Exporting Compliance Findings to CSV

Follow

In order to download all compliance findings to .csv, you can leverage the cloudtamer.io Public API to grab all active findings in the environment and, if desired, filter it down by project ID or standard ID using the GET /api/v4/compliance/finding endpoint. To begin, you will want to create a new cloudtamer.io API Key and then run the following cURL command and parse it to a .json file as seen here. Be sure to replace YOUR-CLOUDTAMER-URL and APP_API_KEY_HERE:

curl -X GET "https://YOUR-CLOUDTAMER-URL.com/api/v4/compliance/finding?finding_type=active" -H "accept: application/json" -H "Authorization: Bearer APP_API_KEY_HERE" > findings.json

Next, we'll use jq to be able to get more advanced parsing of the .json output and use jq to parse the file to .csv. First, we'll want to install jq using package managers like brew install jq or via the github project here: - https://stedolan.github.io/jq/download/.

Once jq has been installed, you can cat the findings.json file in formatted json using:

cat findings.json|jq

Next, we'll take the following fields from the findings.json file and parse them to a new file, findings.csv :

  • Check Name
  • Project ID
  • Project Name
  • Resource Type
  • Resource Name
  • Standard Name
  • Check Name
  • Severity Type (1-Informational, 2-Low, 3-Medium, 4-High, 5-Critical)
  • Account Number
  • Parent OU Name
  • Region
  • Created At (When the finding was found)

To parse through the .json and convert to a .csv file, run the following:

jq -r '.data.items[] | [.check_name, .project_id,.project_name, .finding.resource_type, .finding.resource_name, .standard_name, .check_name, .severity_type_id, .account_number, .parent_ou_name, .region, .created_at ] | @csv' findings.json > findings.csv
Was this article helpful?
0 out of 0 found this helpful