**Example 1: To list all findings for the current region**
The following ``list-findings`` example displays a list of all findingIds for the current region sorted by severity from highest to lowest. ::
aws guardduty list-findings \
--detector-id 12abc34d567e8fa901bc2d34eexample \
--sort-criteria '{"AttributeName": "severity","OrderBy":"DESC"}'
Output::
{
"FindingIds": [
"04b8ab50fd29c64fc771b232dexample",
"5ab8ab50fd21373735c826d3aexample",
"90b93de7aba69107f05bbe60bexample",
...
]
}
For more information, see `Findings <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html>`__ in the GuardDuty User Guide.
**Example 2: To list findings for the current region matching a specfic finding criteria**
The following ``list-findings`` example displays a list of all findingIds that match a specified finding type. ::
aws guardduty list-findings \
--detector-id 12abc34d567e8fa901bc2d34eexample \
--finding-criteria '{"Criterion":{"type": {"Eq":["UnauthorizedAccess:EC2/SSHBruteForce"]}}}'
Output::
{
"FindingIds": [
"90b93de7aba69107f05bbe60bexample",
"6eb9430d7023d30774d6f05e3example",
"2eb91a2d060ac9a21963a5848example",
"44b8ab50fd2b0039a9e48f570example",
"9eb8ab4cd2b7e5b66ba4f5e96example",
"e0b8ab3a38e9b0312cc390ceeexample"
]
}
For more information, see `Findings <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html>`__ in the GuardDuty User Guide.
**Example 3: To list findings for the current region matching a specfic set of finding criteria defined within a JSON file**
The following ``list-findings`` example displays a list of all findingIds that are not archived, and involve the IAM user named "testuser", as specified in a JSON file. ::
aws guardduty list-findings \
--detector-id 12abc34d567e8fa901bc2d34eexample \
--finding-criteria file://myfile.json
Contents of ``myfile.json``::
{"Criterion": {
"resource.accessKeyDetails.userName":{
"Eq":[
"testuser"
]
},
"service.archived": {
"Eq": [
"false"
]
}
}
}
Output::
{
"FindingIds": [
"1ab92989eaf0e742df4a014d5example"
]
}
For more information, see `Findings <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html>`__ in the GuardDuty User Guide.| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| accept-invitation.rst | File | 650 B | 0644 |
|
| archive-findings.rst | File | 553 B | 0644 |
|
| create-detector.rst | File | 474 B | 0644 |
|
| create-filter.rst | File | 692 B | 0644 |
|
| create-ip-set.rst | File | 646 B | 0644 |
|
| create-members.rst | File | 664 B | 0644 |
|
| create-publishing-destination.rst | File | 736 B | 0644 |
|
| create-sample-findings.rst | File | 522 B | 0644 |
|
| create-threat-intel-set.rst | File | 658 B | 0644 |
|
| decline-invitations.rst | File | 485 B | 0644 |
|
| delete-detector.rst | File | 520 B | 0644 |
|
| delete-filter.rst | File | 440 B | 0644 |
|
| disable-organization-admin-account.rst | File | 509 B | 0644 |
|
| disassociate-from-master-account.rst | File | 625 B | 0644 |
|
| get-detector.rst | File | 773 B | 0644 |
|
| get-findings.rst | File | 3.5 KB | 0644 |
|
| get-ip-set.rst | File | 724 B | 0644 |
|
| get-master-account.rst | File | 835 B | 0644 |
|
| list-detectors.rst | File | 475 B | 0644 |
|
| list-findings.rst | File | 2.69 KB | 0644 |
|
| list-invitations.rst | File | 785 B | 0644 |
|
| list-ip-sets.rst | File | 542 B | 0644 |
|
| list-members.rst | File | 962 B | 0644 |
|
| update-ip-set.rst | File | 601 B | 0644 |
|