OBJECT
Finding
Describes a Finding
link GraphQL Schema definition
- type Finding implements Node, NodeVersion {
- # Unique identifier of the finding
- : String!
- # A computed metric to help users prioritize efforts to mitigate discovered
- # findings
- : Int!
- # Finding Category
- : FindingCategory @deprecated( reason: "category is being replaced by policyClass" )
- # Defines the context (scope) of the finding.
- : FindingContext
- # The time this finding was created
- : DateTime!
- # Back-reference to entity to which this finding is associated
- : Entity
- : String
- # Some findings can have a missing/deleted entity, say a finding on a deleted ec2
- # instance.
- # In this case the entityType and the entityName on the finding will be populated
- # with 'AWS.EC2.Instance', "instanceId"
- # but the entity field will be null as this entity does not exist.
- # e.g.
- # Example 1: Deleted entity for that finding
- # {
- #
- # "id":"550e8400-e29b-41d4-a716-446655440001",
- #
- # "entityType":"AWS.EC2.Instance",
- #
- # "entityName": "i-0e654c0374396b599",
- #
- # "entity": null
- # }
- #
- # Example 2: Entity Present for that finding
- #
- # {
- #
- # "id":"550e8400-e29b-41d4-a716-446655440002",
- #
- # "entityType":"AWS.EC2.Instance",
- #
- # "entityName": "i-0e654c0374396b599",
- #
- # "entity": {
- #
- # "entityId": "AWS.EC2.000954396075.us-west-2.Instance.i-0e654c0374396b599",
- #
- # "entityName": "i-0e654c0374396b599",
- #
- # "entityType": "AWS.EC2.Instance",
- #
- # }
- # }
- : String
- # In addition to rule the group allows more fine grained findings.
- : String
- # Node-compatible opaque global identifier
- : ID!
- # The last time this finding was successfully updated
- : DateTime!
- # Management Endpoint for this Finding. For public cloud resources this will be
- # the cloud account ID.
- : ManagementEndpoint
- # Display name of the finding, usually derived from rule/policy name.
- : String!
- # Opaque version string for this graph node instance
- : ID!
- # Back-reference to the Policy which triggered this finding.
- # Findings coming from 3rd party systems like cloud provider security services
- # does not have a Policy associated with them.
- #
- # **NOTE:** This API/functionality is in Alpha, This functionality can be unstable
- # and schema elements may change over future iterations.
- : FindingPolicy
- # Policy classes of the generated finding
- : [FindingPolicyClass!]
- # Policy Id associated with this finding.
- : String!
- # Properties of this finding
- # Properties are recommended to be filtered by name. To filter provide the exact
- # property Name(s).
- #
- # Arguments
- # name: [Not documented]
- (: [String!]): [FindingProperty!]
- # For cloud resources, this field refers to the specific Cloud Provider i.e. AWS,
- # Azure etc.
- : FindingCloudProvider
- # For cloud resources, this field contains the Region of the resource.
- : String
- # Related Findings
- : [Finding!]
- # For resolved findings, this field indicates the reason why the finding was
- # resolved
- : FindingResolveReason
- # Identifies the finding collection/generation cycle run.
- : String
- # For cloud resources, this field contains the Service of the resource.
- : String
- # The severity of this finding e.g. Critical, High, Medium or Low
- : FindingSeverity!
- # Source of the finding e.g. Native, GuardDuty, AccessAnalyzer etc.
- : FindingSource!
- # Status of the finding: e.g. Open or Resolved
- : FindingStatus!
- # Tags of the entity associated with this finding
- # Tag are recommended to be filtered by by keys. To filter provide the exact Tag
- # Key(s).
- #
- # Arguments
- # key: [Not documented]
- (: [String!]): [Tag!]
- # Type of the finding e.g. Violation, Threat, Anomaly
- : FindingType!
- }