Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ API Reference/ API/ Access Analyzer/ Findings/ Retrieving a List of Findings Generated by the Specified Analyzer
Updated on 2025-11-06 GMT+08:00
View PDF
Share

Retrieving a List of Findings Generated by the Specified Analyzer

Function

This API is used to retrieve a list of findings generated by the specified analyzer.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

AccessAnalyzer:analyzer:listFindings

List

analyzer *

g:ResourceTag/<tag-key>

-

-

URI

POST /v5/analyzers/{analyzer_id}/findings

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

analyzer_id

Yes

String

Unique identifier of an analyzer

Minimum: 1

Maximum: 36

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

filters

No

Array of FindingFilter objects

A filter to match the returned findings.

Array Length: 1 - 20

limit

No

Integer

Maximum number of results on a page

marker

No

String

Page marker
Table 3 FindingFilter

Parameter

Mandatory

Type

Description

criterion

Yes

Criterion object

Criteria in the filter. Only one operator is allowed.

key

Yes

String

Filter key.

  • resource: resource URN

  • resource_type: resource type

  • resource_owner_account: resource owner account

  • is_public: public access permission

  • id: finding ID

  • status: finding type

  • principal_type

  • principal_identifier

  • change_type: finding status change

  • existing_finding_id: ID of an existing finding

  • existing_finding_status: status of an existing finding

  • condition.g:PrincipalUrn: principal URN

  • condition.g:PrincipalId: principal ID

  • condition.g:PrincipalAccount: principal account

  • condition.g:PrincipalOrgId: principal organization ID

  • condition.g:PrincipalOrgPath: principal organization path

  • condition.g:PrincipalOrgManagementAccountId: principal organization management account ID

  • condition.g:SourceIp: source IP address

  • condition.g:SourceVpc: source VPC

  • condition.g: SourceVpce: source VPC endpoint

  • finding_type: finding type
Table 4 Criterion

Parameter

Mandatory

Type

Description

contains

No

Array of strings

Matching the "contains" operator in the filter

Array Length: 1 - 20

eq

No

Array of strings

Matching the "eq" operator in the filter

Array Length: 1 - 20

exists

No

Boolean

Matching the "exists" operator in the filter

neq

No

Array of strings

Matching the "neq" operator in the filter

Array Length: 1 - 20

Response Parameters

Status code: 200

Table 5 Response body parameters

Parameter

Type

Description

findings

Array of FindingSummary objects

List of findings.

page_info

PageInfo object

Information on the page
Table 6 FindingSummary

Parameter

Type

Description

action

Array of strings

Action that can be used by external principals.

analyzed_at

String

Time when resources were analyzed.

condition

Array of FindingCondition objects

Condition that generates findings in the policy statement.

created_at

String

Time when the findings were generated.

finding_type

String

Finding type.

  • external_access: external access

  • privilege_escalation: privilege escalation

  • unused_iam_user_access_key: unused access key

  • unused_iam_user_password: unused password

  • unused_permission: unused permission

  • unused_iam_agency: unused agency

  • iam_bp_root_user_has_access_key: an AK/SK pair is bound to the root user

  • iam_bp_access_api_with_password: APIs access using passwords

  • iam_bp_login_protection_disabled: login protection disabled

  • iam_bp_mfa_unconfigured: MFA not added

  • iam_bp_assign_high_risk_sys_policy_or_role_to_user: high-risk system-defined policies or roles attached to users

  • iam_bp_attach_high_risk_sys_identity_policy_to_user: high-risk system-defined identity policies attached to users

  • iam_bp_assign_high_risk_sys_policy_or_role_to_agency: high-risk system-defined policies or roles attached to agencies

  • iam_bp_attach_high_risk_sys_identity_policy_to_agency: high-risk system-defined identity policies attached to agencies

id

String

Unique identifier of a finding.

is_public

Boolean

Whether the policy that generates findings allows public access to resources.

principal

FindingPrincipal object

An external principal that accesses resources in a zone of trust.

resource

String

Unique identifier of a resource.

resource_id

String

Unique identifier of a resource.

Minimum: 1

Maximum: 36

resource_owner_account

String

ID of the account that owns resources.

resource_project_id

String

Identifier of the project that the resource belongs to.

Maximum: 36

resource_type

String

Resource type.

  • iam:agency: IAM agency

  • iam:user: IAM user

  • kms:cmk: DEW shared key

  • obs:bucket: OBS bucket

  • swr:repo: SWR image repository

  • cbr:backup: CBR backup

  • ims:image: IMS image

sources

Array of strings

Source of findings, indicating how to grant access that generates the findings.

status

String

Finding status.

  • active

  • archived

  • resolved

updated_at

String

Time when the findings are updated.
Table 7 FindingCondition

Parameter

Type

Description

key

String

Identifier or name of a condition key.

value

String

Value of the condition key.
Table 8 FindingPrincipal

Parameter

Type

Description

identifier

String

Identifier of a principal.

type

String

Type of a principal.

  • all_principal: all principals

  • account

  • all_user_in_account: all users in an account

  • all_agency_in_account: all agencies in an account

  • all_identity_provider_in_account: all identity providers in an account

  • specific_user: specific user

  • specific_agency: specific agency

  • specific_group: specific user group

  • specific_identity_provider: specific identity provider
Table 9 PageInfo

Parameter

Type

Description

current_count

Integer

Number of items on the current page

next_marker

String

If present, it indicates that the available output is more than the output contained in the current response. Use this value in the marker request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this operation until the next_marker response returns null.

Example Requests

Retrieving a list of findings generated by the specified analyzer

POST https://{hostname}/v5/analyzers/{analyzer_id}/findings

{
  "filters" : [ {
    "criterion" : {
      "eq" : [ "iam:agency" ]
    },
    "key" : "resource_type"
  } ],
  "limit" : 100,
  "marker" : "{marker_string}"
}

Example Responses

Status code: 200

OK

{
  "findings" : [ {
    "action" : [ "sts:agencies:assume" ],
    "analyzed_at" : "2023-09-07T08:04:41.698Z",
    "condition" : [ {
      "key" : "g:PrincipalOrgId",
      "value" : "org_id"
    } ],
    "created_at" : "2023-09-07T08:04:41.698Z",
    "id" : "{finding_id}",
    "is_public" : false,
    "principal" : {
      "identifier" : "{domain_id}",
      "type" : "account"
    },
    "resource" : "iam::{domain_id}:agency:{agency_name}",
    "resource_owner_account" : "{domain_id}",
    "resource_id" : "{agency_id}",
    "resource_type" : "iam:agency",
    "status" : "active",
    "updated_at" : "2023-09-07T08:04:41.698Z"
  } ],
  "page_info" : {
    "current_count" : 1,
    "next_marker" : null
  }
}

Status Codes

Status Code

Description

200

OK

Error Codes

See Error Codes.

Parent topic: Findings