Created
December 7, 2023 00:04
-
-
Save rkreddyp/101313ea5f2ec31d61e0f167d7d664c8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import pandas as pd | |
| from botocore.exceptions import NoCredentialsError | |
| def get_all_guardduty_alerts(max_results_per_detector=50): | |
| client = boto3.client('guardduty') | |
| all_alerts = [] | |
| try: | |
| # List all GuardDuty detectors | |
| detectors = client.list_detectors() | |
| if 'DetectorIds' not in detectors: | |
| return pd.DataFrame() | |
| # Iterate through each detector and fetch alerts | |
| for detector_id in detectors['DetectorIds']: | |
| try: | |
| # List findings for the detector | |
| findings = client.list_findings(DetectorId=detector_id, MaxResults=max_results_per_detector) | |
| if 'FindingIds' in findings: | |
| # Fetch details of the findings | |
| details = client.get_findings( | |
| DetectorId=detector_id, | |
| FindingIds=findings['FindingIds'] | |
| ) | |
| if 'Findings' in details: | |
| # Add each finding to the all_alerts list | |
| for finding in details['Findings']: | |
| finding['DetectorId'] = detector_id # Add DetectorId to each finding | |
| all_alerts.append(finding) | |
| except Exception as e: | |
| print(f"Error fetching findings for detector {detector_id}: {e}") | |
| # Convert all alerts into a DataFrame | |
| return pd.DataFrame(all_alerts) | |
| except NoCredentialsError: | |
| print("Credentials not available") | |
| return pd.DataFrame() | |
| except Exception as e: | |
| print(f"An error occurred: {e}") | |
| return pd.DataFrame() | |
| # Example usage | |
| df_alerts = get_all_guardduty_alerts() | |
| print(df_alerts) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment