Skip to main content
With plerion findings, you can list and filter security findings across your cloud environments with support for severity, status, provider, region, and many other filters.
For more about findings in the Plerion dashboard, see Findings overview.

Synopsis

plerion findings list [options]

Subcommands

list

List security findings with filtering, sorting, and pagination. 
plerion findings list [options]

Options

FlagTypeDescription
--severitystringFilter by severity: CRITICAL, HIGH, MEDIUM, LOW (comma-separated)
--statusstringFilter by status: PASSED, FAILED (comma-separated)
--providerstringCloud provider: AWS, Azure, GCP, Kubernetes (case-insensitive)
--regionstringCloud region(s) (comma-separated, e.g. us-east-1)
--resource-typestringResource type (e.g. AWS::S3::Bucket)
--detection-idstringDetection ID(s) (e.g. PLERION-AWS-1)
--integration-idstringIntegration ID(s)
--asset-group-idstringAsset group ID(s)
--environment-idstringEnvironment: production, non-production, or UUID
--servicestringService filter (e.g. AWS::S3)
--is-exemptedflagShow only exempted findings
--startISO 8601First observed at start date
--endISO 8601First observed at end date
--sort-bystringSort field (e.g. severityLevel, firstObservedAt)
--sort-orderstringasc or desc
--per-pagenumberResults per page (default: 50, max: 1000)
--idsstringFilter by finding IDs (comma-separated)
--asset-idstringFilter by asset IDs (comma-separated)
--allflagFetch all pages automatically

Examples

# List all critical and high findings
plerion findings list --severity CRITICAL,HIGH

# Failed findings in us-east-1
plerion findings list --status FAILED --region us-east-1

# All findings for a specific detection rule
plerion findings list --detection-id PLERION-AWS-16

# Pipe to jq for analysis
plerion findings list --output json | jq '.[].resourceType' | sort | uniq -c

# Fetch everything across all pages
plerion findings list --all --output json > all-findings.json

# Filter with JMESPath
plerion findings list --output json --query 'data[0].detectionId'

Output columns

Table output includes all fields returned by the API:
ColumnDescription
IDFinding ID
DETECTION IDDetection rule identifier (e.g. PLERION-AWS-16)
STATUSPASSED or FAILED
SEVERITYCRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL
CALC SEVERITYCalculated/contextual severity
MODIFIED SEVERITYManually overridden severity
LIKELIHOODLikelihood rating
IMPACTImpact rating
PROVIDERCloud provider (AWS, Azure, GCP)
SERVICECloud service (e.g. AWS::S3)
RESOURCE TYPEResource type (e.g. AWS::S3::Bucket)
REGIONCloud region
ASSET IDAssociated asset ID
RESOURCE IDProvider resource ID
FULL RESOURCE NAMEFull resource name
PROVIDER FULL RESOURCE NAMEProvider-native full resource name
INTEGRATION IDIntegration ID
PROVIDER ACCOUNT IDCloud account/subscription ID
EXECUTION IDScan execution ID
MESSAGEFinding message
EXEMPTEDWhether the finding is exempted
RESOURCE URLLink to the resource in the cloud console
FIRST OBSERVEDTimestamp first detected
LAST OBSERVEDTimestamp last detected
CREATED ATRecord creation timestamp
UPDATED ATRecord update timestamp
SCHEMA VERSIONAPI schema version