List and filter findings

Query security findings with powerful filters across severity, provider, service, and compliance frameworks.

List all findings

bash

GET /api/v1/findings
Authorization: Bearer <token>
X-Tenant-Slug: my-company

Filter parameters

severity

Filter by severity level

critical | high | medium | low

provider

Filter by infrastructure type

status

Filter by remediation status

open | resolved | suppressed

connection_id

Filter by specific connection

UUID

framework

Filter by compliance framework

stig | cis | nist | pci | hipaa | iso27001 | soc2 | gdpr

auto_fix_safe

Only findings with safe auto-remediation

true | false

limit

Results per page (default 50)

integer (max 200)

offset

Pagination offset

integer

Example: Critical AWS findings

bash

GET /api/v1/findings?severity=critical&provider=aws&limit=20

json

{
  "total": 3,
  "findings": [
    {
      "id": "find_001",
      "rule_code": "AWS-S3-003",
      "title": "S3 bucket publicly accessible",
      "severity": "critical",
      "provider": "aws",
      "service": "s3",
      "resource_id": "my-bucket-name",
      "resource_type": "aws_s3_bucket",
      "status": "open",
      "framework_tags": ["pci_dss", "soc2", "hipaa"],
      "remediation_summary": "Enable Block Public Access on this bucket.",
      "auto_fix_safe": true,
      "detected_at": "2026-04-12T10:34:12Z"
    }
  ],
  "limit": 20,
  "offset": 0
}

Example: PCI DSS findings

bash

GET /api/v1/findings?framework=pci&status=open&severity=high