:doc:`SecurityHub <../../securityhub>` / Paginator / GetResourcesV2

**************
GetResourcesV2
**************



.. py:class:: SecurityHub.Paginator.GetResourcesV2

  ::

    
    paginator = client.get_paginator('get_resources_v2')

  
  

  .. py:method:: paginate(**kwargs)

    Creates an iterator that will paginate through responses from :py:meth:`SecurityHub.Client.get_resources_v2`.

    See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetResourcesV2>`_    


    **Request Syntax**
    ::

      response_iterator = paginator.paginate(
          Filters={
              'CompositeFilters': [
                  {
                      'StringFilters': [
                          {
                              'FieldName': 'ResourceGuid'|'ResourceId'|'AccountId'|'Region'|'ResourceCategory'|'ResourceType'|'ResourceName'|'FindingsSummary.FindingType'|'FindingsSummary.ProductName',
                              'Filter': {
                                  'Value': 'string',
                                  'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'|'CONTAINS'|'NOT_CONTAINS'|'CONTAINS_WORD'
                              }
                          },
                      ],
                      'DateFilters': [
                          {
                              'FieldName': 'ResourceDetailCaptureTime'|'ResourceCreationTime',
                              'Filter': {
                                  'Start': 'string',
                                  'End': 'string',
                                  'DateRange': {
                                      'Value': 123,
                                      'Unit': 'DAYS'
                                  }
                              }
                          },
                      ],
                      'NumberFilters': [
                          {
                              'FieldName': 'FindingsSummary.TotalFindings'|'FindingsSummary.Severities.Other'|'FindingsSummary.Severities.Fatal'|'FindingsSummary.Severities.Critical'|'FindingsSummary.Severities.High'|'FindingsSummary.Severities.Medium'|'FindingsSummary.Severities.Low'|'FindingsSummary.Severities.Informational'|'FindingsSummary.Severities.Unknown',
                              'Filter': {
                                  'Gte': 123.0,
                                  'Lte': 123.0,
                                  'Eq': 123.0,
                                  'Gt': 123.0,
                                  'Lt': 123.0
                              }
                          },
                      ],
                      'MapFilters': [
                          {
                              'FieldName': 'ResourceTags',
                              'Filter': {
                                  'Key': 'string',
                                  'Value': 'string',
                                  'Comparison': 'EQUALS'|'NOT_EQUALS'|'CONTAINS'|'NOT_CONTAINS'
                              }
                          },
                      ],
                      'NestedCompositeFilters': {'... recursive ...'},
                      'Operator': 'AND'|'OR'
                  },
              ],
              'CompositeOperator': 'AND'|'OR'
          },
          SortCriteria=[
              {
                  'Field': 'string',
                  'SortOrder': 'asc'|'desc'
              },
          ],
          PaginationConfig={
              'MaxItems': 123,
              'PageSize': 123,
              'StartingToken': 'string'
          }
      )
      
    :type Filters: dict
    :param Filters: 

      Filters resources based on a set of criteria.

      

    
      - **CompositeFilters** *(list) --* 

        A collection of complex filtering conditions that can be applied to Amazon Web Services resources.

        

      
        - *(dict) --* 

          Enables the creation of criteria for Amazon Web Services resources in Security Hub.

          

        
          - **StringFilters** *(list) --* 

            Enables filtering based on string field values.

            

          
            - *(dict) --* 

              Enables filtering of Amazon Web Services resources based on string field values.

              

            
              - **FieldName** *(string) --* 

                The name of the field.

                

              
              - **Filter** *(dict) --* 

                A string filter for filtering Security Hub findings.

                

              
                - **Value** *(string) --* 

                  The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is ``Security Hub``. If you provide ``security hub`` as the filter value, there's no match.

                  

                
                - **Comparison** *(string) --* 

                  The condition to apply to a string value when filtering Security Hub findings.

                   

                  To search for values that have the filter value, use one of the following comparison operators:

                   

                  
                  * To search for values that include the filter value, use ``CONTAINS``. For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront.
                   
                  * To search for values that exactly match the filter value, use ``EQUALS``. For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012``.
                   
                  * To search for values that start with the filter value, use ``PREFIX``. For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us``. A ``ResourceRegion`` that starts with a different value, such as ``af``, ``ap``, or ``ca``, doesn't match.
                  

                   

                  ``CONTAINS``, ``EQUALS``, and ``PREFIX`` filters on the same field are joined by ``OR``. A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront``, ``CloudWatch``, or both strings in the title.

                   

                  To search for values that don’t have the filter value, use one of the following comparison operators:

                   

                  
                  * To search for values that exclude the filter value, use ``NOT_CONTAINS``. For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront.
                   
                  * To search for values other than the filter value, use ``NOT_EQUALS``. For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012``.
                   
                  * To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS``. For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us``.
                  

                   

                  ``NOT_CONTAINS``, ``NOT_EQUALS``, and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND``. A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title.

                   

                  You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters.

                   

                  You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters.

                   

                  For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2``. It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface``.

                   

                  
                  * ``ResourceType PREFIX AwsIam``
                   
                  * ``ResourceType PREFIX AwsEc2``
                   
                  * ``ResourceType NOT_EQUALS AwsIamPolicy``
                   
                  * ``ResourceType NOT_EQUALS AwsEc2NetworkInterface``
                  

                   

                  ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules V1. ``CONTAINS_WORD`` operator is only supported in ``GetFindingsV2``, ``GetFindingStatisticsV2``, ``GetResourcesV2``, and ``GetResourceStatisticsV2`` APIs. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`__ in the *Security Hub User Guide*.

                  

                
              
            
        
          - **DateFilters** *(list) --* 

            Enables filtering based on date and timestamp field values.

            

          
            - *(dict) --* 

              Enables the filtering of Amazon Web Services resources based on date and timestamp attributes.

              

            
              - **FieldName** *(string) --* 

                The name of the field.

                

              
              - **Filter** *(dict) --* 

                A date filter for querying findings.

                

              
                - **Start** *(string) --* 

                  A timestamp that provides the start date for the date filter.

                   

                  For more information about the validation and formatting of timestamp fields in Security Hub, see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`__.

                  

                
                - **End** *(string) --* 

                  A timestamp that provides the end date for the date filter.

                   

                  For more information about the validation and formatting of timestamp fields in Security Hub, see `Timestamps <https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps>`__.

                  

                
                - **DateRange** *(dict) --* 

                  A date range for the date filter.

                  

                
                  - **Value** *(integer) --* 

                    A date range value for the date filter.

                    

                  
                  - **Unit** *(string) --* 

                    A date range unit for the date filter.

                    

                  
                
              
            
        
          - **NumberFilters** *(list) --* 

            Enables filtering based on numerical field values.

            

          
            - *(dict) --* 

              Enables filtering of Amazon Web Services resources based on numerical values.

              

            
              - **FieldName** *(string) --* 

                The name of the field.

                

              
              - **Filter** *(dict) --* 

                A number filter for querying findings.

                

              
                - **Gte** *(float) --* 

                  The greater-than-equal condition to be applied to a single field when querying for findings.

                  

                
                - **Lte** *(float) --* 

                  The less-than-equal condition to be applied to a single field when querying for findings.

                  

                
                - **Eq** *(float) --* 

                  The equal-to condition to be applied to a single field when querying for findings.

                  

                
                - **Gt** *(float) --* 

                  The greater-than condition to be applied to a single field when querying for findings.

                  

                
                - **Lt** *(float) --* 

                  The less-than condition to be applied to a single field when querying for findings.

                  

                
              
            
        
          - **MapFilters** *(list) --* 

            Enables filtering based on map-based field values.

            

          
            - *(dict) --* 

              Enables filtering of Amazon Web Services resources based on key-value map attributes.

              

            
              - **FieldName** *(string) --* 

                The name of the field.

                

              
              - **Filter** *(dict) --* 

                A map filter for filtering Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.

                

              
                - **Key** *(string) --* 

                  The key of the map filter. For example, for ``ResourceTags``, ``Key`` identifies the name of the tag. For ``UserDefinedFields``, ``Key`` is the name of the field.

                  

                
                - **Value** *(string) --* 

                  The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called ``Department`` might be ``Security``. If you provide ``security`` as the filter value, then there's no match.

                  

                
                - **Comparison** *(string) --* 

                  The condition to apply to the key value when filtering Security Hub findings with a map filter.

                   

                  To search for values that have the filter value, use one of the following comparison operators:

                   

                  
                  * To search for values that include the filter value, use ``CONTAINS``. For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match.
                   
                  * To search for values that exactly match the filter value, use ``EQUALS``. For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag.
                  

                   

                  ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR``. A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security``, ``Finance``, or both values.

                   

                  To search for values that don't have the filter value, use one of the following comparison operators:

                   

                  
                  * To search for values that exclude the filter value, use ``NOT_CONTAINS``. For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag.
                   
                  * To search for values other than the filter value, use ``NOT_EQUALS``. For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag.
                  

                   

                  ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND``. A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values.

                   

                  ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters.

                   

                  You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error.

                   

                  ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see `Automation rules <https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html>`__ in the *Security Hub User Guide*.

                  

                
              
            
        
          - **NestedCompositeFilters** *(list) --* 

            Provides an additional level of filtering, creating a three-layer nested structure. The first layer is a ``CompositeFilters`` array with a ``CompositeOperator`` ( ``AND``/ ``OR``). The second layer is a ``CompositeFilter`` object that contains direct filters and ``NestedCompositeFilters``. The third layer is ``NestedCompositeFilters``, which contains additional filter conditions.

            

          
          - **Operator** *(string) --* 

            The logical operator used to combine multiple filter conditions.

            

          
        
    
      - **CompositeOperator** *(string) --* 

        The logical operator used to combine multiple filter conditions in the structure.

        

      
    
    :type SortCriteria: list
    :param SortCriteria: 

      The finding attributes used to sort the list of returned findings.

      

    
      - *(dict) --* 

        A collection of finding attributes used to sort findings.

        

      
        - **Field** *(string) --* 

          The finding attribute used to sort findings.

          

        
        - **SortOrder** *(string) --* 

          The order used to sort findings.

          

        
      
  
    :type PaginationConfig: dict
    :param PaginationConfig: 

      A dictionary that provides parameters to control pagination.

      

    
      - **MaxItems** *(integer) --* 

        The total number of items to return. If the total number of items available is more than the value specified in max-items then a ``NextToken`` will be provided in the output that you can use to resume pagination.

        

      
      - **PageSize** *(integer) --* 

        The size of each page.

        

      
      - **StartingToken** *(string) --* 

        A token to specify where to start paginating. This is the ``NextToken`` from a previous response.

        

      
    
    
    :rtype: dict
    :returns: 
      
      **Response Syntax**

      
      ::

        {
            'Resources': [
                {
                    'ResourceGuid': 'string',
                    'ResourceId': 'string',
                    'AccountId': 'string',
                    'Region': 'string',
                    'ResourceCategory': 'Compute'|'Database'|'Storage'|'Code'|'AI/ML'|'Identity'|'Network'|'Other',
                    'ResourceType': 'string',
                    'ResourceName': 'string',
                    'ResourceCreationTimeDt': 'string',
                    'ResourceDetailCaptureTimeDt': 'string',
                    'FindingsSummary': [
                        {
                            'FindingType': 'string',
                            'ProductName': 'string',
                            'TotalFindings': 123,
                            'Severities': {
                                'Other': 123,
                                'Fatal': 123,
                                'Critical': 123,
                                'High': 123,
                                'Medium': 123,
                                'Low': 123,
                                'Informational': 123,
                                'Unknown': 123
                            }
                        },
                    ],
                    'ResourceTags': [
                        {
                            'Key': 'string',
                            'Value': 'string'
                        },
                    ],
                    'ResourceConfig': {...}|[...]|123|123.4|'string'|True|None
                },
            ],
            
        }
        
      **Response Structure**

      

      - *(dict) --* 
        

        - **Resources** *(list) --* 

          Filters resources based on a set of criteria.

          
          

          - *(dict) --* 

            Provides comprehensive details about an Amazon Web Services resource and its associated security findings.

            
            

            - **ResourceGuid** *(string) --* 

              The global identifier used to identify a resource.

              
            

            - **ResourceId** *(string) --* 

              The unique identifier for a resource.

              
            

            - **AccountId** *(string) --* 

              The Amazon Web Services account that owns the resource.

              
            

            - **Region** *(string) --* 

              The Amazon Web Services Region where the resource is located.

              
            

            - **ResourceCategory** *(string) --* 

              The grouping where the resource belongs.

              
            

            - **ResourceType** *(string) --* 

              The type of resource.

              
            

            - **ResourceName** *(string) --* 

              The name of the resource.

              
            

            - **ResourceCreationTimeDt** *(string) --* 

              The time when the resource was created.

              
            

            - **ResourceDetailCaptureTimeDt** *(string) --* 

              The timestamp when information about the resource was captured.

              
            

            - **FindingsSummary** *(list) --* 

              An aggregated view of security findings associated with a resource.

              
              

              - *(dict) --* 

                A list of summaries for all finding types on a resource.

                
                

                - **FindingType** *(string) --* 

                  The category or classification of the security finding.

                  
                

                - **ProductName** *(string) --* 

                  The name of the product associated with the security finding.

                  
                

                - **TotalFindings** *(integer) --* 

                  The total count of security findings.

                  
                

                - **Severities** *(dict) --* 

                  A breakdown of security findings by their severity levels.

                  
                  

                  - **Other** *(integer) --* 

                    The number of findings not in any of the severity categories.

                    
                  

                  - **Fatal** *(integer) --* 

                    The number of findings with a severity level of fatal.

                    
                  

                  - **Critical** *(integer) --* 

                    The number of findings with a severity level of critical.

                    
                  

                  - **High** *(integer) --* 

                    The number of findings with a severity level of high.

                    
                  

                  - **Medium** *(integer) --* 

                    The number of findings with a severity level of medium.

                    
                  

                  - **Low** *(integer) --* 

                    The number of findings with a severity level of low.

                    
                  

                  - **Informational** *(integer) --* 

                    The number of findings that provide security-related information.

                    
                  

                  - **Unknown** *(integer) --* 

                    The number of findings with a severity level cannot be determined.

                    
              
            
          
            

            - **ResourceTags** *(list) --* 

              The key-value pairs associated with a resource.

              
              

              - *(dict) --* 

                Represents tag information associated with Amazon Web Services resources.

                
                

                - **Key** *(string) --* 

                  The identifier or name of the tag.

                  
                

                - **Value** *(string) --* 

                  The data associated with the tag key.

                  
            
          
            

            - **ResourceConfig** (:ref:`document<document>`) -- 

              The configuration details of a resource.

              
        
      
    