Files
2025-10-30 18:58:05 +01:00

134 lines
4.0 KiB
Plaintext

---
title: "Retrieve Finding"
api: "GET /api/v1/findings/{id}"
description: "Fetch detailed information about a specific finding by its ID."
---
Retrieve complete details about a specific security finding, including check metadata, raw results, and affected resources.
## Path Parameters
- `id` (required) - The UUID of the finding to retrieve
## Query Parameters
### Field Selection
- `fields[findings]` - Specify which fields to return: `uid`, `delta`, `status`, `status_extended`, `severity`, `check_id`, `check_metadata`, `raw_result`, `inserted_at`, `updated_at`, `first_seen_at`, `muted`, `muted_reason`, `url`, `scan`, `resources`
### Include Related Resources
- `include` - Include related resources: `scan`, `resources`
## Example Request
```bash
curl -X GET "https://api.prowler.com/api/v1/findings/{id}?include=scan,resources" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/vnd.api+json"
```
## Response
### Success Response (200 OK)
Returns detailed information about the finding:
```json
{
"data": {
"type": "findings",
"id": "finding-uuid",
"attributes": {
"uid": "prowler-aws-s3-bucket-unencrypted-123456",
"check_id": "s3_bucket_default_encryption",
"status": "FAIL",
"status_extended": "S3 Bucket 'my-bucket' does not have default encryption enabled",
"severity": "high",
"muted": false,
"muted_reason": null,
"delta": "new",
"inserted_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z",
"first_seen_at": "2024-01-15T10:30:00Z",
"check_metadata": {
"Provider": "aws",
"CheckID": "s3_bucket_default_encryption",
"CheckTitle": "Check if S3 buckets have default encryption enabled",
"CheckType": "Software and Configuration Checks",
"ServiceName": "s3",
"Severity": "high",
"ResourceType": "AwsS3Bucket",
"Description": "S3 buckets should have encryption at rest enabled...",
"Risk": "Unencrypted S3 buckets can expose sensitive data...",
"RelatedUrl": "https://docs.aws.amazon.com/...",
"Remediation": {
"Code": {
"CLI": "aws s3api put-bucket-encryption...",
"Terraform": "..."
},
"Recommendation": {
"Text": "Enable default encryption on S3 bucket",
"Url": "https://docs.aws.amazon.com/..."
}
},
"Categories": ["encryption"]
},
"raw_result": {
"finding_unique_id": "...",
"status": "FAIL",
"status_extended": "...",
"raw": {}
}
},
"relationships": {
"scan": {
"data": {
"type": "scans",
"id": "scan-uuid"
}
},
"resources": {
"data": [
{
"type": "resources",
"id": "resource-uuid"
}
]
}
}
}
}
```
### Response Fields
- `uid` (string, required) - Unique identifier for the finding (max 300 characters)
- `check_id` (string, required) - ID of the security check (max 100 characters)
- `status` (enum, required) - Finding status: `FAIL`, `PASS`, or `MANUAL`
- `status_extended` (string, nullable) - Detailed status message
- `severity` (enum, required) - Severity: `critical`, `high`, `medium`, `low`, `informational`
- `delta` (enum, nullable) - Change status: `new`, `changed`, or `null`
- `muted` (boolean) - Whether finding is muted
- `muted_reason` (string, nullable) - Reason for muting (3-500 characters)
- `inserted_at` (datetime, read-only) - Creation timestamp
- `updated_at` (datetime, read-only) - Last modification timestamp
- `first_seen_at` (datetime, nullable, read-only) - First detection timestamp
- `check_metadata` (object) - Complete check metadata
- `raw_result` (object) - Raw scan output
### Error Responses
**404 Not Found** - Finding does not exist
```json
{
"errors": [
{
"status": "404",
"title": "Not Found",
"detail": "Finding not found"
}
]
}
```