**Example 1: To retrieve the details of a specific finding**
The following ``get-findings`` example retrieves the full JSON finding details of the specified finding. ::
aws guardduty get-findings \
--detector-id 12abc34d567e8fa901bc2d34eexample \
--finding-id 1ab92989eaf0e742df4a014d5example
Output::
{
"Findings": [
{
"Resource": {
"ResourceType": "AccessKey",
"AccessKeyDetails": {
"UserName": "testuser",
"UserType": "IAMUser",
"PrincipalId": "AIDACKCEVSQ6C2EXAMPLE",
"AccessKeyId": "ASIASZ4SI7REEEXAMPLE"
}
},
"Description": "APIs commonly used to discover the users, groups, policies and permissions in an account, was invoked by IAM principal testuser under unusual circumstances. Such activity is not typically seen from this principal.",
"Service": {
"Count": 5,
"Archived": false,
"ServiceName": "guardduty",
"EventFirstSeen": "2020-05-26T22:02:24Z",
"ResourceRole": "TARGET",
"EventLastSeen": "2020-05-26T22:33:55Z",
"DetectorId": "d4b040365221be2b54a6264dcexample",
"Action": {
"ActionType": "AWS_API_CALL",
"AwsApiCallAction": {
"RemoteIpDetails": {
"GeoLocation": {
"Lat": 51.5164,
"Lon": -0.093
},
"City": {
"CityName": "London"
},
"IpAddressV4": "52.94.36.7",
"Organization": {
"Org": "Amazon.com",
"Isp": "Amazon.com",
"Asn": "16509",
"AsnOrg": "AMAZON-02"
},
"Country": {
"CountryName": "United Kingdom"
}
},
"Api": "ListPolicyVersions",
"ServiceName": "iam.amazonaws.com",
"CallerType": "Remote IP"
}
}
},
"Title": "Unusual user permission reconnaissance activity by testuser.",
"Type": "Recon:IAMUser/UserPermissions",
"Region": "us-east-1",
"Partition": "aws",
"Arn": "arn:aws:guardduty:us-east-1:111122223333:detector/d4b040365221be2b54a6264dcexample/finding/1ab92989eaf0e742df4a014d5example",
"UpdatedAt": "2020-05-26T22:55:21.703Z",
"SchemaVersion": "2.0",
"Severity": 5,
"Id": "1ab92989eaf0e742df4a014d5example",
"CreatedAt": "2020-05-26T22:21:48.385Z",
"AccountId": "111122223333"
}
]
}
For more information, see `Findings <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html>`__ in the GuardDuty User Guide.| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| accept-invitation.rst | File | 650 B | 0644 |
|
| archive-findings.rst | File | 553 B | 0644 |
|
| create-detector.rst | File | 474 B | 0644 |
|
| create-filter.rst | File | 692 B | 0644 |
|
| create-ip-set.rst | File | 646 B | 0644 |
|
| create-members.rst | File | 664 B | 0644 |
|
| create-publishing-destination.rst | File | 736 B | 0644 |
|
| create-sample-findings.rst | File | 522 B | 0644 |
|
| create-threat-intel-set.rst | File | 658 B | 0644 |
|
| decline-invitations.rst | File | 485 B | 0644 |
|
| delete-detector.rst | File | 520 B | 0644 |
|
| delete-filter.rst | File | 440 B | 0644 |
|
| disable-organization-admin-account.rst | File | 509 B | 0644 |
|
| disassociate-from-master-account.rst | File | 625 B | 0644 |
|
| get-detector.rst | File | 773 B | 0644 |
|
| get-findings.rst | File | 3.5 KB | 0644 |
|
| get-ip-set.rst | File | 724 B | 0644 |
|
| get-master-account.rst | File | 835 B | 0644 |
|
| list-detectors.rst | File | 475 B | 0644 |
|
| list-findings.rst | File | 2.69 KB | 0644 |
|
| list-invitations.rst | File | 785 B | 0644 |
|
| list-ip-sets.rst | File | 542 B | 0644 |
|
| list-members.rst | File | 962 B | 0644 |
|
| update-ip-set.rst | File | 601 B | 0644 |
|