OBJECT

Finding

Describes a Finding

link GraphQL Schema definition

  • type Finding implements Node, NodeVersion {
  • # Unique identifier of the finding
  • findingId: String!
  • # A computed metric to help users prioritize efforts to mitigate discovered
  • # findings
  • attentionScore: Int!
  • # Finding Category
  • category: FindingCategory @deprecated( reason: "category is being replaced by policyClass" )
  • # Defines the context (scope) of the finding.
  • context: FindingContext
  • # The time this finding was created
  • creationTime: DateTime!
  • # Back-reference to entity to which this finding is associated
  • entity: Entity
  • entityName: String
  • # Some findings can have a missing/deleted entity, say a finding on a deleted ec2
  • # instance.
  • # In this case the entityType and the entityName on the finding will be populated
  • # with 'AWS.EC2.Instance', "instanceId"
  • # but the entity field will be null as this entity does not exist.
  • # e.g.
  • # Example 1: Deleted entity for that finding
  • # {
  • #
  • # "id":"550e8400-e29b-41d4-a716-446655440001",
  • #
  • # "entityType":"AWS.EC2.Instance",
  • #
  • # "entityName": "i-0e654c0374396b599",
  • #
  • # "entity": null
  • # }
  • #
  • # Example 2: Entity Present for that finding
  • #
  • # {
  • #
  • # "id":"550e8400-e29b-41d4-a716-446655440002",
  • #
  • # "entityType":"AWS.EC2.Instance",
  • #
  • # "entityName": "i-0e654c0374396b599",
  • #
  • # "entity": {
  • #
  • # "entityId": "AWS.EC2.000954396075.us-west-2.Instance.i-0e654c0374396b599",
  • #
  • # "entityName": "i-0e654c0374396b599",
  • #
  • # "entityType": "AWS.EC2.Instance",
  • #
  • # }
  • # }
  • entityType: String
  • # In addition to rule the group allows more fine grained findings.
  • groupId: String
  • # Node-compatible opaque global identifier
  • id: ID!
  • # The last time this finding was successfully updated
  • lastUpdateTime: DateTime!
  • # Management Endpoint for this Finding. For public cloud resources this will be
  • # the cloud account ID.
  • managementEndpoint: ManagementEndpoint
  • # Display name of the finding, usually derived from rule/policy name.
  • name: String!
  • # Opaque version string for this graph node instance
  • nodeVersion: ID!
  • # Back-reference to the Policy which triggered this finding.
  • # Findings coming from 3rd party systems like cloud provider security services
  • # does not have a Policy associated with them.
  • #
  • # **NOTE:** This API/functionality is in Alpha, This functionality can be unstable
  • # and schema elements may change over future iterations.
  • policy: FindingPolicy
  • # Policy classes of the generated finding
  • policyClass: [FindingPolicyClass!]
  • # Policy Id associated with this finding.
  • policyId: String!
  • # Properties of this finding
  • # Properties are recommended to be filtered by name. To filter provide the exact
  • # property Name(s).
  • #
  • # Arguments
  • # name: [Not documented]
  • properties(name: [String!]): [FindingProperty!]
  • # For cloud resources, this field refers to the specific Cloud Provider i.e. AWS,
  • # Azure etc.
  • provider: FindingCloudProvider
  • # For cloud resources, this field contains the Region of the resource.
  • region: String
  • # Related Findings
  • relatedFindings: [Finding!]
  • # For resolved findings, this field indicates the reason why the finding was
  • # resolved
  • resolveReason: FindingResolveReason
  • # Identifies the finding collection/generation cycle run.
  • runId: String
  • # For cloud resources, this field contains the Service of the resource.
  • service: String
  • # The severity of this finding e.g. Critical, High, Medium or Low
  • severity: FindingSeverity!
  • # Source of the finding e.g. Native, GuardDuty, AccessAnalyzer etc.
  • source: FindingSource!
  • # Status of the finding: e.g. Open or Resolved
  • status: FindingStatus!
  • # Tags of the entity associated with this finding
  • # Tag are recommended to be filtered by by keys. To filter provide the exact Tag
  • # Key(s).
  • #
  • # Arguments
  • # key: [Not documented]
  • tags(key: [String!]): [Tag!]
  • # Type of the finding e.g. Violation, Threat, Anomaly
  • type: FindingType!
  • }