Im writing a lambda function get AWS security hub findings and export it to another platform to analyze it. im using following code with boto3 to get the findings
securityhub_client = boto3.client('securityhub')
securityhub_client.get_findings()
it will return all the findings and its a very large json. i only want to get findings related to few ECR repositories and i tried to construct a filter object to get results im looking for. but im not exactly sure how to construct this filter object! can someone help with this issue
filter_expression = {
"ResourceType": [
{
"Comparison": "EQUALS",
"Value": "AwsEcrContainerImage"
}
],
"ResourceContainerImageName": [
{
"Comparison": "EQUALS",
"Value": "nginx"
}
]
}
response = securityhub_client.get_findings(Filters=filter_expression)
above is a sample filter object i tried. i also tried replacing ResourceContainerImageName with ResourceContainerImageId and ResourceContainerName according to documentation but still no luck