GetFindings VB.NET Example
' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
Dim rest As New Chilkat.Rest
Dim success As Boolean
Dim authAws As New Chilkat.AuthAws
authAws.AccessKey = "AWS_ACCESS_KEY"
authAws.SecretKey = "AWS_SECRET_KEY"
' Don't forget to change the region to your particular region. (Also make the same change in the call to Connect below.)
authAws.Region = "us-west-2"
authAws.ServiceName = "guardduty"
' SetAuthAws causes Chilkat to automatically add the following headers: Authorization, X-Amz-Date
rest.SetAuthAws(authAws)
' URL: https://guardduty.us-west-2.amazonaws.com/
' Use the same region as specified above.
success = rest.Connect("guardduty.us-west-2.amazonaws.com",443,True,True)
If (success <> True) Then
Debug.WriteLine("ConnectFailReason: " & rest.ConnectFailReason)
Debug.WriteLine(rest.LastErrorText)
Exit Sub
End If
' The following code creates the JSON request body.
' The JSON created by this code is shown below.
' Use this online tool to generate code from sample JSON:
' Generate Code to Create JSON
Dim json As New Chilkat.JsonObject
json.UpdateString("findingIds[0]","string")
json.UpdateString("sortCriteria.attributeName","string")
json.UpdateString("sortCriteria.orderBy","string")
' The JSON request body created by the above code:
' {
' "findingIds": [
' "string"
' ],
' "sortCriteria": {
' "attributeName": "string",
' "orderBy": "string"
' }
' }
rest.AddHeader("Content-Type","application/x-amz-json-1.1")
rest.AddHeader("X-Amz-Target","GetFindings")
Dim sbRequestBody As New Chilkat.StringBuilder
json.EmitSb(sbRequestBody)
Dim sbResponseBody As New Chilkat.StringBuilder
success = rest.FullRequestSb("POST","/detector/{detectorId}/findings/get",sbRequestBody,sbResponseBody)
If (success <> True) Then
Debug.WriteLine(rest.LastErrorText)
Exit Sub
End If
Dim respStatusCode As Integer = rest.ResponseStatusCode
Debug.WriteLine("response status code = " & respStatusCode)
If (respStatusCode <> 200) Then
Debug.WriteLine("Response Header:")
Debug.WriteLine(rest.ResponseHeader)
Debug.WriteLine("Response Body:")
Debug.WriteLine(sbResponseBody.GetAsString())
Exit Sub
End If
Dim jResp As New Chilkat.JsonObject
jResp.LoadSb(sbResponseBody)
' The following code parses the JSON response.
' A sample JSON response is shown below the sample code.
' Use this online tool to generate parsing code from sample JSON:
' Generate Parsing Code from JSON
Dim accountId As String
Dim arn As String
Dim confidence As Integer
Dim createdAt As String
Dim description As String
Dim id As String
Dim partition As String
Dim region As String
Dim AccessKeyId As String
Dim PrincipalId As String
Dim UserName As String
Dim UserType As String
Dim Arn As String
Dim CreatedAt As Integer
Dim Name As String
Dim Status As String
Dim VpcId As String
Dim AvailabilityZone As String
Dim IamInstanceProfileArn As String
Dim Id As String
Dim ImageDescription As String
Dim ImageId As String
Dim InstanceId As String
Dim InstanceState As String
Dim InstanceType As String
Dim LaunchTime As String
Dim OutpostArn As String
Dim Platform As String
Dim Uid As String
Dim Username As String
Dim HostNetwork As Integer
Dim KubernetesWorkloadDetailsName As String
Dim Namespace As String
Dim v_Type As String
Dim KubernetesWorkloadDetailsUid As String
Dim ResourceType As String
Dim schemaVersion As String
Dim ActionType As String
Dim Api As String
Dim CallerType As String
Dim Domain As String
Dim ErrorCode As String
Dim AccountId As String
Dim Affiliated As Integer
Dim CityName As String
Dim CountryCode As String
Dim CountryName As String
Dim Lat As Integer
Dim Lon As Integer
Dim IpAddressV4 As String
Dim v_Asn As String
Dim AsnOrg As String
Dim Isp As String
Dim Org As String
Dim ServiceName As String
Dim UserAgent As String
Dim DnsRequestActionDomain As String
Dim Parameters As String
Dim CityCityName As String
Dim CountryCountryCode As String
Dim CountryCountryName As String
Dim GeoLocationLat As Integer
Dim GeoLocationLon As Integer
Dim RemoteIpDetailsIpAddressV4 As String
Dim OrganizationAsn As String
Dim OrganizationAsnOrg As String
Dim OrganizationIsp As String
Dim OrganizationOrg As String
Dim RequestUri As String
Dim StatusCode As Integer
Dim KubernetesApiCallActionUserAgent As String
Dim Verb As String
Dim Blocked As Integer
Dim ConnectionDirection As String
Dim LocalIpDetailsIpAddressV4 As String
Dim Port As Integer
Dim PortName As String
Dim Protocol As String
Dim RemotePortDetailsPort As Integer
Dim RemotePortDetailsPortName As String
Dim PortProbeActionBlocked As Integer
Dim Archived As Integer
Dim Count As Integer
Dim DetectorId As String
Dim EventFirstSeen As String
Dim EventLastSeen As String
Dim ResourceRole As String
Dim serviceServiceName As String
Dim UserFeedback As String
Dim severity As Integer
Dim title As String
Dim v_type As String
Dim updatedAt As String
Dim j As Integer
Dim count_j As Integer
Dim key As String
Dim value As String
Dim networkInterfaceId As String
Dim privateDnsName As String
Dim privateIpAddress As String
Dim publicDnsName As String
Dim publicIp As String
Dim subnetId As String
Dim vpcId As String
Dim k As Integer
Dim count_k As Integer
Dim strVal As String
Dim groupId As String
Dim groupName As String
Dim code As String
Dim productType As String
Dim containerRuntime As String
Dim image As String
Dim imagePrefix As String
Dim name As String
Dim Privileged As Integer
Dim mountPath As String
Dim Path As String
Dim createdAt_int As Integer
Dim EncryptionType As String
Dim KmsMasterKeyArn As String
Dim ownerId As String
Dim EffectivePermission As String
Dim BlockPublicAcls As Integer
Dim BlockPublicPolicy As Integer
Dim IgnorePublicAcls As Integer
Dim RestrictPublicBuckets As Integer
Dim AllowsPublicReadAccess As Integer
Dim AllowsPublicWriteAccess As Integer
Dim BlockPublicAccessBlockPublicAcls As Integer
Dim BlockPublicAccessBlockPublicPolicy As Integer
Dim BlockPublicAccessIgnorePublicAcls As Integer
Dim BlockPublicAccessRestrictPublicBuckets As Integer
Dim BucketPolicyAllowsPublicReadAccess As Integer
Dim BucketPolicyAllowsPublicWriteAccess As Integer
Dim localIpDetailsIpAddressV4 As String
Dim localPortDetailsPort As Integer
Dim localPortDetailsPortName As String
Dim remoteIpDetailsIpAddressV4 As String
Dim threatListName As String
Dim i As Integer = 0
Dim count_i As Integer = jResp.SizeOfArray("findings")
While i < count_i
jResp.I = i
accountId = jResp.StringOf("findings[i].accountId")
arn = jResp.StringOf("findings[i].arn")
confidence = jResp.IntOf("findings[i].confidence")
createdAt = jResp.StringOf("findings[i].createdAt")
description = jResp.StringOf("findings[i].description")
id = jResp.StringOf("findings[i].id")
partition = jResp.StringOf("findings[i].partition")
region = jResp.StringOf("findings[i].region")
AccessKeyId = jResp.StringOf("findings[i].resource.accessKeyDetails.accessKeyId")
PrincipalId = jResp.StringOf("findings[i].resource.accessKeyDetails.principalId")
UserName = jResp.StringOf("findings[i].resource.accessKeyDetails.userName")
UserType = jResp.StringOf("findings[i].resource.accessKeyDetails.userType")
Arn = jResp.StringOf("findings[i].resource.eksClusterDetails.arn")
CreatedAt = jResp.IntOf("findings[i].resource.eksClusterDetails.createdAt")
Name = jResp.StringOf("findings[i].resource.eksClusterDetails.name")
Status = jResp.StringOf("findings[i].resource.eksClusterDetails.status")
VpcId = jResp.StringOf("findings[i].resource.eksClusterDetails.vpcId")
AvailabilityZone = jResp.StringOf("findings[i].resource.instanceDetails.availabilityZone")
IamInstanceProfileArn = jResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.arn")
Id = jResp.StringOf("findings[i].resource.instanceDetails.iamInstanceProfile.id")
ImageDescription = jResp.StringOf("findings[i].resource.instanceDetails.imageDescription")
ImageId = jResp.StringOf("findings[i].resource.instanceDetails.imageId")
InstanceId = jResp.StringOf("findings[i].resource.instanceDetails.instanceId")
InstanceState = jResp.StringOf("findings[i].resource.instanceDetails.instanceState")
InstanceType = jResp.StringOf("findings[i].resource.instanceDetails.instanceType")
LaunchTime = jResp.StringOf("findings[i].resource.instanceDetails.launchTime")
OutpostArn = jResp.StringOf("findings[i].resource.instanceDetails.outpostArn")
Platform = jResp.StringOf("findings[i].resource.instanceDetails.platform")
Uid = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.uid")
Username = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.username")
HostNetwork = jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.hostNetwork")
KubernetesWorkloadDetailsName = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.name")
Namespace = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.namespace")
v_Type = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.type")
KubernetesWorkloadDetailsUid = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.uid")
ResourceType = jResp.StringOf("findings[i].resource.resourceType")
schemaVersion = jResp.StringOf("findings[i].schemaVersion")
ActionType = jResp.StringOf("findings[i].service.action.actionType")
Api = jResp.StringOf("findings[i].service.action.awsApiCallAction.api")
CallerType = jResp.StringOf("findings[i].service.action.awsApiCallAction.callerType")
Domain = jResp.StringOf("findings[i].service.action.awsApiCallAction.domainDetails.domain")
ErrorCode = jResp.StringOf("findings[i].service.action.awsApiCallAction.errorCode")
AccountId = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.accountId")
Affiliated = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteAccountDetails.affiliated")
CityName = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.city.cityName")
CountryCode = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryCode")
CountryName = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.country.countryName")
Lat = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lat")
Lon = jResp.IntOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.geoLocation.lon")
IpAddressV4 = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.ipAddressV4")
v_Asn = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asn")
AsnOrg = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg")
Isp = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.isp")
Org = jResp.StringOf("findings[i].service.action.awsApiCallAction.remoteIpDetails.organization.org")
ServiceName = jResp.StringOf("findings[i].service.action.awsApiCallAction.serviceName")
UserAgent = jResp.StringOf("findings[i].service.action.awsApiCallAction.userAgent")
DnsRequestActionDomain = jResp.StringOf("findings[i].service.action.dnsRequestAction.domain")
Parameters = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.parameters")
CityCityName = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.remoteIpDetails.organization.org")
RequestUri = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.requestUri")
StatusCode = jResp.IntOf("findings[i].service.action.kubernetesApiCallAction.statusCode")
KubernetesApiCallActionUserAgent = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.userAgent")
Verb = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.verb")
Blocked = jResp.IntOf("findings[i].service.action.networkConnectionAction.blocked")
ConnectionDirection = jResp.StringOf("findings[i].service.action.networkConnectionAction.connectionDirection")
LocalIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.networkConnectionAction.localIpDetails.ipAddressV4")
Port = jResp.IntOf("findings[i].service.action.networkConnectionAction.localPortDetails.port")
PortName = jResp.StringOf("findings[i].service.action.networkConnectionAction.localPortDetails.portName")
Protocol = jResp.StringOf("findings[i].service.action.networkConnectionAction.protocol")
CityCityName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.geoLocation.lon")
RemoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.networkConnectionAction.remoteIpDetails.organization.org")
RemotePortDetailsPort = jResp.IntOf("findings[i].service.action.networkConnectionAction.remotePortDetails.port")
RemotePortDetailsPortName = jResp.StringOf("findings[i].service.action.networkConnectionAction.remotePortDetails.portName")
PortProbeActionBlocked = jResp.IntOf("findings[i].service.action.portProbeAction.blocked")
Archived = jResp.IntOf("findings[i].service.archived")
Count = jResp.IntOf("findings[i].service.count")
DetectorId = jResp.StringOf("findings[i].service.detectorId")
EventFirstSeen = jResp.StringOf("findings[i].service.eventFirstSeen")
EventLastSeen = jResp.StringOf("findings[i].service.eventLastSeen")
ResourceRole = jResp.StringOf("findings[i].service.resourceRole")
serviceServiceName = jResp.StringOf("findings[i].service.serviceName")
UserFeedback = jResp.StringOf("findings[i].service.userFeedback")
severity = jResp.IntOf("findings[i].severity")
title = jResp.StringOf("findings[i].title")
v_type = jResp.StringOf("findings[i].type")
updatedAt = jResp.StringOf("findings[i].updatedAt")
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.eksClusterDetails.tags")
While j < count_j
jResp.J = j
key = jResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].key")
value = jResp.StringOf("findings[i].resource.eksClusterDetails.tags[j].value")
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces")
While j < count_j
jResp.J = j
networkInterfaceId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].networkInterfaceId")
privateDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateDnsName")
privateIpAddress = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddress")
publicDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicDnsName")
publicIp = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].publicIp")
subnetId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].subnetId")
vpcId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].vpcId")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses")
While k < count_k
jResp.K = k
strVal = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].ipv6Addresses[k]")
k = k + 1
End While
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses")
While k < count_k
jResp.K = k
privateDnsName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateDnsName")
privateIpAddress = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].privateIpAddresses[k].privateIpAddress")
k = k + 1
End While
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups")
While k < count_k
jResp.K = k
groupId = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupId")
groupName = jResp.StringOf("findings[i].resource.instanceDetails.networkInterfaces[j].securityGroups[k].groupName")
k = k + 1
End While
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.productCodes")
While j < count_j
jResp.J = j
code = jResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].code")
productType = jResp.StringOf("findings[i].resource.instanceDetails.productCodes[j].productType")
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.instanceDetails.tags")
While j < count_j
jResp.J = j
key = jResp.StringOf("findings[i].resource.instanceDetails.tags[j].key")
value = jResp.StringOf("findings[i].resource.instanceDetails.tags[j].value")
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups")
While j < count_j
jResp.J = j
strVal = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesUserDetails.groups[j]")
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers")
While j < count_j
jResp.J = j
containerRuntime = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].containerRuntime")
id = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].id")
image = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].image")
imagePrefix = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].imagePrefix")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].name")
Privileged = jResp.IntOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].securityContext.privileged")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts")
While k < count_k
jResp.K = k
mountPath = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].mountPath")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.containers[j].volumeMounts[k].name")
k = k + 1
End While
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes")
While j < count_j
jResp.J = j
Path = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].hostPath.path")
name = jResp.StringOf("findings[i].resource.kubernetesDetails.kubernetesWorkloadDetails.volumes[j].name")
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].resource.s3BucketDetails")
While j < count_j
jResp.J = j
arn = jResp.StringOf("findings[i].resource.s3BucketDetails[j].arn")
createdAt_int = jResp.IntOf("findings[i].resource.s3BucketDetails[j].createdAt")
EncryptionType = jResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.encryptionType")
KmsMasterKeyArn = jResp.StringOf("findings[i].resource.s3BucketDetails[j].defaultServerSideEncryption.kmsMasterKeyArn")
name = jResp.StringOf("findings[i].resource.s3BucketDetails[j].name")
ownerId = jResp.StringOf("findings[i].resource.s3BucketDetails[j].owner.id")
EffectivePermission = jResp.StringOf("findings[i].resource.s3BucketDetails[j].publicAccess.effectivePermission")
BlockPublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicPolicy = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy")
IgnorePublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls")
RestrictPublicBuckets = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets")
AllowsPublicReadAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess")
AllowsPublicWriteAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess")
BlockPublicAccessBlockPublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls")
BlockPublicAccessBlockPublicPolicy = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy")
BlockPublicAccessIgnorePublicAcls = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls")
BlockPublicAccessRestrictPublicBuckets = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets")
BucketPolicyAllowsPublicReadAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess")
BucketPolicyAllowsPublicWriteAccess = jResp.IntOf("findings[i].resource.s3BucketDetails[j].publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess")
v_type = jResp.StringOf("findings[i].resource.s3BucketDetails[j].type")
k = 0
count_k = jResp.SizeOfArray("findings[i].resource.s3BucketDetails[j].tags")
While k < count_k
jResp.K = k
key = jResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].key")
value = jResp.StringOf("findings[i].resource.s3BucketDetails[j].tags[k].value")
k = k + 1
End While
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].service.action.kubernetesApiCallAction.sourceIps")
While j < count_j
jResp.J = j
strVal = jResp.StringOf("findings[i].service.action.kubernetesApiCallAction.sourceIps[j]")
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].service.action.portProbeAction.portProbeDetails")
While j < count_j
jResp.J = j
localIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localIpDetails.ipAddressV4")
localPortDetailsPort = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.port")
localPortDetailsPortName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].localPortDetails.portName")
CityCityName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.city.cityName")
CountryCountryCode = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryCode")
CountryCountryName = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.country.countryName")
GeoLocationLat = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lat")
GeoLocationLon = jResp.IntOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.geoLocation.lon")
remoteIpDetailsIpAddressV4 = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.ipAddressV4")
OrganizationAsn = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asn")
OrganizationAsnOrg = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.asnOrg")
OrganizationIsp = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.isp")
OrganizationOrg = jResp.StringOf("findings[i].service.action.portProbeAction.portProbeDetails[j].remoteIpDetails.organization.org")
j = j + 1
End While
j = 0
count_j = jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails")
While j < count_j
jResp.J = j
threatListName = jResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatListName")
k = 0
count_k = jResp.SizeOfArray("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames")
While k < count_k
jResp.K = k
strVal = jResp.StringOf("findings[i].service.evidence.threatIntelligenceDetails[j].threatNames[k]")
k = k + 1
End While
j = j + 1
End While
i = i + 1
End While
' A sample JSON response body parsed by the above code:
' {
' "findings": [
' {
' "accountId": "string",
' "arn": "string",
' "confidence": number,
' "createdAt": "string",
' "description": "string",
' "id": "string",
' "partition": "string",
' "region": "string",
' "resource": {
' "accessKeyDetails": {
' "accessKeyId": "string",
' "principalId": "string",
' "userName": "string",
' "userType": "string"
' },
' "eksClusterDetails": {
' "arn": "string",
' "createdAt": number,
' "name": "string",
' "status": "string",
' "tags": [
' {
' "key": "string",
' "value": "string"
' }
' ],
' "vpcId": "string"
' },
' "instanceDetails": {
' "availabilityZone": "string",
' "iamInstanceProfile": {
' "arn": "string",
' "id": "string"
' },
' "imageDescription": "string",
' "imageId": "string",
' "instanceId": "string",
' "instanceState": "string",
' "instanceType": "string",
' "launchTime": "string",
' "networkInterfaces": [
' {
' "ipv6Addresses": [
' "string"
' ],
' "networkInterfaceId": "string",
' "privateDnsName": "string",
' "privateIpAddress": "string",
' "privateIpAddresses": [
' {
' "privateDnsName": "string",
' "privateIpAddress": "string"
' }
' ],
' "publicDnsName": "string",
' "publicIp": "string",
' "securityGroups": [
' {
' "groupId": "string",
' "groupName": "string"
' }
' ],
' "subnetId": "string",
' "vpcId": "string"
' }
' ],
' "outpostArn": "string",
' "platform": "string",
' "productCodes": [
' {
' "code": "string",
' "productType": "string"
' }
' ],
' "tags": [
' {
' "key": "string",
' "value": "string"
' }
' ]
' },
' "kubernetesDetails": {
' "kubernetesUserDetails": {
' "groups": [
' "string"
' ],
' "uid": "string",
' "username": "string"
' },
' "kubernetesWorkloadDetails": {
' "containers": [
' {
' "containerRuntime": "string",
' "id": "string",
' "image": "string",
' "imagePrefix": "string",
' "name": "string",
' "securityContext": {
' "privileged": boolean
' },
' "volumeMounts": [
' {
' "mountPath": "string",
' "name": "string"
' }
' ]
' }
' ],
' "hostNetwork": boolean,
' "name": "string",
' "namespace": "string",
' "type": "string",
' "uid": "string",
' "volumes": [
' {
' "hostPath": {
' "path": "string"
' },
' "name": "string"
' }
' ]
' }
' },
' "resourceType": "string",
' "s3BucketDetails": [
' {
' "arn": "string",
' "createdAt": number,
' "defaultServerSideEncryption": {
' "encryptionType": "string",
' "kmsMasterKeyArn": "string"
' },
' "name": "string",
' "owner": {
' "id": "string"
' },
' "publicAccess": {
' "effectivePermission": "string",
' "permissionConfiguration": {
' "accountLevelPermissions": {
' "blockPublicAccess": {
' "blockPublicAcls": boolean,
' "blockPublicPolicy": boolean,
' "ignorePublicAcls": boolean,
' "restrictPublicBuckets": boolean
' }
' },
' "bucketLevelPermissions": {
' "accessControlList": {
' "allowsPublicReadAccess": boolean,
' "allowsPublicWriteAccess": boolean
' },
' "blockPublicAccess": {
' "blockPublicAcls": boolean,
' "blockPublicPolicy": boolean,
' "ignorePublicAcls": boolean,
' "restrictPublicBuckets": boolean
' },
' "bucketPolicy": {
' "allowsPublicReadAccess": boolean,
' "allowsPublicWriteAccess": boolean
' }
' }
' }
' },
' "tags": [
' {
' "key": "string",
' "value": "string"
' }
' ],
' "type": "string"
' }
' ]
' },
' "schemaVersion": "string",
' "service": {
' "action": {
' "actionType": "string",
' "awsApiCallAction": {
' "api": "string",
' "callerType": "string",
' "domainDetails": {
' "domain": "string"
' },
' "errorCode": "string",
' "remoteAccountDetails": {
' "accountId": "string",
' "affiliated": boolean
' },
' "remoteIpDetails": {
' "city": {
' "cityName": "string"
' },
' "country": {
' "countryCode": "string",
' "countryName": "string"
' },
' "geoLocation": {
' "lat": number,
' "lon": number
' },
' "ipAddressV4": "string",
' "organization": {
' "asn": "string",
' "asnOrg": "string",
' "isp": "string",
' "org": "string"
' }
' },
' "serviceName": "string",
' "userAgent": "string"
' },
' "dnsRequestAction": {
' "domain": "string"
' },
' "kubernetesApiCallAction": {
' "parameters": "string",
' "remoteIpDetails": {
' "city": {
' "cityName": "string"
' },
' "country": {
' "countryCode": "string",
' "countryName": "string"
' },
' "geoLocation": {
' "lat": number,
' "lon": number
' },
' "ipAddressV4": "string",
' "organization": {
' "asn": "string",
' "asnOrg": "string",
' "isp": "string",
' "org": "string"
' }
' },
' "requestUri": "string",
' "sourceIps": [
' "string"
' ],
' "statusCode": number,
' "userAgent": "string",
' "verb": "string"
' },
' "networkConnectionAction": {
' "blocked": boolean,
' "connectionDirection": "string",
' "localIpDetails": {
' "ipAddressV4": "string"
' },
' "localPortDetails": {
' "port": number,
' "portName": "string"
' },
' "protocol": "string",
' "remoteIpDetails": {
' "city": {
' "cityName": "string"
' },
' "country": {
' "countryCode": "string",
' "countryName": "string"
' },
' "geoLocation": {
' "lat": number,
' "lon": number
' },
' "ipAddressV4": "string",
' "organization": {
' "asn": "string",
' "asnOrg": "string",
' "isp": "string",
' "org": "string"
' }
' },
' "remotePortDetails": {
' "port": number,
' "portName": "string"
' }
' },
' "portProbeAction": {
' "blocked": boolean,
' "portProbeDetails": [
' {
' "localIpDetails": {
' "ipAddressV4": "string"
' },
' "localPortDetails": {
' "port": number,
' "portName": "string"
' },
' "remoteIpDetails": {
' "city": {
' "cityName": "string"
' },
' "country": {
' "countryCode": "string",
' "countryName": "string"
' },
' "geoLocation": {
' "lat": number,
' "lon": number
' },
' "ipAddressV4": "string",
' "organization": {
' "asn": "string",
' "asnOrg": "string",
' "isp": "string",
' "org": "string"
' }
' }
' }
' ]
' }
' },
' "archived": boolean,
' "count": number,
' "detectorId": "string",
' "eventFirstSeen": "string",
' "eventLastSeen": "string",
' "evidence": {
' "threatIntelligenceDetails": [
' {
' "threatListName": "string",
' "threatNames": [
' "string"
' ]
' }
' ]
' },
' "resourceRole": "string",
' "serviceName": "string",
' "userFeedback": "string"
' },
' "severity": number,
' "title": "string",
' "type": "string",
' "updatedAt": "string"
' }
' ]
' }
