/audit/findings - AWS IoT Wireless

Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 90 days.)

Requires permission to access the ListAuditFindings action.

curl --location -g --request POST 'https://api.iotwireless.{region}.amazonaws.com/audit/findings' \ --header 'Content-Type: application/json' \ --data-raw '{ "taskId": "string", "checkName": "string", "resourceIdentifier": { "deviceCertificateId": "string", "caCertificateId": "string", "cognitoIdentityPoolId": "string", "clientId": "string", "policyVersionIdentifier": { "policyName": "string", "policyVersionId": "string" }, "account": "string", "iamRoleArn": "string", "roleAliasArn": "string" }, "maxResults": 1, "nextToken": "string", "startTime": "2019-08-24T14:15:22Z", "endTime": "2019-08-24T14:15:22Z", "listSuppressedFindings": true }'

Request

Query Params

maxResults

string

optional

Pagination limit

nextToken

string

optional

Pagination token

Body Params application/json

taskId

string

optional

A filter to limit results to the audit with the specified ID. You must specify either the taskId or the startTime and endTime, but not both.

>= 1 characters<= 40 characters

Match pattern:

[a-zA-Z0-9\-]+

checkName

string

optional

An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks, including those that are enabled or use UpdateAccountAuditConfiguration to select which checks are enabled.)

resourceIdentifier

object

optional

Information that identifies the noncompliant resource.

deviceCertificateId

string

optional

The ID of the certificate attached to the resource.

>= 64 characters<= 64 characters

Match pattern:

(0x)?[a-fA-F0-9]+

caCertificateId

string

optional

The ID of the CA certificate used to authorize the certificate.

>= 64 characters<= 64 characters

Match pattern:

(0x)?[a-fA-F0-9]+

cognitoIdentityPoolId

string

optional

The ID of the Amazon Cognito identity pool.

clientId

string

optional

The client ID.

policyVersionIdentifier

object

optional

The version of the policy associated with the resource.

account

string

optional

The account with which the resource is associated.

>= 12 characters<= 12 characters

Match pattern:

[0-9]+

iamRoleArn

string

optional

The ARN of the IAM role that has overly permissive actions.

>= 20 characters<= 2048 characters

roleAliasArn

string

optional

The ARN of the role alias that has overly permissive actions.

>= 1 characters<= 2048 characters

maxResults

integer

optional

The maximum number of results to return at one time. The default is 25.

>= 1<= 250

nextToken

string

optional

The token for the next set of results.

startTime

string <date-time>

optional

A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.

endTime

string <date-time>

optional

A filter to limit results to those found before the specified time. You must specify either the startTime and endTime or the taskId, but not both.

listSuppressedFindings

boolean

optional

Boolean flag indicating whether only the suppressed findings or the unsuppressed findings should be listed. If this parameter isn't provided, the response will list both suppressed and unsuppressed findings.

Examples

Responses

🟢200Success

application/json

Body

findings

array[object (AuditFinding) {11}]

optional

The findings (results) of the audit.

findingId

string

optional

A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.

>= 1 characters<= 128 characters

Match pattern:

[a-zA-Z0-9_-]+

taskId

string

optional

The ID of the audit that generated this result (finding).

>= 1 characters<= 40 characters

Match pattern:

[a-zA-Z0-9\-]+

checkName

string

optional

The audit check that generated this result.

taskStartTime

string <date-time>

optional

The time the audit started.

findingTime

string <date-time>

optional

The time the result (finding) was discovered.

severity

enum<string>

optional

The severity of the result (finding).

Allowed values:

CRITICALHIGHMEDIUMLOW

nonCompliantResource

object

optional

The resource that was found to be noncompliant with the audit check.

relatedResources

array[object (RelatedResource) {3}]

optional

The list of related resources.

reasonForNonCompliance

string

optional

The reason the resource was noncompliant.

reasonForNonComplianceCode

string

optional

A code that indicates the reason that the resource was noncompliant.

isSuppressed

boolean

optional

Indicates whether the audit finding was suppressed or not during reporting.

nextToken

string

optional

A token that can be used to retrieve the next set of results, or null if there are no additional results.

<= 4096 characters

🟠480InvalidRequestException

🟠481ThrottlingException

🟠482InternalFailureException