- 최신
- 최다 투표
- 가장 많은 댓글
Hello RGADA, Thank you for reaching out on RePost!
To search based on 'ComplianceStatus = Passed' you may use the following CLI command:
aws securityhub get-findings --filters '{"ComplianceStatus": [{"Comparison": "EQUALS", "Value": "PASSED"}]}'
Please note that for findings that are >3 - 5 days they will be automatically archived, these findings are viewable using the following CLI command:
aws securityhub get-findings --filters '{"RecordState": [{"Comparison": "EQUALS", "Value": "ARCHIVED"}]}'
Of course, you may also use both of these at the same time to show both archived AND 'ComplianceStatus = Passed' findings like this:
aws securityhub get-findings --filters '{"ComplianceStatus": [{"Comparison": "EQUALS", "Value": "PASSED"}], "RecordState": [{"Comparison": "EQUALS", "Value": "ARCHIVED"}]}'
There are some further examples and guidance on using the CLI to return findings which can be found here: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securityhub/get-findings.html
I note that you also mention that you would like to be able to close the findings as well. This is also possible via the CLI using the batch-update-findings CLI command. The documentation linked below has an example for doing exactly this task. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securityhub/batch-update-findings.html
For what it's worth, you can also query for just the list of Finding IDs which might may it a bit easier:
aws securityhub get-findings --filters ComplianceStatus="[{Comparison=EQUALS,Value=PASSED}]" --query 'Findings[].[Id]' --output text
If you want to get the full JSON for just one Finding:
aws securityhub get-findings --filters Id="[{Comparison=EQUALS,Value=$FINDING_ARN}]" --query Findings[0] --output json
(Adding this comment months later since this is currently the top search result for "aws securityhub get-findings".)
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
That worked, thank you lot