GetFindings VB6 Example
' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
Dim rest As New ChilkatRest
Dim success As Long
Dim authAws As New ChilkatAuthAws
authAws.AccessKey = "AWS_ACCESS_KEY"
authAws.SecretKey = "AWS_SECRET_KEY"
' Don't forget to change the region to your particular region. (Also make the same change in the call to Connect below.)
authAws.Region = "us-west-2"
authAws.ServiceName = "guardduty"
' SetAuthAws causes Chilkat to automatically add the following headers: Authorization, X-Amz-Date
success = rest.SetAuthAws(authAws)
' URL: https://guardduty.us-west-2.amazonaws.com/
' Use the same region as specified above.
success = rest.Connect("guardduty.us-west-2.amazonaws.com",443,1,1)
If (success <> 1) Then
Debug.Print "ConnectFailReason: " & rest.ConnectFailReason
Debug.Print rest.LastErrorText
Exit Sub
End If
' The following code creates the JSON request body.
' The JSON created by this code is shown below.
' Use this online tool to generate code from sample JSON:
' Generate Code to Create JSON
Dim json As New ChilkatJsonObject
success = json.UpdateString("findingIds[0]","string")
success = json.UpdateString("sortCriteria.attributeName","string")
success = json.UpdateString("sortCriteria.orderBy","string")
' The JSON request body created by the above code:
' {
' "findingIds": [
' "string"
' ],
' "sortCriteria": {
' "attributeName": "string",
' "orderBy": "string"
' }
' }
success = rest.AddHeader("Content-Type","application/x-amz-json-1.1")
success = rest.AddHeader("X-Amz-Target","GetFindings")
Dim sbRequestBody As New ChilkatStringBuilder
success = json.EmitSb(sbRequestBody)
Dim sbResponseBody As New ChilkatStringBuilder
success = rest.FullRequestSb("POST","/detector/{detectorId}/findings/get",sbRequestBody,sbResponseBody)
If (success <> 1) Then
Debug.Print rest.LastErrorText
Exit Sub
End If
Dim respStatusCode As Long
respStatusCode = rest.ResponseStatusCode
Debug.Print "response status code = " & respStatusCode
If (respStatusCode <> 200) Then
Debug.Print "Response Header:"
Debug.Print rest.ResponseHeader
Debug.Print "Response Body:"
Debug.Print sbResponseBody.GetAsString()
Exit Sub
End If
Dim jResp As New ChilkatJsonObject
success = jResp.LoadSb(sbResponseBody)
' The following code parses the JSON response.
' A sample JSON response is shown below the sample code.
' Use this online tool to generate parsing code from sample JSON:
' Generate Parsing Code from JSON
Dim accountId As String
Dim arn As String
Dim confidence As Long
Dim createdAt As String
Dim description As String
Dim id As String
Dim partition As String
Dim region As String
Dim AccessKeyId As String
Dim PrincipalId As String
Dim UserName As String
Dim UserType As String
Dim Arn As String
Dim CreatedAt As Long
Dim Name As String
Dim Status As String
Dim VpcId As String
Dim AvailabilityZone As String
Dim IamInstanceProfileArn As String
Dim Id As String
Dim ImageDescription As String
Dim ImageId As String
Dim InstanceId As String
Dim InstanceState As String
Dim InstanceType As String
Dim LaunchTime As String
Dim OutpostArn As String
Dim Platform As String
Dim Uid As String
Dim Username As String
Dim HostNetwork As Long
Dim KubernetesWorkloadDetailsName As String
Dim Namespace As String
Dim v_Type As String
Dim KubernetesWorkloadDetailsUid As String
Dim ResourceType As String
Dim schemaVersion As String
Dim ActionType As String
Dim Api As String
Dim CallerType As String
Dim Domain As String
Dim ErrorCode As String
Dim AccountId As String
Dim Affiliated As Long
Dim CityName As String
Dim CountryCode As String
Dim CountryName As String
Dim Lat As Long
Dim Lon As Long
Dim IpAddressV4 As String
Dim v_Asn As String
Dim AsnOrg As String
Dim Isp As String
Dim Org As String
Dim ServiceName As String
Dim UserAgent As String
Dim DnsRequestActionDomain As String
Dim Parameters As String
Dim CityCityName As String
Dim CountryCountryCode As String
Dim CountryCountryName As String
Dim GeoLocationLat As Long
Dim GeoLocationLon As Long
Dim RemoteIpDetailsIpAddressV4 As String
Dim OrganizationAsn As String
Dim OrganizationAsnOrg As String
Dim OrganizationIsp As String
Dim OrganizationOrg As String
Dim RequestUri As String
Dim StatusCode As Long
Dim KubernetesApiCallActionUserAgent As String
Dim Verb As String
Dim Blocked As Long
Dim ConnectionDirection As String
Dim LocalIpDetailsIpAddressV4 As String
Dim Port As Long
Dim PortName As String
Dim Protocol As String
Dim RemotePortDetailsPort As Long
Dim RemotePortDetailsPortName As String
Dim PortProbeActionBlocked As Long
Dim Archived As Long
Dim Count As Long
Dim DetectorId As String
Dim EventFirstSeen As String
Dim EventLastSeen As String
Dim ResourceRole As String
Dim serviceServiceName As String
Dim UserFeedback As String
Dim severity As Long
Dim title As String
Dim v_type As String
Dim updatedAt As String
Dim j As Long
Dim count_j As Long
Dim key As String
Dim value As String
Dim networkInterfaceId As String
Dim privateDnsName As String
Dim privateIpAddress As String
Dim publicDnsName As String
Dim publicIp As String
Dim subnetId As String
Dim vpcId As String
Dim k As Long
Dim count_k As Long
Dim strVal As String
Dim groupId As String
Dim groupName As String
Dim code As String
Dim productType As String
Dim containerRuntime As String
Dim image As String
Dim imagePrefix As String
Dim name As String
Dim Privileged As Long
Dim mountPath As String
Dim Path As String
Dim createdAt_int As Long
Dim EncryptionType As String
Dim KmsMasterKeyArn As String
Dim ownerId As String
Dim EffectivePermission As String
Dim BlockPublicAcls As Long
Dim BlockPublicPolicy As Long
Dim IgnorePublicAcls As Long
Dim RestrictPublicBuckets As Long
Dim AllowsPublicReadAccess As Long
Dim AllowsPublicWriteAccess As Long
Dim BlockPublicAccessBlockPublicAcls As Long
Dim BlockPublicAccessBlockPublicPolicy As Long
Dim BlockPublicAccessIgnorePublicAcls As Long
Dim BlockPublicAccessRestrictPublicBuckets As Long
Dim BucketPolicyAllowsPublicReadAccess As Long
Dim BucketPolicyAllowsPublicWriteAccess As Long
Dim localIpDetailsIpAddressV4 As String
Dim localPortDetailsPort As Long
Dim localPortDetailsPortName As String
Dim remoteIpDetailsIpAddressV4 As String
Dim threatListName As String
Dim i As Long
i = 0
Dim count_i As Long
count_i = jResp.SizeOfArray("findings")
Do While i < count_i
jResp.I = i
accountId = jResp.StringOf("findings[i].accountId")
arn = jResp.StringOf("findings[i].arn")
confidence = jResp.IntOf("findings[i].confidence")
createdAt = jResp.StringOf("findings[i].createdAt")
description = jResp.StringOf("findings[i].description")
id = jResp.StringOf("findings[i].id")
partition = jResp.StringOf("findings[i].partition")
region = jResp.StringOf("findings[i].region")
AccessKeyId = jResp.StringOf("findings[i].resource.accessKeyDetails.accessKeyId")
PrincipalId = jResp.StringOf("findings[i].resource.accessKeyDetails.principalId")
UserName = jResp.StringOf("findings[i].resource.accessKeyDetails.userName")
UserType = jResp.StringOf("findings[i].resource.accessKeyDetails.userType")
Arn = jResp.StringOf("findings[i].resource.eksClusterDetails.arn")
CreatedAt = jResp.IntOf("findings[i].resource.eksClusterDetails.createdAt")
Name = jResp.StringOf("findings[i].resource.eksClusterDetails.name")
Status = jResp.StringOf("findings[i].resource.eksClusterDetails.status")
VpcId = jResp.StringOf("findings[i].resource.eksClusterDetails.vpcId")
AvailabilityZone = jResp.StringOf("findings[i].resource.instanceDetails.availabilityZone")
IamInstanceProfileArn = jResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.arn")
Id = jResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.id")
ImageDescription = jResp.StringOf("findings[i].resource.instanceDetails.imageDescription")
ImageId = jResp.StringOf("findings[i].resource.instanceDetails.imageId")
InstanceId = jResp.StringOf("findings[i].resource.instanceDetails.instanceId")
InstanceState = jResp.StringOf("findings[i].resource.instanceDetails.instanceState")
InstanceType = jResp.StringOf("findings[i].resource.instanceDetails.instanceType")
LaunchTime = jResp.StringOf("findings[i].resource.instanceDetails.launchTime")
OutpostArn = jResp.StringOf("findings[i].resource.instanceDetails.outpostArn")
Platform = jResp.StringOf("findings[i].resource.instanceDetails.platform")
Uid = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.uid")
Username = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.username")
HostNetwork = jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.hostNetwork")
KubernetesWorkloadDetailsName = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.name")
Namespace = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.namespace")
v_Type = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.type")
KubernetesWorkloadDetailsUid = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.uid")
ResourceType = jResp.StringOf("findings[i].resource.resourceType")
schemaVersion = jResp.StringOf("findings[i].schemaVersion")
ActionType = jResp.StringOf("findings[i].service.action.actionType")
Api = jResp.StringOf("findings[i].service.action.awsApiCallAction.api")
CallerType = jResp.StringOf("findings[i].service.action.awsApiCallAction.callerType")
Domain = jResp.StringOf("findings[i].service.action.awsApiCallAction.domainDetails.domain")
ErrorCode = jResp.StringOf("findings[i].service.action.awsApiCallAction.errorCode")
AccountId = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.accountId")
Affiliated = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.affiliated")
CityName = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.city.cityName")
CountryCode = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryCode")
CountryName = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryName")
Lat = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lat")
Lon = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lon")
IpAddressV4 = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.ipAddressV4")
v_Asn = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asn")
AsnOrg = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg")
Isp = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.isp")
Org = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.org")
ServiceName = jResp.StringOf("findings[i].service.action.awsApiCallAction.serviceName")
UserAgent = jResp.StringOf("findings[i].service.action.awsApiCallAction.userAgent")
DnsRequestActionDomain = jResp.StringOf("findings[i].service.action.dnsRequestAction.domain")
Parameters = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.parameters")
CityCityName = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.org")
RequestUri = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.requestUri")
StatusCode = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.statusCode")
KubernetesApiCallActionUserAgent = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.userAgent")
Verb = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.verb")
Blocked = jResp.IntOf("findings[i].service.action.networkConnectionAction.blocked")
ConnectionDirection = jResp.StringOf("findings[i].service.action.networkConnectionAction.connectionDirection")
LocalIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.networkConnectionAction.localIpDetails.ipAddressV4")
Port = jResp.IntOf("findings[i].service.action.networkConnectionAction.localPortDetails.port")
PortName = jResp.StringOf("findings[i].service.action.networkConnectionAction.localPortDetails.portName")
Protocol = jResp.StringOf("findings[i].service.action.networkConnectionAction.protocol")
CityCityName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.org")
RemotePortDetailsPort = jResp.IntOf("findings[i].service.action.networkConnectionAction.remotePortDetails.port")
RemotePortDetailsPortName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remotePortDetails.portName")
PortProbeActionBlocked = jResp.IntOf("findings[i].service.action.portProbeAction.blocked")
Archived = jResp.IntOf("findings[i].service.archived")
Count = jResp.IntOf("findings[i].service.count")
DetectorId = jResp.StringOf("findings[i].service.detectorId")
EventFirstSeen = jResp.StringOf("findings[i].service.eventFirstSeen")
EventLastSeen = jResp.StringOf("findings[i].service.eventLastSeen")
ResourceRole = jResp.StringOf("findings[i].service.resourceRole")
serviceServiceName = jResp.StringOf("findings[i].service.serviceName")
UserFeedback = jResp.StringOf("findings[i].service.userFeedback")
severity = jResp.IntOf("findings[i].severity")
title = jResp.StringOf("findings[i].title")
v_type = jResp.StringOf("findings[i].type")
updatedAt = jResp.StringOf("findings[i].updatedAt")
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.eksClusterDetails.tags")
Do While j < count_j
jResp.J = j
key = jResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].key")
value = jResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].value")
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces")
Do While j < count_j
jResp.J = j
networkInterfaceId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].networkInterfaceId")
privateDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateDnsName")
privateIpAddress = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddress")
publicDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicDnsName")
publicIp = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicIp")
subnetId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].subnetId")
vpcId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].vpcId")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses")
Do While k < count_k
jResp.K = k
strVal = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses[k]")
k = k + 1
Loop
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses")
Do While k < count_k
jResp.K = k
privateDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateDnsName")
privateIpAddress = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateIpAddress")
k = k + 1
Loop
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups")
Do While k < count_k
jResp.K = k
groupId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupId")
groupName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupName")
k = k + 1
Loop
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.productCodes")
Do While j < count_j
jResp.J = j
code = jResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].code")
productType = jResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].productType")
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.tags")
Do While j < count_j
jResp.J = j
key = jResp.StringOf("findings[i].resource.instanceDetails.tags[j].key")
value = jResp.StringOf("findings[i].resource.instanceDetails.tags[j].value")
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups")
Do While j < count_j
jResp.J = j
strVal = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups[j]")
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers")
Do While j < count_j
jResp.J = j
containerRuntime = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].containerRuntime")
id = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].id")
image = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].image")
imagePrefix = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].imagePrefix")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].name")
Privileged = jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].securityContext.privileged")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts")
Do While k < count_k
jResp.K = k
mountPath = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].mountPath")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].name")
k = k + 1
Loop
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes")
Do While j < count_j
jResp.J = j
Path = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].hostPath.path")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].name")
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.s3BucketDetails")
Do While j < count_j
jResp.J = j
arn = jResp.StringOf("findings[i].resource.s3BucketDetails[j].arn")
createdAt_int = jResp.IntOf("findings[i].resource.s3BucketDetails[j].createdAt")
EncryptionType = jResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.encryptionType")
KmsMasterKeyArn = jResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.kmsMasterKeyArn")
name = jResp.StringOf("findings[i].resource.s3BucketDetails[j].name")
ownerId = jResp.StringOf("findings[i].resource.s3BucketDetails[j].owner.id")
EffectivePermission = jResp.StringOf("findings[i].resource.s3BucketDetails[j].publicAccess.effectivePermission")
BlockPublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicPolicy = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy")
IgnorePublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls")
RestrictPublicBuckets = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets")
AllowsPublicReadAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess")
AllowsPublicWriteAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess")
BlockPublicAccessBlockPublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicAccessBlockPublicPolicy = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy")
BlockPublicAccessIgnorePublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls")
BlockPublicAccessRestrictPublicBuckets = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets")
BucketPolicyAllowsPublicReadAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess")
BucketPolicyAllowsPublicWriteAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess")
v_type = jResp.StringOf("findings[i].resource.s3BucketDetails[j].type")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.s3BucketDetails[j].tags")
Do While k < count_k
jResp.K = k
key = jResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].key")
value = jResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].value")
k = k + 1
Loop
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].service.action.kubernetesApiCallAction.sourceIps")
Do While j < count_j
jResp.J = j
strVal = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.sourceIps[j]")
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].service.action.portProbeAction.portProbeDetails")
Do While j < count_j
jResp.J = j
localIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localIpDetails.ipAddressV4")
localPortDetailsPort = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.port")
localPortDetailsPortName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.portName")
CityCityName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lon")
remoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.org")
j = j + 1
Loop
j = 0
count_j = jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails")
Do While j < count_j
jResp.J = j
threatListName = jResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatListName")
k = 0
count_k = jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames")
Do While k < count_k
jResp.K = k
strVal = jResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames[k]")
k = k + 1
Loop
j = j + 1
Loop
i = i + 1
Loop
' A sample JSON response body parsed by the above code:
' {
' "findings": [
' {
' "accountId": "string",
' "arn": "string",
' "confidence": number,
' "createdAt": "string",
' "description": "string",
' "id": "string",
' "partition": "string",
' "region": "string",
' "resource": {
' "accessKeyDetails": {
' "accessKeyId": "string",
' "principalId": "string",
' "userName": "string",
' "userType": "string"
' },
' "eksClusterDetails": {
' "arn": "string",
' "createdAt": number,
' "name": "string",
' "status": "string",
' "tags": [
' {
' "key": "string",
' "value": "string"
' }
' ],
' "vpcId": "string"
' },
' "instanceDetails": {
' "availabilityZone": "string",
' "iamInstanceProfile": {
' "arn": "string",
' "id": "string"
' },
' "imageDescription": "string",
' "imageId": "string",
' "instanceId": "string",
' "instanceState": "string",
' "instanceType": "string",
' "launchTime": "string",
' "networkInterfaces": [
' {
' "ipv6Addresses": [
' "string"
' ],
' "networkInterfaceId": "string",
' "privateDnsName": "string",
' "privateIpAddress": "string",
' "privateIpAddresses": [
' {
' "privateDnsName": "string",
' "privateIpAddress": "string"
' }
' ],
' "publicDnsName": "string",
' "publicIp": "string",
' "securityGroups": [
' {
' "groupId": "string",
' "groupName": "string"
' }
' ],
' "subnetId": "string",
' "vpcId": "string"
' }
' ],
' "outpostArn": "string",
' "platform": "string",
' "productCodes": [
' {
' "code": "string",
' "productType": "string"
' }
' ],
' "tags": [
' {
' "key": "string",
' "value": "string"
' }
' ]
' },
' "kubernetesDetails": {
' "kubernetesUserDetails": {
' "groups": [
' "string"
' ],
' "uid": "string",
' "username": "string"
' },
' "kubernetesWorkloadDetails": {
' "containers": [
' {
' "containerRuntime": "string",
' "id": "string",
' "image": "string",
' "imagePrefix": "string",
' "name": "string",
' "securityContext": {
' "privileged": boolean
' },
' "volumeMounts": [
' {
' "mountPath": "string",
' "name": "string"
' }
' ]
' }
' ],
' "hostNetwork": boolean,
' "name": "string",
' "namespace": "string",
' "type": "string",
' "uid": "string",
' "volumes": [
' {
' "hostPath": {
' "path": "string"
' },
' "name": "string"
' }
' ]
' }
' },
' "resourceType": "string",
' "s3BucketDetails": [
' {
' "arn": "string",
' "createdAt": number,
' "defaultServerSideEncryption": {
' "encryptionType": "string",
' "kmsMasterKeyArn": "string"
' },
' "name": "string",
' "owner": {
' "id": "string"
' },
' "publicAccess": {
' "effectivePermission": "string",
' "permissionConfiguration": {
' "accountLevelPermissions": {
' "blockPublicAccess": {
' "blockPublicAcls": boolean,
' "blockPublicPolicy": boolean,
' "ignorePublicAcls": boolean,
' "restrictPublicBuckets": boolean
' }
' },
' "bucketLevelPermissions": {
' "accessControlList": {
' "allowsPublicReadAccess": boolean,
' "allowsPublicWriteAccess": boolean
' },
' "blockPublicAccess": {
' "blockPublicAcls": boolean,
' "blockPublicPolicy": boolean,
' "ignorePublicAcls": boolean,
' "restrictPublicBuckets": boolean
' },
' "bucketPolicy": {
' "allowsPublicReadAccess": boolean,
' "allowsPublicWriteAccess": boolean
' }
' }
' }
' },
' "tags": [
' {
' "key": "string",
' "value": "string"
' }
' ],
' "type": "string"
' }
' ]
' },
' "schemaVersion": "string",
' "service": {
' "action": {
' "actionType": "string",
' "awsApiCallAction": {
' "api": "string",
' "callerType": "string",
' "domainDetails": {
' "domain": "string"
' },
' "errorCode": "string",
' "remoteAccountDetails": {
' "accountId": "string",
' "affiliated": boolean
' },
' "remoteIpDetails": {
' "city": {
' "cityName": "string"
' },
' "country": {
' "countryCode": "string",
' "countryName": "string"
' },
' "geoLocation": {
' "lat": number,
' "lon": number
' },
' "ipAddressV4": "string",
' "organization": {
' "asn": "string",
' "asnOrg": "string",
' "isp": "string",
' "org": "string"
' }
' },
' "serviceName": "string",
' "userAgent": "string"
' },
' "dnsRequestAction": {
' "domain": "string"
' },
' "kubernetesApiCallAction": {
' "parameters": "string",
' "remoteIpDetails": {
' "city": {
' "cityName": "string"
' },
' "country": {
' "countryCode": "string",
' "countryName": "string"
' },
' "geoLocation": {
' "lat": number,
' "lon": number
' },
' "ipAddressV4": "string",
' "organization": {
' "asn": "string",
' "asnOrg": "string",
' "isp": "string",
' "org": "string"
' }
' },
' "requestUri": "string",
' "sourceIps": [
' "string"
' ],
' "statusCode": number,
' "userAgent": "string",
' "verb": "string"
' },
' "networkConnectionAction": {
' "blocked": boolean,
' "connectionDirection": "string",
' "localIpDetails": {
' "ipAddressV4": "string"
' },
' "localPortDetails": {
' "port": number,
' "portName": "string"
' },
' "protocol": "string",
' "remoteIpDetails": {
' "city": {
' "cityName": "string"
' },
' "country": {
' "countryCode": "string",
' "countryName": "string"
' },
' "geoLocation": {
' "lat": number,
' "lon": number
' },
' "ipAddressV4": "string",
' "organization": {
' "asn": "string",
' "asnOrg": "string",
' "isp": "string",
' "org": "string"
' }
' },
' "remotePortDetails": {
' "port": number,
' "portName": "string"
' }
' },
' "portProbeAction": {
' "blocked": boolean,
' "portProbeDetails": [
' {
' "localIpDetails": {
' "ipAddressV4": "string"
' },
' "localPortDetails": {
' "port": number,
' "portName": "string"
' },
' "remoteIpDetails": {
' "city": {
' "cityName": "string"
' },
' "country": {
' "countryCode": "string",
' "countryName": "string"
' },
' "geoLocation": {
' "lat": number,
' "lon": number
' },
' "ipAddressV4": "string",
' "organization": {
' "asn": "string",
' "asnOrg": "string",
' "isp": "string",
' "org": "string"
' }
' }
' }
' ]
' }
' },
' "archived": boolean,
' "count": number,
' "detectorId": "string",
' "eventFirstSeen": "string",
' "eventLastSeen": "string",
' "evidence": {
' "threatIntelligenceDetails": [
' {
' "threatListName": "string",
' "threatNames": [
' "string"
' ]
' }
' ]
' },
' "resourceRole": "string",
' "serviceName": "string",
' "userFeedback": "string"
' },
' "severity": number,
' "title": "string",
' "type": "string",
' "updatedAt": "string"
' }
' ]
' }