Finding
Represents a security finding discovered during a pentest job. A finding contains details about a vulnerability, including its risk level, confidence, and remediation status.
Contents
- agentSpaceId
-
The unique identifier of the agent space associated with the finding.
Type: String
Required: Yes
- findingId
-
The unique identifier of the finding.
Type: String
Required: Yes
- attackScript
-
The attack script used to reproduce the finding.
Type: String
Required: No
- codeRemediationTask
-
The code remediation task associated with the finding, if code remediation was initiated.
Type: CodeRemediationTask object
Required: No
- confidence
-
The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.
Type: String
Valid Values:
FALSE_POSITIVE | UNCONFIRMED | LOW | MEDIUM | HIGHRequired: No
- createdAt
-
The date and time the finding was created, in UTC format.
Type: Timestamp
Required: No
- description
-
A description of the finding.
Type: String
Required: No
- lastUpdatedBy
-
The identifier of the entity that last updated the finding.
Type: String
Required: No
- name
-
The name of the finding.
Type: String
Required: No
- pentestId
-
The unique identifier of the pentest associated with the finding.
Type: String
Required: No
- pentestJobId
-
The unique identifier of the pentest job that produced the finding.
Type: String
Required: No
- reasoning
-
The reasoning behind the finding, explaining why it was identified as a vulnerability.
Type: String
Required: No
- riskLevel
-
The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.
Type: String
Valid Values:
UNKNOWN | INFORMATIONAL | LOW | MEDIUM | HIGH | CRITICALRequired: No
- riskScore
-
The numerical risk score of the finding.
Type: String
Required: No
- riskType
-
The type of security risk identified by the finding.
Type: String
Required: No
- status
-
The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.
Type: String
Valid Values:
ACTIVE | RESOLVED | ACCEPTED | FALSE_POSITIVERequired: No
- taskId
-
The unique identifier of the task that produced the finding.
Type: String
Required: No
- updatedAt
-
The date and time the finding was last updated, in UTC format.
Type: Timestamp
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
