 1} then {
puts "ConnectFailReason: [CkRest_get_ConnectFailReason $rest]"
puts [CkRest_lastErrorText $rest]
delete_CkRest $rest
delete_CkAuthAws $authAws
exit
}
# The following code creates the JSON request body.
# The JSON created by this code is shown below.
# Use this online tool to generate code from sample JSON:
# Generate Code to Create JSON
set json [new_CkJsonObject]
CkJsonObject_UpdateString $json "findingIds[0]" "string"
CkJsonObject_UpdateString $json "sortCriteria.attributeName" "string"
CkJsonObject_UpdateString $json "sortCriteria.orderBy" "string"
# The JSON request body created by the above code:
# {
# "findingIds": [
# "string"
# ],
# "sortCriteria": {
# "attributeName": "string",
# "orderBy": "string"
# }
# }
CkRest_AddHeader $rest "Content-Type" "application/x-amz-json-1.1"
CkRest_AddHeader $rest "X-Amz-Target" "GetFindings"
set sbRequestBody [new_CkStringBuilder]
CkJsonObject_EmitSb $json $sbRequestBody
set sbResponseBody [new_CkStringBuilder]
set success [CkRest_FullRequestSb $rest "POST" "/detector/{detectorId}/findings/get" $sbRequestBody $sbResponseBody]
if {$success != 1} then {
puts [CkRest_lastErrorText $rest]
delete_CkRest $rest
delete_CkAuthAws $authAws
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
delete_CkStringBuilder $sbResponseBody
exit
}
set respStatusCode [CkRest_get_ResponseStatusCode $rest]
puts "response status code = $respStatusCode"
if {$respStatusCode != 200} then {
puts "Response Header:"
puts [CkRest_responseHeader $rest]
puts "Response Body:"
puts [CkStringBuilder_getAsString $sbResponseBody]
delete_CkRest $rest
delete_CkAuthAws $authAws
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
delete_CkStringBuilder $sbResponseBody
exit
}
set jResp [new_CkJsonObject]
CkJsonObject_LoadSb $jResp $sbResponseBody
# The following code parses the JSON response.
# A sample JSON response is shown below the sample code.
# Use this online tool to generate parsing code from sample JSON:
# Generate Parsing Code from JSON
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "findings"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set accountId [CkJsonObject_stringOf $jResp "findings[i].accountId"]
set arn [CkJsonObject_stringOf $jResp "findings[i].arn"]
set confidence [CkJsonObject_IntOf $jResp "findings[i].confidence"]
set createdAt [CkJsonObject_stringOf $jResp "findings[i].createdAt"]
set description [CkJsonObject_stringOf $jResp "findings[i].description"]
set id [CkJsonObject_stringOf $jResp "findings[i].id"]
set partition [CkJsonObject_stringOf $jResp "findings[i].partition"]
set region [CkJsonObject_stringOf $jResp "findings[i].region"]
set AccessKeyId [CkJsonObject_stringOf $jResp "findings[i].resource.accessKeyDetails.accessKeyId"]
set PrincipalId [CkJsonObject_stringOf $jResp "findings[i].resource.accessKeyDetails.principalId"]
set UserName [CkJsonObject_stringOf $jResp "findings[i].resource.accessKeyDetails.userName"]
set UserType [CkJsonObject_stringOf $jResp "findings[i].resource.accessKeyDetails.userType"]
set Arn [CkJsonObject_stringOf $jResp "findings[i].resource.eksClusterDetails.arn"]
set CreatedAt [CkJsonObject_IntOf $jResp "findings[i].resource.eksClusterDetails.createdAt"]
set Name [CkJsonObject_stringOf $jResp "findings[i].resource.eksClusterDetails.name"]
set Status [CkJsonObject_stringOf $jResp "findings[i].resource.eksClusterDetails.status"]
set VpcId [CkJsonObject_stringOf $jResp "findings[i].resource.eksClusterDetails.vpcId"]
set AvailabilityZone [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.availabilityZone"]
set IamInstanceProfileArn [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.iamInstanceProfile.arn"]
set Id [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.iamInstanceProfile.id"]
set ImageDescription [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.imageDescription"]
set ImageId [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.imageId"]
set InstanceId [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.instanceId"]
set InstanceState [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.instanceState"]
set InstanceType [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.instanceType"]
set LaunchTime [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.launchTime"]
set OutpostArn [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.outpostArn"]
set Platform [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.platform"]
set Uid [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesUserDetails.uid"]
set Username [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesUserDetails.username"]
set HostNetwork [CkJsonObject_IntOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.hostNetwork"]
set KubernetesWorkloadDetailsName [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.name"]
set Namespace [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.namespace"]
set v_Type [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.type"]
set KubernetesWorkloadDetailsUid [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.uid"]
set ResourceType [CkJsonObject_stringOf $jResp "findings[i].resource.resourceType"]
set schemaVersion [CkJsonObject_stringOf $jResp "findings[i].schemaVersion"]
set ActionType [CkJsonObject_stringOf $jResp "findings[i].service.action.actionType"]
set Api [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.api"]
set CallerType [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.callerType"]
set Domain [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.domainDetails.domain"]
set ErrorCode [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.errorCode"]
set AccountId [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteAccountDetails.accountId"]
set Affiliated [CkJsonObject_IntOf $jResp "findings[i].service.action.awsApiCallAction.remoteAccountDetails.affiliated"]
set CityName [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.city.cityName"]
set CountryCode [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryCode"]
set CountryName [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryName"]
set Lat [CkJsonObject_IntOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lat"]
set Lon [CkJsonObject_IntOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lon"]
set IpAddressV4 [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.ipAddressV4"]
set v_Asn [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asn"]
set AsnOrg [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg"]
set Isp [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.isp"]
set Org [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.org"]
set ServiceName [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.serviceName"]
set UserAgent [CkJsonObject_stringOf $jResp "findings[i].service.action.awsApiCallAction.userAgent"]
set DnsRequestActionDomain [CkJsonObject_stringOf $jResp "findings[i].service.action.dnsRequestAction.domain"]
set Parameters [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.parameters"]
set CityCityName [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.city.cityName"]
set CountryCountryCode [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryCode"]
set CountryCountryName [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryName"]
set GeoLocationLat [CkJsonObject_IntOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lat"]
set GeoLocationLon [CkJsonObject_IntOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lon"]
set RemoteIpDetailsIpAddressV4 [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4"]
set OrganizationAsn [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn"]
set OrganizationAsnOrg [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asnOrg"]
set OrganizationIsp [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.isp"]
set OrganizationOrg [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.org"]
set RequestUri [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.requestUri"]
set StatusCode [CkJsonObject_IntOf $jResp "findings[i].service.action.kubernetesApiCallAction.statusCode"]
set KubernetesApiCallActionUserAgent [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.userAgent"]
set Verb [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.verb"]
set Blocked [CkJsonObject_IntOf $jResp "findings[i].service.action.networkConnectionAction.blocked"]
set ConnectionDirection [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.connectionDirection"]
set LocalIpDetailsIpAddressV4 [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.localIpDetails.ipAddressV4"]
set Port [CkJsonObject_IntOf $jResp "findings[i].service.action.networkConnectionAction.localPortDetails.port"]
set PortName [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.localPortDetails.portName"]
set Protocol [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.protocol"]
set CityCityName [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.city.cityName"]
set CountryCountryCode [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryCode"]
set CountryCountryName [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryName"]
set GeoLocationLat [CkJsonObject_IntOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lat"]
set GeoLocationLon [CkJsonObject_IntOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lon"]
set RemoteIpDetailsIpAddressV4 [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.ipAddressV4"]
set OrganizationAsn [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asn"]
set OrganizationAsnOrg [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg"]
set OrganizationIsp [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.isp"]
set OrganizationOrg [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.org"]
set RemotePortDetailsPort [CkJsonObject_IntOf $jResp "findings[i].service.action.networkConnectionAction.remotePortDetails.port"]
set RemotePortDetailsPortName [CkJsonObject_stringOf $jResp "findings[i].service.action.networkConnectionAction.remotePortDetails.portName"]
set PortProbeActionBlocked [CkJsonObject_IntOf $jResp "findings[i].service.action.portProbeAction.blocked"]
set Archived [CkJsonObject_IntOf $jResp "findings[i].service.archived"]
set Count [CkJsonObject_IntOf $jResp "findings[i].service.count"]
set DetectorId [CkJsonObject_stringOf $jResp "findings[i].service.detectorId"]
set EventFirstSeen [CkJsonObject_stringOf $jResp "findings[i].service.eventFirstSeen"]
set EventLastSeen [CkJsonObject_stringOf $jResp "findings[i].service.eventLastSeen"]
set ResourceRole [CkJsonObject_stringOf $jResp "findings[i].service.resourceRole"]
set serviceServiceName [CkJsonObject_stringOf $jResp "findings[i].service.serviceName"]
set UserFeedback [CkJsonObject_stringOf $jResp "findings[i].service.userFeedback"]
set severity [CkJsonObject_IntOf $jResp "findings[i].severity"]
set title [CkJsonObject_stringOf $jResp "findings[i].title"]
set v_type [CkJsonObject_stringOf $jResp "findings[i].type"]
set updatedAt [CkJsonObject_stringOf $jResp "findings[i].updatedAt"]
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].resource.eksClusterDetails.tags"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set key [CkJsonObject_stringOf $jResp "findings[i].resource.eksClusterDetails.tags[j].key"]
set value [CkJsonObject_stringOf $jResp "findings[i].resource.eksClusterDetails.tags[j].value"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].resource.instanceDetails.networkInterfaces"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set networkInterfaceId [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].networkInterfaceId"]
set privateDnsName [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].privateDnsName"]
set privateIpAddress [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddress"]
set publicDnsName [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].publicDnsName"]
set publicIp [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].publicIp"]
set subnetId [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].subnetId"]
set vpcId [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].vpcId"]
set k 0
set count_k [CkJsonObject_SizeOfArray $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses"]
while {$k < $count_k} {
CkJsonObject_put_K $jResp $k
set strVal [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses[k]"]
set k [expr $k + 1]
}
set k 0
set count_k [CkJsonObject_SizeOfArray $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses"]
while {$k < $count_k} {
CkJsonObject_put_K $jResp $k
set privateDnsName [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateDnsName"]
set privateIpAddress [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateIpAddress"]
set k [expr $k + 1]
}
set k 0
set count_k [CkJsonObject_SizeOfArray $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups"]
while {$k < $count_k} {
CkJsonObject_put_K $jResp $k
set groupId [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupId"]
set groupName [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupName"]
set k [expr $k + 1]
}
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].resource.instanceDetails.productCodes"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set code [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.productCodes[j].code"]
set productType [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.productCodes[j].productType"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].resource.instanceDetails.tags"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set key [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.tags[j].key"]
set value [CkJsonObject_stringOf $jResp "findings[i].resource.instanceDetails.tags[j].value"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set strVal [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups[j]"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set containerRuntime [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].containerRuntime"]
set id [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].id"]
set image [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].image"]
set imagePrefix [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].imagePrefix"]
set name [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].name"]
set Privileged [CkJsonObject_IntOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].securityContext.privileged"]
set k 0
set count_k [CkJsonObject_SizeOfArray $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts"]
while {$k < $count_k} {
CkJsonObject_put_K $jResp $k
set mountPath [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].mountPath"]
set name [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].name"]
set k [expr $k + 1]
}
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set Path [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].hostPath.path"]
set name [CkJsonObject_stringOf $jResp "findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].name"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].resource.s3BucketDetails"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set arn [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].arn"]
set createdAt_int [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].createdAt"]
set EncryptionType [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.encryptionType"]
set KmsMasterKeyArn [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.kmsMasterKeyArn"]
set name [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].name"]
set ownerId [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].owner.id"]
set EffectivePermission [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.effectivePermission"]
set BlockPublicAcls [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls"]
set BlockPublicPolicy [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy"]
set IgnorePublicAcls [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls"]
set RestrictPublicBuckets [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets"]
set AllowsPublicReadAccess [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess"]
set AllowsPublicWriteAccess [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess"]
set BlockPublicAccessBlockPublicAcls [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls"]
set BlockPublicAccessBlockPublicPolicy [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy"]
set BlockPublicAccessIgnorePublicAcls [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls"]
set BlockPublicAccessRestrictPublicBuckets [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets"]
set BucketPolicyAllowsPublicReadAccess [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess"]
set BucketPolicyAllowsPublicWriteAccess [CkJsonObject_IntOf $jResp "findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess"]
set v_type [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].type"]
set k 0
set count_k [CkJsonObject_SizeOfArray $jResp "findings[i].resource.s3BucketDetails[j].tags"]
while {$k < $count_k} {
CkJsonObject_put_K $jResp $k
set key [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].tags[k].key"]
set value [CkJsonObject_stringOf $jResp "findings[i].resource.s3BucketDetails[j].tags[k].value"]
set k [expr $k + 1]
}
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].service.action.kubernetesApiCallAction.sourceIps"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set strVal [CkJsonObject_stringOf $jResp "findings[i].service.action.kubernetesApiCallAction.sourceIps[j]"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].service.action.portProbeAction.portProbeDetails"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set localIpDetailsIpAddressV4 [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].localIpDetails.ipAddressV4"]
set localPortDetailsPort [CkJsonObject_IntOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.port"]
set localPortDetailsPortName [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.portName"]
set CityCityName [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.city.cityName"]
set CountryCountryCode [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryCode"]
set CountryCountryName [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryName"]
set GeoLocationLat [CkJsonObject_IntOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lat"]
set GeoLocationLon [CkJsonObject_IntOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lon"]
set remoteIpDetailsIpAddressV4 [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.ipAddressV4"]
set OrganizationAsn [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asn"]
set OrganizationAsnOrg [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asnOrg"]
set OrganizationIsp [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.isp"]
set OrganizationOrg [CkJsonObject_stringOf $jResp "findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.org"]
set j [expr $j + 1]
}
set j 0
set count_j [CkJsonObject_SizeOfArray $jResp "findings[i].service.evidence.threatIntelligenceDetails"]
while {$j < $count_j} {
CkJsonObject_put_J $jResp $j
set threatListName [CkJsonObject_stringOf $jResp "findings[i].service.evidence.threatIntelligenceDetails[j].threatListName"]
set k 0
set count_k [CkJsonObject_SizeOfArray $jResp "findings[i].service.evidence.threatIntelligenceDetails[j].threatNames"]
while {$k < $count_k} {
CkJsonObject_put_K $jResp $k
set strVal [CkJsonObject_stringOf $jResp "findings[i].service.evidence.threatIntelligenceDetails[j].threatNames[k]"]
set k [expr $k + 1]
}
set j [expr $j + 1]
}
set i [expr $i + 1]
}
# A sample JSON response body parsed by the above code:
# {
# "findings": [
# {
# "accountId": "string",
# "arn": "string",
# "confidence": number,
# "createdAt": "string",
# "description": "string",
# "id": "string",
# "partition": "string",
# "region": "string",
# "resource": {
# "accessKeyDetails": {
# "accessKeyId": "string",
# "principalId": "string",
# "userName": "string",
# "userType": "string"
# },
# "eksClusterDetails": {
# "arn": "string",
# "createdAt": number,
# "name": "string",
# "status": "string",
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ],
# "vpcId": "string"
# },
# "instanceDetails": {
# "availabilityZone": "string",
# "iamInstanceProfile": {
# "arn": "string",
# "id": "string"
# },
# "imageDescription": "string",
# "imageId": "string",
# "instanceId": "string",
# "instanceState": "string",
# "instanceType": "string",
# "launchTime": "string",
# "networkInterfaces": [
# {
# "ipv6Addresses": [
# "string"
# ],
# "networkInterfaceId": "string",
# "privateDnsName": "string",
# "privateIpAddress": "string",
# "privateIpAddresses": [
# {
# "privateDnsName": "string",
# "privateIpAddress": "string"
# }
# ],
# "publicDnsName": "string",
# "publicIp": "string",
# "securityGroups": [
# {
# "groupId": "string",
# "groupName": "string"
# }
# ],
# "subnetId": "string",
# "vpcId": "string"
# }
# ],
# "outpostArn": "string",
# "platform": "string",
# "productCodes": [
# {
# "code": "string",
# "productType": "string"
# }
# ],
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ]
# },
# "kubernetesDetails": {
# "kubernetesUserDetails": {
# "groups": [
# "string"
# ],
# "uid": "string",
# "username": "string"
# },
# "kubernetesWorkloadDetails": {
# "containers": [
# {
# "containerRuntime": "string",
# "id": "string",
# "image": "string",
# "imagePrefix": "string",
# "name": "string",
# "securityContext": {
# "privileged": boolean
# },
# "volumeMounts": [
# {
# "mountPath": "string",
# "name": "string"
# }
# ]
# }
# ],
# "hostNetwork": boolean,
# "name": "string",
# "namespace": "string",
# "type": "string",
# "uid": "string",
# "volumes": [
# {
# "hostPath": {
# "path": "string"
# },
# "name": "string"
# }
# ]
# }
# },
# "resourceType": "string",
# "s3BucketDetails": [
# {
# "arn": "string",
# "createdAt": number,
# "defaultServerSideEncryption": {
# "encryptionType": "string",
# "kmsMasterKeyArn": "string"
# },
# "name": "string",
# "owner": {
# "id": "string"
# },
# "publicAccess": {
# "effectivePermission": "string",
# "permissionConfiguration": {
# "accountLevelPermissions": {
# "blockPublicAccess": {
# "blockPublicAcls": boolean,
# "blockPublicPolicy": boolean,
# "ignorePublicAcls": boolean,
# "restrictPublicBuckets": boolean
# }
# },
# "bucketLevelPermissions": {
# "accessControlList": {
# "allowsPublicReadAccess": boolean,
# "allowsPublicWriteAccess": boolean
# },
# "blockPublicAccess": {
# "blockPublicAcls": boolean,
# "blockPublicPolicy": boolean,
# "ignorePublicAcls": boolean,
# "restrictPublicBuckets": boolean
# },
# "bucketPolicy": {
# "allowsPublicReadAccess": boolean,
# "allowsPublicWriteAccess": boolean
# }
# }
# }
# },
# "tags": [
# {
# "key": "string",
# "value": "string"
# }
# ],
# "type": "string"
# }
# ]
# },
# "schemaVersion": "string",
# "service": {
# "action": {
# "actionType": "string",
# "awsApiCallAction": {
# "api": "string",
# "callerType": "string",
# "domainDetails": {
# "domain": "string"
# },
# "errorCode": "string",
# "remoteAccountDetails": {
# "accountId": "string",
# "affiliated": boolean
# },
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "serviceName": "string",
# "userAgent": "string"
# },
# "dnsRequestAction": {
# "domain": "string"
# },
# "kubernetesApiCallAction": {
# "parameters": "string",
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "requestUri": "string",
# "sourceIps": [
# "string"
# ],
# "statusCode": number,
# "userAgent": "string",
# "verb": "string"
# },
# "networkConnectionAction": {
# "blocked": boolean,
# "connectionDirection": "string",
# "localIpDetails": {
# "ipAddressV4": "string"
# },
# "localPortDetails": {
# "port": number,
# "portName": "string"
# },
# "protocol": "string",
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# },
# "remotePortDetails": {
# "port": number,
# "portName": "string"
# }
# },
# "portProbeAction": {
# "blocked": boolean,
# "portProbeDetails": [
# {
# "localIpDetails": {
# "ipAddressV4": "string"
# },
# "localPortDetails": {
# "port": number,
# "portName": "string"
# },
# "remoteIpDetails": {
# "city": {
# "cityName": "string"
# },
# "country": {
# "countryCode": "string",
# "countryName": "string"
# },
# "geoLocation": {
# "lat": number,
# "lon": number
# },
# "ipAddressV4": "string",
# "organization": {
# "asn": "string",
# "asnOrg": "string",
# "isp": "string",
# "org": "string"
# }
# }
# }
# ]
# }
# },
# "archived": boolean,
# "count": number,
# "detectorId": "string",
# "eventFirstSeen": "string",
# "eventLastSeen": "string",
# "evidence": {
# "threatIntelligenceDetails": [
# {
# "threatListName": "string",
# "threatNames": [
# "string"
# ]
# }
# ]
# },
# "resourceRole": "string",
# "serviceName": "string",
# "userFeedback": "string"
# },
# "severity": number,
# "title": "string",
# "type": "string",
# "updatedAt": "string"
# }
# ]
# }
delete_CkRest $rest
delete_CkAuthAws $authAws
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
delete_CkStringBuilder $sbResponseBody
delete_CkJsonObject $jResp
