External Findings

The External Finding resource has methods to send findings from an external source to CloudGuard, for entities in cloud accounts that are onboarded to CloudGuard. These findings are recorded in CloudGuard along with findings discovered by CloudGuard (internal findings).

The resource has methods to send findings (in bulk), archive them in CloudGuard, or delete them from CloudGuard. Archived findings remain as records in CloudGuard, and are searchable. Deleted findings are permanently removed.

Findings are sent to CloudGuard as a bulk list, using the POST method. The response includes a list of findings from the list that were rejected by CloudGuard, along with the reason.

Resource Types

The table below shows the codes for the different entity types.

Entity typeDescription
sg Security Groups
elb Classic Load Balancer
vpc VPC
subnet Subnet
nacl Network ACLs
dbInstance RDS DB Instances
vpcEndpoint VPC Endpoints
vpcPeeringConnection VPC Peering
lambda AWS Lambda
cloudTrail AWS CloudTrail
cloudWatch CloudWatch
s3Bucket S3 Buckets
appLB Application Load Balancer
volume EBS Volumes
redshift Redshift
vpcFlowLog VPC Flow Logs
configuration Configuration Recorder
snsSubscription AWS::SNS::Subscription
directConnect AWS Direct Connect
vpnGateway VpnGateway
efs Amazon Elastic File System
internetGateway Internet Gateways
routeTable Route Tables
elastiCache Amazon ElastiCache
ecsCluster ECS Clusters
inspector Inspector
networkInterface Elastic Network Interfaces
ecsTaskDefinition Amazon ECS Task Definitions
route53 Route 53
kinesisStream Kinesis Data Streams
acmCertificate AWS Certificate Manager
dynamoDbTable DynamoDB table
ec2Image Amazon Machine Images 
wafRegional AWS WAF Regional
vpnConnection VPN Connections
ecsTask ECS Task Definitions
CustomerGateway Customer Gateway
elasticIp Elastic IP Addresses
GuardDutyDetector Amazon GuardDuty detector.
Ec2Instance EC2
ApiGateway API Gateway
kms Kms

See also

Use the CloudGuard REST API to send findings to CloudGuard from an external system