list_guardduty_findings
Retrieve recent high-severity AWS GuardDuty security findings to monitor and respond to potential threats in your cloud environment.
Instructions
Lists recent high-severity GuardDuty findings.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| severity | No | Minimum severity level (default: 4). | |
| limit | No | Number of findings to return (default: 10). |
Implementation Reference
- src/index.ts:1694-1735 (handler)The handler function that implements the core logic for the 'list_guardduty_findings' tool. It retrieves the GuardDuty detector ID, lists findings filtered by minimum severity, fetches detailed findings, and returns a summarized list including title, severity, type, region, and resource ID.
if (name === "list_guardduty_findings") { // first list detectors const detectorsCmd = new ListDetectorsCommand({}); const dResponse = await guardDutyClient.send(detectorsCmd); const detectorId = dResponse.DetectorIds?.[0]; if (!detectorId) { return { content: [{ type: "text", text: "No GuardDuty detector found." }] }; } const severity = (args as any)?.severity || 4; const limit = (args as any)?.limit || 10; const listCmd = new ListFindingsCommand({ DetectorId: detectorId, FindingCriteria: { Criterion: { severity: { Gte: severity } } }, MaxResults: limit }); const listResponse = await guardDutyClient.send(listCmd); if (!listResponse.FindingIds || listResponse.FindingIds.length === 0) { return { content: [{ type: "text", text: "No findings found." }] }; } const getCmd = new GetFindingsCommand({ DetectorId: detectorId, FindingIds: listResponse.FindingIds }); const getResponse = await guardDutyClient.send(getCmd); const findings = getResponse.Findings?.map(f => ({ Title: f.Title, Severity: f.Severity, Type: f.Type, Region: f.Region, ResourceId: f.Resource?.InstanceDetails?.InstanceId || "N/A" })) || []; return { content: [{ type: "text", text: JSON.stringify(findings, null, 2) }] }; } - src/index.ts:448-463 (registration)Registration of the 'list_guardduty_findings' tool in the ListToolsRequest handler, including its name, description, and input schema definition.
name: "list_guardduty_findings", description: "Lists recent high-severity GuardDuty findings.", inputSchema: { type: "object", properties: { severity: { type: "number", description: "Minimum severity level (default: 4)." }, limit: { type: "number", description: "Number of findings to return (default: 10)." } } } }, - src/index.ts:450-462 (schema)Input schema defining optional parameters 'severity' (minimum severity level, default 4) and 'limit' (max findings to return, default 10) for the tool.
inputSchema: { type: "object", properties: { severity: { type: "number", description: "Minimum severity level (default: 4)." }, limit: { type: "number", description: "Number of findings to return (default: 10)." } } } - src/index.ts:59-59 (helper)Initialization of the GuardDutyClient instance used throughout the tool handler.
const guardDutyClient = new GuardDutyClient({}); - src/index.ts:25-25 (helper)Import of AWS SDK GuardDuty client and commands required for the tool implementation.
import { GuardDutyClient, ListFindingsCommand, GetFindingsCommand, ListDetectorsCommand } from "@aws-sdk/client-guardduty";