Oracle Cloud Infrastructure v2.33.0, May 1 25

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

oci.DataSafe.getSecurityAssessmentFindings

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

Using getSecurityAssessmentFindings

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSecurityAssessmentFindings(args: GetSecurityAssessmentFindingsArgs, opts?: InvokeOptions): Promise<GetSecurityAssessmentFindingsResult>
function getSecurityAssessmentFindingsOutput(args: GetSecurityAssessmentFindingsOutputArgs, opts?: InvokeOptions): Output<GetSecurityAssessmentFindingsResult>

def get_security_assessment_findings(access_level: Optional[str] = None,
                                     compartment_id_in_subtree: Optional[bool] = None,
                                     fields: Optional[Sequence[str]] = None,
                                     filters: Optional[Sequence[GetSecurityAssessmentFindingsFilter]] = None,
                                     finding_key: Optional[str] = None,
                                     is_top_finding: Optional[bool] = None,
                                     references: Optional[str] = None,
                                     scim_query: Optional[str] = None,
                                     security_assessment_id: Optional[str] = None,
                                     severity: Optional[str] = None,
                                     state: Optional[str] = None,
                                     target_id: Optional[str] = None,
                                     opts: Optional[InvokeOptions] = None) -> GetSecurityAssessmentFindingsResult
def get_security_assessment_findings_output(access_level: Optional[pulumi.Input[str]] = None,
                                     compartment_id_in_subtree: Optional[pulumi.Input[bool]] = None,
                                     fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     filters: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecurityAssessmentFindingsFilterArgs]]]] = None,
                                     finding_key: Optional[pulumi.Input[str]] = None,
                                     is_top_finding: Optional[pulumi.Input[bool]] = None,
                                     references: Optional[pulumi.Input[str]] = None,
                                     scim_query: Optional[pulumi.Input[str]] = None,
                                     security_assessment_id: Optional[pulumi.Input[str]] = None,
                                     severity: Optional[pulumi.Input[str]] = None,
                                     state: Optional[pulumi.Input[str]] = None,
                                     target_id: Optional[pulumi.Input[str]] = None,
                                     opts: Optional[InvokeOptions] = None) -> Output[GetSecurityAssessmentFindingsResult]

func GetSecurityAssessmentFindings(ctx *Context, args *GetSecurityAssessmentFindingsArgs, opts ...InvokeOption) (*GetSecurityAssessmentFindingsResult, error)
func GetSecurityAssessmentFindingsOutput(ctx *Context, args *GetSecurityAssessmentFindingsOutputArgs, opts ...InvokeOption) GetSecurityAssessmentFindingsResultOutput

> Note: This function is named GetSecurityAssessmentFindings in the Go SDK.

public static class GetSecurityAssessmentFindings 
{
    public static Task<GetSecurityAssessmentFindingsResult> InvokeAsync(GetSecurityAssessmentFindingsArgs args, InvokeOptions? opts = null)
    public static Output<GetSecurityAssessmentFindingsResult> Invoke(GetSecurityAssessmentFindingsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecurityAssessmentFindingsResult> getSecurityAssessmentFindings(GetSecurityAssessmentFindingsArgs args, InvokeOptions options)
public static Output<GetSecurityAssessmentFindingsResult> getSecurityAssessmentFindings(GetSecurityAssessmentFindingsArgs args, InvokeOptions options)

fn::invoke:
  function: oci:DataSafe/getSecurityAssessmentFindings:getSecurityAssessmentFindings
  arguments:
    # arguments dictionary

The following arguments are supported:

SecurityAssessmentId string

The OCID of the security assessment.

AccessLevel string

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

CompartmentIdInSubtree bool

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

Fields List<string>

Specifies a subset of fields to be returned in the response.

Filters List<GetSecurityAssessmentFindingsFilter>

FindingKey string

Each finding in security assessment has an associated key (think of key as a finding's name). For a given finding, the key will be the same across targets. The user can use these keys to filter the findings.

IsTopFinding bool

A filter to return only the findings that are marked as top findings.

References string

An optional filter to return only findings that match the specified reference.

ScimQuery string

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: | scimQuery=(severity eq 'high') and (targetId eq 'target_1') scimQuery=(category eq "Users") and (targetId eq "target_1") scimQuery=(reference eq 'CIS') and (targetId eq 'target_1') Supported fields: severity findingKey reference targetId isTopFinding title category remarks details summary isRiskModified

Severity string

A filter to return only findings of a particular risk level.

State string

A filter to return only the findings that match the specified lifecycle states.

TargetId string

A filter to return only items related to a specific target OCID.

SecurityAssessmentId string

The OCID of the security assessment.

AccessLevel string

CompartmentIdInSubtree bool

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

Fields []string

Specifies a subset of fields to be returned in the response.

Filters []GetSecurityAssessmentFindingsFilter

FindingKey string

IsTopFinding bool

A filter to return only the findings that are marked as top findings.

References string

An optional filter to return only findings that match the specified reference.

ScimQuery string

Severity string

A filter to return only findings of a particular risk level.

State string

A filter to return only the findings that match the specified lifecycle states.

TargetId string

A filter to return only items related to a specific target OCID.

securityAssessmentId String

The OCID of the security assessment.

accessLevel String

compartmentIdInSubtree Boolean

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

fields List<String>

Specifies a subset of fields to be returned in the response.

filters List<GetSecurityAssessmentFindingsFilter>

findingKey String

isTopFinding Boolean

A filter to return only the findings that are marked as top findings.

references String

An optional filter to return only findings that match the specified reference.

scimQuery String

severity String

A filter to return only findings of a particular risk level.

state String

A filter to return only the findings that match the specified lifecycle states.

targetId String

A filter to return only items related to a specific target OCID.

securityAssessmentId string

The OCID of the security assessment.

accessLevel string

compartmentIdInSubtree boolean

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

fields string[]

Specifies a subset of fields to be returned in the response.

filters GetSecurityAssessmentFindingsFilter[]

findingKey string

isTopFinding boolean

A filter to return only the findings that are marked as top findings.

references string

An optional filter to return only findings that match the specified reference.

scimQuery string

severity string

A filter to return only findings of a particular risk level.

state string

A filter to return only the findings that match the specified lifecycle states.

targetId string

A filter to return only items related to a specific target OCID.

security_assessment_id str

The OCID of the security assessment.

access_level str

compartment_id_in_subtree bool

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

fields Sequence[str]

Specifies a subset of fields to be returned in the response.

filters Sequence[GetSecurityAssessmentFindingsFilter]

finding_key str

is_top_finding bool

A filter to return only the findings that are marked as top findings.

references str

An optional filter to return only findings that match the specified reference.

scim_query str

severity str

A filter to return only findings of a particular risk level.

state str

A filter to return only the findings that match the specified lifecycle states.

target_id str

A filter to return only items related to a specific target OCID.

securityAssessmentId String

The OCID of the security assessment.

accessLevel String

compartmentIdInSubtree Boolean

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

fields List<String>

Specifies a subset of fields to be returned in the response.

filters List<Property Map>

findingKey String

isTopFinding Boolean

A filter to return only the findings that are marked as top findings.

references String

An optional filter to return only findings that match the specified reference.

scimQuery String

severity String

A filter to return only findings of a particular risk level.

state String

A filter to return only the findings that match the specified lifecycle states.

targetId String

A filter to return only items related to a specific target OCID.

getSecurityAssessmentFindings Result

The following output properties are available:

Findings List<GetSecurityAssessmentFindingsFinding>: The list of findings.
Id string: The provider-assigned unique ID for this managed resource.
SecurityAssessmentId string
AccessLevel string
CompartmentIdInSubtree bool
Fields List<string>
Filters List<GetSecurityAssessmentFindingsFilter>
FindingKey string
IsTopFinding bool: Indicates whether a given finding is marked as topFinding or not.
References string: Provides information on whether the finding is related to a CIS Oracle Database Benchmark recommendation, a STIG rule, or a GDPR Article/Recital.
ScimQuery string
Severity string: The severity of the finding as determined by security assessment and is same as oracleDefinedSeverity, unless modified by user.
State string: The current state of the finding.
TargetId string: The OCID of the target database.

Findings []GetSecurityAssessmentFindingsFinding: The list of findings.
Id string: The provider-assigned unique ID for this managed resource.
SecurityAssessmentId string
AccessLevel string
CompartmentIdInSubtree bool
Fields []string
Filters []GetSecurityAssessmentFindingsFilter
FindingKey string
IsTopFinding bool: Indicates whether a given finding is marked as topFinding or not.
References string: Provides information on whether the finding is related to a CIS Oracle Database Benchmark recommendation, a STIG rule, or a GDPR Article/Recital.
ScimQuery string
Severity string: The severity of the finding as determined by security assessment and is same as oracleDefinedSeverity, unless modified by user.
State string: The current state of the finding.
TargetId string: The OCID of the target database.

findings List<GetSecurityAssessmentFindingsFinding>: The list of findings.
id String: The provider-assigned unique ID for this managed resource.
securityAssessmentId String
accessLevel String
compartmentIdInSubtree Boolean
fields List<String>
filters List<GetSecurityAssessmentFindingsFilter>
findingKey String
isTopFinding Boolean: Indicates whether a given finding is marked as topFinding or not.
references String: Provides information on whether the finding is related to a CIS Oracle Database Benchmark recommendation, a STIG rule, or a GDPR Article/Recital.
scimQuery String
severity String: The severity of the finding as determined by security assessment and is same as oracleDefinedSeverity, unless modified by user.
state String: The current state of the finding.
targetId String: The OCID of the target database.

findings GetSecurityAssessmentFindingsFinding[]: The list of findings.
id string: The provider-assigned unique ID for this managed resource.
securityAssessmentId string
accessLevel string
compartmentIdInSubtree boolean
fields string[]
filters GetSecurityAssessmentFindingsFilter[]
findingKey string
isTopFinding boolean: Indicates whether a given finding is marked as topFinding or not.
references string: Provides information on whether the finding is related to a CIS Oracle Database Benchmark recommendation, a STIG rule, or a GDPR Article/Recital.
scimQuery string
severity string: The severity of the finding as determined by security assessment and is same as oracleDefinedSeverity, unless modified by user.
state string: The current state of the finding.
targetId string: The OCID of the target database.

findings Sequence[GetSecurityAssessmentFindingsFinding]: The list of findings.
id str: The provider-assigned unique ID for this managed resource.
security_assessment_id str
access_level str
compartment_id_in_subtree bool
fields Sequence[str]
filters Sequence[GetSecurityAssessmentFindingsFilter]
finding_key str
is_top_finding bool: Indicates whether a given finding is marked as topFinding or not.
references str: Provides information on whether the finding is related to a CIS Oracle Database Benchmark recommendation, a STIG rule, or a GDPR Article/Recital.
scim_query str
severity str: The severity of the finding as determined by security assessment and is same as oracleDefinedSeverity, unless modified by user.
state str: The current state of the finding.
target_id str: The OCID of the target database.

findings List<Property Map>: The list of findings.
id String: The provider-assigned unique ID for this managed resource.
securityAssessmentId String
accessLevel String
compartmentIdInSubtree Boolean
fields List<String>
filters List<Property Map>
findingKey String
isTopFinding Boolean: Indicates whether a given finding is marked as topFinding or not.
references String: Provides information on whether the finding is related to a CIS Oracle Database Benchmark recommendation, a STIG rule, or a GDPR Article/Recital.
scimQuery String
severity String: The severity of the finding as determined by security assessment and is same as oracleDefinedSeverity, unless modified by user.
state String: The current state of the finding.
targetId String: The OCID of the target database.

Supporting Types

GetSecurityAssessmentFindingsFilter

Name string
Values List<string>
Regex bool

Name string
Values []string
Regex bool

name String
values List<String>
regex Boolean

name string
values string[]
regex boolean

name str
values Sequence[str]
regex bool

name String
values List<String>
regex Boolean

GetSecurityAssessmentFindingsFinding

AssessmentId string: The OCID of the assessment that generated this finding.
Details List<string>: The details of the finding. Provides detailed information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
HasTargetDbRiskLevelChanged bool: Determines if this risk level has changed on the target database since the last time 'severity' was modified by user.
IsRiskModified bool: Determines if this risk level was modified by user.
IsTopFinding bool: A filter to return only the findings that are marked as top findings.
Justification string: User provided reason for accepting or modifying this finding if they choose to do so.
Key string: The unique finding key. This is a system-generated identifier. To get the finding key for a finding, use ListFindings.
LifecycleDetails string: Details about the current state of the finding.
Oneline string: Provides a recommended approach to take to remediate the finding reported.
OracleDefinedSeverity string: The severity of the finding as determined by security assessment. This cannot be modified by user.
References List<GetSecurityAssessmentFindingsFindingReference>: An optional filter to return only findings that match the specified reference.
Remarks string: The explanation of the issue in this finding. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation.
Severity string: A filter to return only findings of a particular risk level.
State string: A filter to return only the findings that match the specified lifecycle states.
Summary string: The brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
TargetId string: A filter to return only items related to a specific target OCID.
TimeUpdated string: The date and time the risk level of finding was last updated, in the format defined by RFC3339.
TimeValidUntil string: The time until which the change in severity(deferred / modified) of this finding is valid.
Title string: The short title for the finding.

AssessmentId string: The OCID of the assessment that generated this finding.
Details []string: The details of the finding. Provides detailed information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
HasTargetDbRiskLevelChanged bool: Determines if this risk level has changed on the target database since the last time 'severity' was modified by user.
IsRiskModified bool: Determines if this risk level was modified by user.
IsTopFinding bool: A filter to return only the findings that are marked as top findings.
Justification string: User provided reason for accepting or modifying this finding if they choose to do so.
Key string: The unique finding key. This is a system-generated identifier. To get the finding key for a finding, use ListFindings.
LifecycleDetails string: Details about the current state of the finding.
Oneline string: Provides a recommended approach to take to remediate the finding reported.
OracleDefinedSeverity string: The severity of the finding as determined by security assessment. This cannot be modified by user.
References []GetSecurityAssessmentFindingsFindingReference: An optional filter to return only findings that match the specified reference.
Remarks string: The explanation of the issue in this finding. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation.
Severity string: A filter to return only findings of a particular risk level.
State string: A filter to return only the findings that match the specified lifecycle states.
Summary string: The brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
TargetId string: A filter to return only items related to a specific target OCID.
TimeUpdated string: The date and time the risk level of finding was last updated, in the format defined by RFC3339.
TimeValidUntil string: The time until which the change in severity(deferred / modified) of this finding is valid.
Title string: The short title for the finding.

assessmentId String: The OCID of the assessment that generated this finding.
details List<String>: The details of the finding. Provides detailed information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
hasTargetDbRiskLevelChanged Boolean: Determines if this risk level has changed on the target database since the last time 'severity' was modified by user.
isRiskModified Boolean: Determines if this risk level was modified by user.
isTopFinding Boolean: A filter to return only the findings that are marked as top findings.
justification String: User provided reason for accepting or modifying this finding if they choose to do so.
key String: The unique finding key. This is a system-generated identifier. To get the finding key for a finding, use ListFindings.
lifecycleDetails String: Details about the current state of the finding.
oneline String: Provides a recommended approach to take to remediate the finding reported.
oracleDefinedSeverity String: The severity of the finding as determined by security assessment. This cannot be modified by user.
references List<GetSecurityAssessmentFindingsFindingReference>: An optional filter to return only findings that match the specified reference.
remarks String: The explanation of the issue in this finding. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation.
severity String: A filter to return only findings of a particular risk level.
state String: A filter to return only the findings that match the specified lifecycle states.
summary String: The brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
targetId String: A filter to return only items related to a specific target OCID.
timeUpdated String: The date and time the risk level of finding was last updated, in the format defined by RFC3339.
timeValidUntil String: The time until which the change in severity(deferred / modified) of this finding is valid.
title String: The short title for the finding.

assessmentId string: The OCID of the assessment that generated this finding.
details string[]: The details of the finding. Provides detailed information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
hasTargetDbRiskLevelChanged boolean: Determines if this risk level has changed on the target database since the last time 'severity' was modified by user.
isRiskModified boolean: Determines if this risk level was modified by user.
isTopFinding boolean: A filter to return only the findings that are marked as top findings.
justification string: User provided reason for accepting or modifying this finding if they choose to do so.
key string: The unique finding key. This is a system-generated identifier. To get the finding key for a finding, use ListFindings.
lifecycleDetails string: Details about the current state of the finding.
oneline string: Provides a recommended approach to take to remediate the finding reported.
oracleDefinedSeverity string: The severity of the finding as determined by security assessment. This cannot be modified by user.
references GetSecurityAssessmentFindingsFindingReference[]: An optional filter to return only findings that match the specified reference.
remarks string: The explanation of the issue in this finding. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation.
severity string: A filter to return only findings of a particular risk level.
state string: A filter to return only the findings that match the specified lifecycle states.
summary string: The brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
targetId string: A filter to return only items related to a specific target OCID.
timeUpdated string: The date and time the risk level of finding was last updated, in the format defined by RFC3339.
timeValidUntil string: The time until which the change in severity(deferred / modified) of this finding is valid.
title string: The short title for the finding.

assessment_id str: The OCID of the assessment that generated this finding.
details Sequence[str]: The details of the finding. Provides detailed information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
has_target_db_risk_level_changed bool: Determines if this risk level has changed on the target database since the last time 'severity' was modified by user.
is_risk_modified bool: Determines if this risk level was modified by user.
is_top_finding bool: A filter to return only the findings that are marked as top findings.
justification str: User provided reason for accepting or modifying this finding if they choose to do so.
key str: The unique finding key. This is a system-generated identifier. To get the finding key for a finding, use ListFindings.
lifecycle_details str: Details about the current state of the finding.
oneline str: Provides a recommended approach to take to remediate the finding reported.
oracle_defined_severity str: The severity of the finding as determined by security assessment. This cannot be modified by user.
references Sequence[GetSecurityAssessmentFindingsFindingReference]: An optional filter to return only findings that match the specified reference.
remarks str: The explanation of the issue in this finding. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation.
severity str: A filter to return only findings of a particular risk level.
state str: A filter to return only the findings that match the specified lifecycle states.
summary str: The brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
target_id str: A filter to return only items related to a specific target OCID.
time_updated str: The date and time the risk level of finding was last updated, in the format defined by RFC3339.
time_valid_until str: The time until which the change in severity(deferred / modified) of this finding is valid.
title str: The short title for the finding.

assessmentId String: The OCID of the assessment that generated this finding.
details List<String>: The details of the finding. Provides detailed information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
hasTargetDbRiskLevelChanged Boolean: Determines if this risk level has changed on the target database since the last time 'severity' was modified by user.
isRiskModified Boolean: Determines if this risk level was modified by user.
isTopFinding Boolean: A filter to return only the findings that are marked as top findings.
justification String: User provided reason for accepting or modifying this finding if they choose to do so.
key String: The unique finding key. This is a system-generated identifier. To get the finding key for a finding, use ListFindings.
lifecycleDetails String: Details about the current state of the finding.
oneline String: Provides a recommended approach to take to remediate the finding reported.
oracleDefinedSeverity String: The severity of the finding as determined by security assessment. This cannot be modified by user.
references List<Property Map>: An optional filter to return only findings that match the specified reference.
remarks String: The explanation of the issue in this finding. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation.
severity String: A filter to return only findings of a particular risk level.
state String: A filter to return only the findings that match the specified lifecycle states.
summary String: The brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
targetId String: A filter to return only items related to a specific target OCID.
timeUpdated String: The date and time the risk level of finding was last updated, in the format defined by RFC3339.
timeValidUntil String: The time until which the change in severity(deferred / modified) of this finding is valid.
title String: The short title for the finding.

GetSecurityAssessmentFindingsFindingReference

Cis string: Relevant section from CIS.
Gdpr string: Relevant section from GDPR.
Obp string: Relevant section from OBP.
Stig string: Relevant section from STIG.

Cis string: Relevant section from CIS.
Gdpr string: Relevant section from GDPR.
Obp string: Relevant section from OBP.
Stig string: Relevant section from STIG.

cis String: Relevant section from CIS.
gdpr String: Relevant section from GDPR.
obp String: Relevant section from OBP.
stig String: Relevant section from STIG.

cis string: Relevant section from CIS.
gdpr string: Relevant section from GDPR.
obp string: Relevant section from OBP.
stig string: Relevant section from STIG.

cis str: Relevant section from CIS.
gdpr str: Relevant section from GDPR.
obp str: Relevant section from OBP.
stig str: Relevant section from STIG.

cis String: Relevant section from CIS.
gdpr String: Relevant section from GDPR.
obp String: Relevant section from OBP.
stig String: Relevant section from STIG.

Package Details

Repository: oci pulumi/pulumi-oci
License: Apache-2.0
Notes: This Pulumi package is based on the oci Terraform Provider.

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

pulumi/pulumi-oci

oci.DataSafe.getSecurityAssessmentFindings

On this page

On this page

Using getSecurityAssessmentFindings

getSecurityAssessmentFindings Result

Supporting Types

GetSecurityAssessmentFindingsFilter

GetSecurityAssessmentFindingsFinding

GetSecurityAssessmentFindingsFindingReference

Package Details

On this page

On this page