AWS Audit Manager

2021/11/18 - AWS Audit Manager - 6 new 1 updated api methods

Changes  This release introduces a new feature for Audit Manager: Dashboard views. You can now view insights data for your active assessments, and quickly identify non-compliant evidence that needs to be remediated.

GetInsightsByAssessment (new) Link ¶

Gets the latest analytics data for a specific active assessment.

See also: AWS API Documentation

Request Syntax

client.get_insights_by_assessment(
    assessmentId='string'
)
type assessmentId

string

param assessmentId

[REQUIRED]

The unique identifier for the assessment.

rtype

dict

returns

Response Syntax

{
    'insights': {
        'noncompliantEvidenceCount': 123,
        'compliantEvidenceCount': 123,
        'inconclusiveEvidenceCount': 123,
        'assessmentControlsCountByNoncompliantEvidence': 123,
        'totalAssessmentControlsCount': 123,
        'lastUpdated': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • insights (dict) --

      The assessment analytics data that the GetInsightsByAssessment API returned.

      • noncompliantEvidenceCount (integer) --

        The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.

      • compliantEvidenceCount (integer) --

        The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.

      • inconclusiveEvidenceCount (integer) --

        The amount of evidence without a compliance check ruling. Evidence is inconclusive if the associated control uses Security Hub or Config as a data source and you didn't enable those services. This is also the case if a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).

        Note

        If evidence has a compliance check status of not applicable , it's classified as inconclusive in InsightsByAssessment data.

      • assessmentControlsCountByNoncompliantEvidence (integer) --

        The number of assessment controls that collected non-compliant evidence on the lastUpdated date.

      • totalAssessmentControlsCount (integer) --

        The total number of controls in the assessment.

      • lastUpdated (datetime) --

        The time when the assessment insights were last updated.

GetInsights (new) Link ¶

Gets the latest analytics data for all your current active assessments.

See also: AWS API Documentation

Request Syntax

client.get_insights()
rtype

dict

returns

Response Syntax

{
    'insights': {
        'activeAssessmentsCount': 123,
        'noncompliantEvidenceCount': 123,
        'compliantEvidenceCount': 123,
        'inconclusiveEvidenceCount': 123,
        'assessmentControlsCountByNoncompliantEvidence': 123,
        'totalAssessmentControlsCount': 123,
        'lastUpdated': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • insights (dict) --

      The analytics data that the GetInsights API returned.

      • activeAssessmentsCount (integer) --

        The number of active assessments in Audit Manager.

      • noncompliantEvidenceCount (integer) --

        The number of compliance check evidence that Audit Manager classified as non-compliant on the lastUpdated date. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.

      • compliantEvidenceCount (integer) --

        The number of compliance check evidence that Audit Manager classified as compliant on the lastUpdated date. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.

      • inconclusiveEvidenceCount (integer) --

        The number of evidence without a compliance check ruling. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example: manual evidence, API calls, or CloudTrail).

        Note

        If evidence has a compliance check status of not applicable , it's classed as inconclusive in Insights data.

      • assessmentControlsCountByNoncompliantEvidence (integer) --

        The number of assessment controls that collected non-compliant evidence on the lastUpdated date.

      • totalAssessmentControlsCount (integer) --

        The total number of controls across all active assessments.

      • lastUpdated (datetime) --

        The time when the cross-assessment insights were last updated.

ListControlInsightsByControlDomain (new) Link ¶

Lists the latest analytics data for controls within a specific control domain across all active assessments.

Note

Control insights are listed only if the control belongs to the control domain that was specified and the control collected evidence on the lastUpdated date of controlInsightsMetadata . If neither of these conditions are met, no data is listed for that control.

See also: AWS API Documentation

Request Syntax

client.list_control_insights_by_control_domain(
    controlDomainId='string',
    nextToken='string',
    maxResults=123
)
type controlDomainId

string

param controlDomainId

[REQUIRED]

The unique identifier for the control domain.

type nextToken

string

param nextToken

The pagination token that's used to fetch the next set of results.

type maxResults

integer

param maxResults

Represents the maximum number of results on a page or for an API request call.

rtype

dict

returns

Response Syntax

{
    'controlInsightsMetadata': [
        {
            'name': 'string',
            'id': 'string',
            'evidenceInsights': {
                'noncompliantEvidenceCount': 123,
                'compliantEvidenceCount': 123,
                'inconclusiveEvidenceCount': 123
            },
            'lastUpdated': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • controlInsightsMetadata (list) --

      The control analytics data that the ListControlInsightsByControlDomain API returned.

      • (dict) --

        A summary of the latest analytics data for a specific control.

        This data reflects the total counts for the specified control across all active assessments. Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

        • name (string) --

          The name of the control.

        • id (string) --

          The unique identifier for the control.

        • evidenceInsights (dict) --

          A breakdown of the compliance check status for the evidence that’s associated with the control.

          • noncompliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.

          • compliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.

          • inconclusiveEvidenceCount (integer) --

            The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).

            Note

            If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in EvidenceInsights data.

        • lastUpdated (datetime) --

          The time when the control insights were last updated.

    • nextToken (string) --

      The pagination token that's used to fetch the next set of results.

ListControlDomainInsights (new) Link ¶

Lists the latest analytics data for control domains across all of your active assessments.

Note

A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights . If this condition isn’t met, no data is listed for that control domain.

See also: AWS API Documentation

Request Syntax

client.list_control_domain_insights(
    nextToken='string',
    maxResults=123
)
type nextToken

string

param nextToken

The pagination token that's used to fetch the next set of results.

type maxResults

integer

param maxResults

Represents the maximum number of results on a page or for an API request call.

rtype

dict

returns

Response Syntax

{
    'controlDomainInsights': [
        {
            'name': 'string',
            'id': 'string',
            'controlsCountByNoncompliantEvidence': 123,
            'totalControlsCount': 123,
            'evidenceInsights': {
                'noncompliantEvidenceCount': 123,
                'compliantEvidenceCount': 123,
                'inconclusiveEvidenceCount': 123
            },
            'lastUpdated': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • controlDomainInsights (list) --

      The control domain analytics data that the ListControlDomainInsights API returned.

      • (dict) --

        A summary of the latest analytics data for a specific control domain.

        Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

        • name (string) --

          The name of the control domain.

        • id (string) --

          The unique identifier for the control domain.

        • controlsCountByNoncompliantEvidence (integer) --

          The number of controls in the control domain that collected non-compliant evidence on the lastUpdated date.

        • totalControlsCount (integer) --

          The total number of controls in the control domain.

        • evidenceInsights (dict) --

          A breakdown of the compliance check status for the evidence that’s associated with the control domain.

          • noncompliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.

          • compliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.

          • inconclusiveEvidenceCount (integer) --

            The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).

            Note

            If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in EvidenceInsights data.

        • lastUpdated (datetime) --

          The time when the control domain insights were last updated.

    • nextToken (string) --

      The pagination token that's used to fetch the next set of results.

ListControlDomainInsightsByAssessment (new) Link ¶

Lists analytics data for control domains within a specified active assessment.

Note

A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights . If this condition isn’t met, no data is listed for that domain.

See also: AWS API Documentation

Request Syntax

client.list_control_domain_insights_by_assessment(
    assessmentId='string',
    nextToken='string',
    maxResults=123
)
type assessmentId

string

param assessmentId

[REQUIRED]

The unique identifier for the active assessment.

type nextToken

string

param nextToken

The pagination token that's used to fetch the next set of results.

type maxResults

integer

param maxResults

Represents the maximum number of results on a page or for an API request call.

rtype

dict

returns

Response Syntax

{
    'controlDomainInsights': [
        {
            'name': 'string',
            'id': 'string',
            'controlsCountByNoncompliantEvidence': 123,
            'totalControlsCount': 123,
            'evidenceInsights': {
                'noncompliantEvidenceCount': 123,
                'compliantEvidenceCount': 123,
                'inconclusiveEvidenceCount': 123
            },
            'lastUpdated': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • controlDomainInsights (list) --

      The control domain analytics data that the ListControlDomainInsightsByAssessment API returned.

      • (dict) --

        A summary of the latest analytics data for a specific control domain.

        Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

        • name (string) --

          The name of the control domain.

        • id (string) --

          The unique identifier for the control domain.

        • controlsCountByNoncompliantEvidence (integer) --

          The number of controls in the control domain that collected non-compliant evidence on the lastUpdated date.

        • totalControlsCount (integer) --

          The total number of controls in the control domain.

        • evidenceInsights (dict) --

          A breakdown of the compliance check status for the evidence that’s associated with the control domain.

          • noncompliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.

          • compliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.

          • inconclusiveEvidenceCount (integer) --

            The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).

            Note

            If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in EvidenceInsights data.

        • lastUpdated (datetime) --

          The time when the control domain insights were last updated.

    • nextToken (string) --

      The pagination token that's used to fetch the next set of results.

ListAssessmentControlInsightsByControlDomain (new) Link ¶

Lists the latest analytics data for controls within a specific control domain and a specific active assessment.

Note

Control insights are listed only if the control belongs to the control domain and assessment that was specified. Moreover, the control must have collected evidence on the lastUpdated date of controlInsightsByAssessment . If neither of these conditions are met, no data is listed for that control.

See also: AWS API Documentation

Request Syntax

client.list_assessment_control_insights_by_control_domain(
    controlDomainId='string',
    assessmentId='string',
    nextToken='string',
    maxResults=123
)
type controlDomainId

string

param controlDomainId

[REQUIRED]

The unique identifier for the control domain.

type assessmentId

string

param assessmentId

[REQUIRED]

The unique identifier for the active assessment.

type nextToken

string

param nextToken

The pagination token that's used to fetch the next set of results.

type maxResults

integer

param maxResults

Represents the maximum number of results on a page or for an API request call.

rtype

dict

returns

Response Syntax

{
    'controlInsightsByAssessment': [
        {
            'name': 'string',
            'id': 'string',
            'evidenceInsights': {
                'noncompliantEvidenceCount': 123,
                'compliantEvidenceCount': 123,
                'inconclusiveEvidenceCount': 123
            },
            'controlSetName': 'string',
            'lastUpdated': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • controlInsightsByAssessment (list) --

      The assessment control analytics data that the ListAssessmentControlInsightsByControlDomain API returned.

      • (dict) --

        A summary of the latest analytics data for a specific control in a specific active assessment.

        Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

        • name (string) --

          The name of the assessment control.

        • id (string) --

          The unique identifier for the assessment control.

        • evidenceInsights (dict) --

          A breakdown of the compliance check status for the evidence that’s associated with the assessment control.

          • noncompliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.

          • compliantEvidenceCount (integer) --

            The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.

          • inconclusiveEvidenceCount (integer) --

            The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).

            Note

            If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in EvidenceInsights data.

        • controlSetName (string) --

          The name of the control set that the assessment control belongs to.

        • lastUpdated (datetime) --

          The time when the assessment control insights were last updated.

    • nextToken (string) --

      The pagination token that's used to fetch the next set of results.

ListAssessments (updated) Link ¶
Changes (request)
{'status': 'ACTIVE | INACTIVE'}

Returns a list of current and past assessments from Audit Manager.

See also: AWS API Documentation

Request Syntax

client.list_assessments(
    status='ACTIVE'|'INACTIVE',
    nextToken='string',
    maxResults=123
)
type status

string

param status

The current status of the assessment.

type nextToken

string

param nextToken

The pagination token that's used to fetch the next set of results.

type maxResults

integer

param maxResults

Represents the maximum number of results on a page or for an API request call.

rtype

dict

returns

Response Syntax

{
    'assessmentMetadata': [
        {
            'name': 'string',
            'id': 'string',
            'complianceType': 'string',
            'status': 'ACTIVE'|'INACTIVE',
            'roles': [
                {
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'roleArn': 'string'
                },
            ],
            'delegations': [
                {
                    'id': 'string',
                    'assessmentName': 'string',
                    'assessmentId': 'string',
                    'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                    'roleArn': 'string',
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdated': datetime(2015, 1, 1),
                    'controlSetId': 'string',
                    'comment': 'string',
                    'createdBy': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • assessmentMetadata (list) --

      The metadata that's associated with the assessment.

      • (dict) --

        A metadata object that's associated with an assessment in Audit Manager.

        • name (string) --

          The name of the assessment.

        • id (string) --

          The unique identifier for the assessment.

        • complianceType (string) --

          The name of the compliance standard that's related to the assessment, such as PCI-DSS.

        • status (string) --

          The current status of the assessment.

        • roles (list) --

          The roles that are associated with the assessment.

          • (dict) --

            The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

        • delegations (list) --

          The delegations that are associated with the assessment.

          • (dict) --

            The assignment of a control set to a delegate for review.

            • id (string) --

              The unique identifier for the delegation.

            • assessmentName (string) --

              The name of the assessment that's associated with the delegation.

            • assessmentId (string) --

              The identifier for the assessment that's associated with the delegation.

            • status (string) --

              The status of the delegation.

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • creationTime (datetime) --

              Specifies when the delegation was created.

            • lastUpdated (datetime) --

              Specifies when the delegation was last updated.

            • controlSetId (string) --

              The identifier for the control set that's associated with the delegation.

            • comment (string) --

              The comment that's related to the delegation.

            • createdBy (string) --

              The IAM user or role that created the delegation.

        • creationTime (datetime) --

          Specifies when the assessment was created.

        • lastUpdated (datetime) --

          The time of the most recent update.

    • nextToken (string) --

      The pagination token that's used to fetch the next set of results.