Get Configuration Findings

description retrieve filtered cloud configuration findings from wiz using specified variables for rules, resources, or frameworks endpoint method post inputs json body (object) variables (object) – required after (string) orderby (object) direction (string) the order direction can be asc or desc field (string) the order field filterby (object) id (array) filter configuration findings matching these ids you can specify multiple values source (array) filter by source of the configuration you can specify multiple values rule (object) id (array) filter configuration findings that match these cloud configuration rule ids you can specify multiple values name (array) filters configuration findings that match the name of these cloud configuration rules you can specify multiple values description (array) filter by these cloud configuration rule descriptions you can specify multiple values resource (object) id (array) filter configuration findings by resource id you can specify multiple values type (array) filter configuration findings by specific entity types you can specify multiple values projectid (array) filter configuration findings by wiz project id you can specify multiple values name (array) filter by configuration finding resource name you can specify multiple values status (array) filter by resource status you can specify multiple values subscriptionid (array) filter by subscription id you can specify multiple values cloudplatform (array) filter configuration findings by cloud platform you can specify multiple values nativetype (array) the name of the resource provided by its cloud service provider, as opposed to how wiz normalizes its name tags (array) filter by tags associated with the resource you can specify multiple values analyzedat (object) before (string) after (string) firstseenat (object) before (string) after (string) result (array) filter by result you can specify multiple values severity (array) filter by configuration finding severity you can specify multiple values benchmark (array) filter by benchmark type id you can specify multiple values hasremediationinstructions (boolean) filter configuration findings with / without remediation instructions status (array) filter configuration findings by finding status you can specify multiple values ignoredby (object) isignoredbyrule (boolean) filter configuration findings that are/are not ignored ignorerules (array) filter configuration findings according to a string search you can specify multiple values frameworkcategory (array) filter for findings using the name of security frameworks, security subcategories, or security categories you can specify multiple values updatedat (object) – required after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format output example \[ { "status code" 200, "response headers" { "date" "mon, 31 jul 2023 09 08 42 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'self';frame ancestors 'self';img src 'self' data ;object src 'none';script src 'self';script src attr 'none';style src 'self' https 'unsafe inline';upgrade insecure requests", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x dns prefetch control" "off", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x download options" "noopen", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "vary" "origin, accept encoding", "access control allow credentials" "true", "etag" "w/\\"c74 dcgx9srklp7itgjy1vc8jeesjru\\"", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" { "configurationfindings" { "nodes" \[ { "id" "cac394a8 11ae 5911 a605 ae4a6f108bf4", "targetexternalid" "arn\ aws\ rds\ us east 1 998231069301\ snapshot\ rds\ database 1 2023 07 31 03 25", "targetobjectprovideruniqueid" "arn\ aws\ rds\ us east 1 998231069301\ snapshot\ rds\ database 1 2023 07 31 03 25", "firstseenat" "2023 07 31t03 49 01 804229z", "severity" "medium", "result" "pass", "status" "resolved", "remediation" null, "resource" { "id" "9f52f1ac 8404 5d9a 80e0 767ac0001671", "providerid" "arn\ aws\ rds\ us east 1 998231069301\ snapshot\ rds\ database 1 2023 07 31 03 25", "name" "rds\ database 1 2023 07 31 03 25", "nativetype" "rds#snapshot", "type" "snapshot", "region" "us east 1", "subscription" { "id" "94e76baa 85fd 5928 b829 1669a2ca9660", "name" "wiz integrations", "externalid" "998231069301", "cloudprovider" "aws" }, "projects" \[ { "id" "83b76efe a7b6 5762 8a53 8e8f59e68bd8", "name" "project 2", "riskprofile" { "businessimpact" "mbi" } }, { "id" "af52828c 4eb1 5c4e 847c ebc3a5ead531", "name" "project 4", "riskprofile" { "businessimpact" "mbi" } }, { "id" "d6ac50bb aec0 52fc 80ab bacd7b02f178", "name" "project1", "riskprofile" { "businessimpact" "mbi" } } ], "tags" \[] }, "rule" { "id" "288042af 3f9b 4b55 b03b 2bc9b5513747", "graphid" "c859306f ef87 5328 81af 5fc093a36877", "name" "rds instance snapshot should be encrypted", "description" "this rule checks if the rds database instance snapshot is not encrypted at rest \nthis rule fails if `encrypted` is set to `false` and `status` is `available` \nrds database instance snapshots are backups for rds instances and can be used to restore the instance \nit is recommended to enable encryption at rest for the snapshot in order to protect the data they contain, especially if it stores sensitive data \n> note \n>see cloud configuration rule `rds 004` to see if the db instance is encrypted rule `snapshot 001` checks if the db cluster snapshot is encrypted ", "remediationinstructions" "perform the following command to encrypt the rds cluster instance via aws cli \n```\naws rds copy db snapshot \\\\\n source db snapshot identifier {{dbsnapshotid}} \\\\\n target db snapshot identifier {{dbsnapshotid}} encrypted \\\\\n region {{region}} \\\\\n kms key id \<value>\n```\nto encrypt the snapshot with an aws managed key use the alias `aws/rds` for a customer managed key insert the key arn or key id in the ` kms key id` parameter \n\n\nonce the new and encrypted snapshot is available, it is safe to delete the source snapshot \n\nuse the following to delete the unencrypted snapshot \n```\naws rds delete db snapshot \\\\\n db snapshot identifier {{dbsnapshotid}} \\\\\n region {{region}}\n```", "functionascontrol" false }, "securitysubcategories" \[ { "id" "wsct id 5209", "title" "data security", "category" { "id" "wct id 422", "name" "8 data security", "framework" { "id" "wf id 1", "name" "wiz" } } }, { "id" "wsct id 9123", "title" "insufficiently encrypted sensitive data", "category" { "id" "wct id 1173", "name" "6 data security", "framework" { "id" "wf id 53", "name" "wiz for risk assessment" } } } ] } ], "pageinfo" { "hasnextpage" true, "endcursor" "eyjmawvszhmiolt7ikzpzwxkijoiqw5hbhl6zwrbdcisilzhbhvlijoimjaymy0wny0zmvqwmzo0odo1oc41nzq3ndjain1dfq==" } } } } } ] output parameters status code (number) reason (string) json body (object) data (object) configurationfindings (object) nodes (array) id (string) targetexternalid (string) targetobjectprovideruniqueid (string) firstseenat (string) severity (string) result (string) status (string) remediation (object) resource (object) id (string) providerid (string) name (string) nativetype (string) type (string) region (string) subscription (object) id (string) name (string) externalid (string) cloudprovider (string) projects (array) id (string) name (string) riskprofile (object) businessimpact (string) tags (array) file name (string) – required file (string) – required rule (object) id (string) graphid (string) name (string) description (string) remediationinstructions (string) functionascontrol (boolean) securitysubcategories (array) id (string) title (string) category (object) id (string) name (string) framework (object) id (string) name (string) pageinfo (object) hasnextpage (boolean) endcursor (string) response headers header type date string content type string transfer encoding string connection string content security policy string cross origin embedder policy string cross origin opener policy string cross origin resource policy string x dns prefetch control string x frame options string strict transport security string x download options string x content type options string origin agent cluster string x permitted cross domain policies string referrer policy string x xss protection string vary string access control allow credentials string etag string content encoding string