Inspector2 2020-06-08
- Client: Aws\Inspector2\Inspector2Client
- Service ID: inspector2
- Version: 2020-06-08
This page describes the parameters and results for the operations of the Inspector2 (2020-06-08), and shows how to use the Aws\Inspector2\Inspector2Client object to call the described operations. This documentation is specific to the 2020-06-08 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- AssociateMember ( array $params = [] )
- Associates an Amazon Web Services account with an Amazon Inspector delegated administrator.
- BatchGetAccountStatus ( array $params = [] )
- Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment.
- BatchGetCodeSnippet ( array $params = [] )
- Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
- BatchGetFindingDetails ( array $params = [] )
- Gets vulnerability details for findings.
- BatchGetFreeTrialInfo ( array $params = [] )
- Gets free trial status for multiple Amazon Web Services accounts.
- BatchGetMemberEc2DeepInspectionStatus ( array $params = [] )
- Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization.
- BatchUpdateMemberEc2DeepInspectionStatus ( array $params = [] )
- Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization.
- CancelFindingsReport ( array $params = [] )
- Cancels the given findings report.
- CancelSbomExport ( array $params = [] )
- Cancels a software bill of materials (SBOM) report.
- CreateCisScanConfiguration ( array $params = [] )
- Creates a CIS scan configuration.
- CreateFilter ( array $params = [] )
- Creates a filter resource using specified filter criteria.
- CreateFindingsReport ( array $params = [] )
- Creates a finding report.
- CreateSbomExport ( array $params = [] )
- Creates a software bill of materials (SBOM) report.
- DeleteCisScanConfiguration ( array $params = [] )
- Deletes a CIS scan configuration.
- DeleteFilter ( array $params = [] )
- Deletes a filter resource.
- DescribeOrganizationConfiguration ( array $params = [] )
- Describe Amazon Inspector configuration settings for an Amazon Web Services organization.
- Disable ( array $params = [] )
- Disables Amazon Inspector scans for one or more Amazon Web Services accounts.
- DisableDelegatedAdminAccount ( array $params = [] )
- Disables the Amazon Inspector delegated administrator for your organization.
- DisassociateMember ( array $params = [] )
- Disassociates a member account from an Amazon Inspector delegated administrator.
- Enable ( array $params = [] )
- Enables Amazon Inspector scans for one or more Amazon Web Services accounts.
- EnableDelegatedAdminAccount ( array $params = [] )
- Enables the Amazon Inspector delegated administrator for your Organizations organization.
- GetCisScanReport ( array $params = [] )
- Retrieves a CIS scan report.
- GetCisScanResultDetails ( array $params = [] )
- Retrieves CIS scan result details.
- GetConfiguration ( array $params = [] )
- Retrieves setting configurations for Inspector scans.
- GetDelegatedAdminAccount ( array $params = [] )
- Retrieves information about the Amazon Inspector delegated administrator for your organization.
- GetEc2DeepInspectionConfiguration ( array $params = [] )
- Retrieves the activation status of Amazon Inspector deep inspection and custom paths associated with your account.
- GetEncryptionKey ( array $params = [] )
- Gets an encryption key.
- GetFindingsReportStatus ( array $params = [] )
- Gets the status of a findings report.
- GetMember ( array $params = [] )
- Gets member information for your organization.
- GetSbomExport ( array $params = [] )
- Gets details of a software bill of materials (SBOM) report.
- ListAccountPermissions ( array $params = [] )
- Lists the permissions an account has to configure Amazon Inspector.
- ListCisScanConfigurations ( array $params = [] )
- Lists CIS scan configurations.
- ListCisScanResultsAggregatedByChecks ( array $params = [] )
- Lists scan results aggregated by checks.
- ListCisScanResultsAggregatedByTargetResource ( array $params = [] )
- Lists scan results aggregated by a target resource.
- ListCisScans ( array $params = [] )
- Returns a CIS scan list.
- ListCoverage ( array $params = [] )
- Lists coverage details for you environment.
- ListCoverageStatistics ( array $params = [] )
- Lists Amazon Inspector coverage statistics for your environment.
- ListDelegatedAdminAccounts ( array $params = [] )
- Lists information about the Amazon Inspector delegated administrator of your organization.
- ListFilters ( array $params = [] )
- Lists the filters associated with your account.
- ListFindingAggregations ( array $params = [] )
- Lists aggregated finding data for your environment based on specific criteria.
- ListFindings ( array $params = [] )
- Lists findings for your environment.
- ListMembers ( array $params = [] )
- List members associated with the Amazon Inspector delegated administrator for your organization.
- ListTagsForResource ( array $params = [] )
- Lists all tags attached to a given resource.
- ListUsageTotals ( array $params = [] )
- Lists the Amazon Inspector usage totals over the last 30 days.
- ResetEncryptionKey ( array $params = [] )
- Resets an encryption key.
- SearchVulnerabilities ( array $params = [] )
- Lists Amazon Inspector coverage details for a specific vulnerability.
- SendCisSessionHealth ( array $params = [] )
- Sends a CIS session health.
- SendCisSessionTelemetry ( array $params = [] )
- Sends a CIS session telemetry.
- StartCisSession ( array $params = [] )
- Starts a CIS session.
- StopCisSession ( array $params = [] )
- Stops a CIS session.
- TagResource ( array $params = [] )
- Adds tags to a resource.
- UntagResource ( array $params = [] )
- Removes tags from a resource.
- UpdateCisScanConfiguration ( array $params = [] )
- Updates a CIS scan configuration.
- UpdateConfiguration ( array $params = [] )
- Updates setting configurations for your Amazon Inspector account.
- UpdateEc2DeepInspectionConfiguration ( array $params = [] )
- Activates, deactivates Amazon Inspector deep inspection, or updates custom paths for your account.
- UpdateEncryptionKey ( array $params = [] )
- Updates an encryption key.
- UpdateFilter ( array $params = [] )
- Specifies the action that is to be applied to the findings that match the filter.
- UpdateOrgEc2DeepInspectionConfiguration ( array $params = [] )
- Updates the Amazon Inspector deep inspection custom paths for your organization.
- UpdateOrganizationConfiguration ( array $params = [] )
- Updates the configurations for your Amazon Inspector organization.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- GetCisScanResultDetails
- ListAccountPermissions
- ListCisScanConfigurations
- ListCisScanResultsAggregatedByChecks
- ListCisScanResultsAggregatedByTargetResource
- ListCisScans
- ListCoverage
- ListCoverageStatistics
- ListDelegatedAdminAccounts
- ListFilters
- ListFindingAggregations
- ListFindings
- ListMembers
- ListUsageTotals
- SearchVulnerabilities
Operations
AssociateMember
$result = $client->associateMember
([/* ... */]); $promise = $client->associateMemberAsync
([/* ... */]);
Associates an Amazon Web Services account with an Amazon Inspector delegated administrator. An HTTP 200 response indicates the association was successfully started, but doesn’t indicate whether it was completed. You can check if the association completed by using ListMembers for multiple accounts or GetMembers for a single account.
Parameter Syntax
$result = $client->associateMember([ 'accountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to be associated.
Result Syntax
[ 'accountId' => '<string>', ]
Result Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully associated member account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetAccountStatus
$result = $client->batchGetAccountStatus
([/* ... */]); $promise = $client->batchGetAccountStatusAsync
([/* ... */]);
Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment.
Parameter Syntax
$result = $client->batchGetAccountStatus([ 'accountIds' => ['<string>', ...], ]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The 12-digit Amazon Web Services account IDs of the accounts to retrieve Amazon Inspector status for.
Result Syntax
[ 'accounts' => [ [ 'accountId' => '<string>', 'resourceState' => [ 'ec2' => [ 'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage' => '<string>', 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], 'ecr' => [ 'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage' => '<string>', 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], 'lambda' => [ 'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage' => '<string>', 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], 'lambdaCode' => [ 'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage' => '<string>', 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], ], 'state' => [ 'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage' => '<string>', 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], ], // ... ], 'failedAccounts' => [ [ 'accountId' => '<string>', 'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage' => '<string>', 'resourceStatus' => [ 'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], // ... ], ]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of AccountState structures
An array of objects that provide details on the status of Amazon Inspector for each of the requested accounts.
- failedAccounts
-
- Type: Array of FailedAccount structures
An array of objects detailing any accounts that failed to enable Amazon Inspector and why.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetCodeSnippet
$result = $client->batchGetCodeSnippet
([/* ... */]); $promise = $client->batchGetCodeSnippetAsync
([/* ... */]);
Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
Parameter Syntax
$result = $client->batchGetCodeSnippet([ 'findingArns' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- findingArns
-
- Required: Yes
- Type: Array of strings
An array of finding ARNs for the findings you want to retrieve code snippets from.
Result Syntax
[ 'codeSnippetResults' => [ [ 'codeSnippet' => [ [ 'content' => '<string>', 'lineNumber' => <integer>, ], // ... ], 'endLine' => <integer>, 'findingArn' => '<string>', 'startLine' => <integer>, 'suggestedFixes' => [ [ 'code' => '<string>', 'description' => '<string>', ], // ... ], ], // ... ], 'errors' => [ [ 'errorCode' => 'INTERNAL_ERROR|ACCESS_DENIED|CODE_SNIPPET_NOT_FOUND|INVALID_INPUT', 'errorMessage' => '<string>', 'findingArn' => '<string>', ], // ... ], ]
Result Details
Members
- codeSnippetResults
-
- Type: Array of CodeSnippetResult structures
The retrieved code snippets associated with the provided finding ARNs.
- errors
-
- Type: Array of CodeSnippetError structures
Any errors Amazon Inspector encountered while trying to retrieve the requested code snippets.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetFindingDetails
$result = $client->batchGetFindingDetails
([/* ... */]); $promise = $client->batchGetFindingDetailsAsync
([/* ... */]);
Gets vulnerability details for findings.
Parameter Syntax
$result = $client->batchGetFindingDetails([ 'findingArns' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- findingArns
-
- Required: Yes
- Type: Array of strings
A list of finding ARNs.
Result Syntax
[ 'errors' => [ [ 'errorCode' => 'INTERNAL_ERROR|ACCESS_DENIED|FINDING_DETAILS_NOT_FOUND|INVALID_INPUT', 'errorMessage' => '<string>', 'findingArn' => '<string>', ], // ... ], 'findingDetails' => [ [ 'cisaData' => [ 'action' => '<string>', 'dateAdded' => <DateTime>, 'dateDue' => <DateTime>, ], 'cwes' => ['<string>', ...], 'epssScore' => <float>, 'evidences' => [ [ 'evidenceDetail' => '<string>', 'evidenceRule' => '<string>', 'severity' => '<string>', ], // ... ], 'exploitObserved' => [ 'firstSeen' => <DateTime>, 'lastSeen' => <DateTime>, ], 'findingArn' => '<string>', 'referenceUrls' => ['<string>', ...], 'riskScore' => <integer>, 'tools' => ['<string>', ...], 'ttps' => ['<string>', ...], ], // ... ], ]
Result Details
Members
- errors
-
- Type: Array of FindingDetailsError structures
Error information for findings that details could not be returned for.
- findingDetails
-
- Type: Array of FindingDetail structures
A finding's vulnerability details.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetFreeTrialInfo
$result = $client->batchGetFreeTrialInfo
([/* ... */]); $promise = $client->batchGetFreeTrialInfoAsync
([/* ... */]);
Gets free trial status for multiple Amazon Web Services accounts.
Parameter Syntax
$result = $client->batchGetFreeTrialInfo([ 'accountIds' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- accountIds
-
- Required: Yes
- Type: Array of strings
The account IDs to get free trial status for.
Result Syntax
[ 'accounts' => [ [ 'accountId' => '<string>', 'freeTrialInfo' => [ [ 'end' => <DateTime>, 'start' => <DateTime>, 'status' => 'ACTIVE|INACTIVE', 'type' => 'EC2|ECR|LAMBDA|LAMBDA_CODE', ], // ... ], ], // ... ], 'failedAccounts' => [ [ 'accountId' => '<string>', 'code' => 'ACCESS_DENIED|INTERNAL_ERROR', 'message' => '<string>', ], // ... ], ]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of FreeTrialAccountInfo structures
An array of objects that provide Amazon Inspector free trial details for each of the requested accounts.
- failedAccounts
-
- Required: Yes
- Type: Array of FreeTrialInfoError structures
An array of objects detailing any accounts that free trial data could not be returned for.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetMemberEc2DeepInspectionStatus
$result = $client->batchGetMemberEc2DeepInspectionStatus
([/* ... */]); $promise = $client->batchGetMemberEc2DeepInspectionStatusAsync
([/* ... */]);
Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization. You must be the delegated administrator of an organization in Amazon Inspector to use this API.
Parameter Syntax
$result = $client->batchGetMemberEc2DeepInspectionStatus([ 'accountIds' => ['<string>', ...], ]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The unique identifiers for the Amazon Web Services accounts to retrieve Amazon Inspector deep inspection activation status for.
</p>
Result Syntax
[ 'accountIds' => [ [ 'accountId' => '<string>', 'errorMessage' => '<string>', 'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED', ], // ... ], 'failedAccountIds' => [ [ 'accountId' => '<string>', 'ec2ScanStatus' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'errorMessage' => '<string>', ], // ... ], ]
Result Details
Members
- accountIds
-
- Type: Array of MemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details on the activation status of Amazon Inspector deep inspection for each of the requested accounts.
</p>
- failedAccountIds
-
- Type: Array of FailedMemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details on any accounts that failed to activate Amazon Inspector deep inspection and why.
</p>
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchUpdateMemberEc2DeepInspectionStatus
$result = $client->batchUpdateMemberEc2DeepInspectionStatus
([/* ... */]); $promise = $client->batchUpdateMemberEc2DeepInspectionStatusAsync
([/* ... */]);
Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization. You must be the delegated administrator of an organization in Amazon Inspector to use this API.
Parameter Syntax
$result = $client->batchUpdateMemberEc2DeepInspectionStatus([ 'accountIds' => [ // REQUIRED [ 'accountId' => '<string>', // REQUIRED 'activateDeepInspection' => true || false, // REQUIRED ], // ... ], ]);
Parameter Details
Members
- accountIds
-
- Required: Yes
- Type: Array of MemberAccountEc2DeepInspectionStatus structures
The unique identifiers for the Amazon Web Services accounts to change Amazon Inspector deep inspection status for.
Result Syntax
[ 'accountIds' => [ [ 'accountId' => '<string>', 'errorMessage' => '<string>', 'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED', ], // ... ], 'failedAccountIds' => [ [ 'accountId' => '<string>', 'ec2ScanStatus' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'errorMessage' => '<string>', ], // ... ], ]
Result Details
Members
- accountIds
-
- Type: Array of MemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details for each of the accounts that Amazon Inspector deep inspection status was successfully changed for.
- failedAccountIds
-
- Type: Array of FailedMemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details for each of the accounts that Amazon Inspector deep inspection status could not be successfully changed for.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CancelFindingsReport
$result = $client->cancelFindingsReport
([/* ... */]); $promise = $client->cancelFindingsReportAsync
([/* ... */]);
Cancels the given findings report.
Parameter Syntax
$result = $client->cancelFindingsReport([ 'reportId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The ID of the report to be canceled.
Result Syntax
[ 'reportId' => '<string>', ]
Result Details
Members
- reportId
-
- Required: Yes
- Type: string
The ID of the canceled report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CancelSbomExport
$result = $client->cancelSbomExport
([/* ... */]); $promise = $client->cancelSbomExportAsync
([/* ... */]);
Cancels a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->cancelSbomExport([ 'reportId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The report ID of the SBOM export to cancel.
Result Syntax
[ 'reportId' => '<string>', ]
Result Details
Members
- reportId
-
- Type: string
The report ID of the canceled SBOM export.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateCisScanConfiguration
$result = $client->createCisScanConfiguration
([/* ... */]); $promise = $client->createCisScanConfigurationAsync
([/* ... */]);
Creates a CIS scan configuration.
Parameter Syntax
$result = $client->createCisScanConfiguration([ 'scanName' => '<string>', // REQUIRED 'schedule' => [ // REQUIRED 'daily' => [ 'startTime' => [ // REQUIRED 'timeOfDay' => '<string>', // REQUIRED 'timezone' => '<string>', // REQUIRED ], ], 'monthly' => [ 'day' => 'SUN|MON|TUE|WED|THU|FRI|SAT', // REQUIRED 'startTime' => [ // REQUIRED 'timeOfDay' => '<string>', // REQUIRED 'timezone' => '<string>', // REQUIRED ], ], 'oneTime' => [ ], 'weekly' => [ 'days' => ['<string>', ...], // REQUIRED 'startTime' => [ // REQUIRED 'timeOfDay' => '<string>', // REQUIRED 'timezone' => '<string>', // REQUIRED ], ], ], 'securityLevel' => 'LEVEL_1|LEVEL_2', // REQUIRED 'tags' => ['<string>', ...], 'targets' => [ // REQUIRED 'accountIds' => ['<string>', ...], // REQUIRED 'targetResourceTags' => [ // REQUIRED '<TargetResourceTagsKey>' => ['<string>', ...], // ... ], ], ]);
Parameter Details
Members
- scanName
-
- Required: Yes
- Type: string
The scan name for the CIS scan configuration.
- schedule
-
- Required: Yes
- Type: Schedule structure
The schedule for the CIS scan configuration.
- securityLevel
-
- Required: Yes
- Type: string
The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags for the CIS scan configuration.
- targets
-
- Required: Yes
- Type: CreateCisTargets structure
The targets for the CIS scan configuration.
Result Syntax
[ 'scanConfigurationArn' => '<string>', ]
Result Details
Members
- scanConfigurationArn
-
- Type: string
The scan configuration ARN for the CIS scan configuration.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateFilter
$result = $client->createFilter
([/* ... */]); $promise = $client->createFilterAsync
([/* ... */]);
Creates a filter resource using specified filter criteria. When the filter action is set to SUPPRESS
this action creates a suppression rule.
Parameter Syntax
$result = $client->createFilter([ 'action' => 'NONE|SUPPRESS', // REQUIRED 'description' => '<string>', 'filterCriteria' => [ // REQUIRED 'awsAccountId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityDetectorName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityDetectorTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityFilePath' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'componentId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'componentType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceImageId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceSubnetId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceVpcId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageArchitecture' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageHash' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImagePushedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'ecrImageRegistry' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageRepositoryName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'epssScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'exploitAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingStatus' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'firstObservedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'fixAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'inspectorScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'lambdaFunctionExecutionRoleArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionLastModifiedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'lambdaFunctionLayers' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionRuntime' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lastObservedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'networkProtocol' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'portRange' => [ [ 'beginInclusive' => <integer>, 'endInclusive' => <integer>, ], // ... ], 'relatedVulnerabilities' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'severity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'title' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'updatedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'vendorSeverity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilityId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilitySource' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerablePackages' => [ [ 'architecture' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'epoch' => [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], 'name' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'release' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'sourceLambdaLayerArn' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'sourceLayerHash' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'version' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], ], // ... ], ], 'name' => '<string>', // REQUIRED 'reason' => '<string>', 'tags' => ['<string>', ...], ]);
Parameter Details
Members
- action
-
- Required: Yes
- Type: string
Defines the action that is to be applied to the findings that match the filter.
- description
-
- Type: string
A description of the filter.
- filterCriteria
-
- Required: Yes
- Type: FilterCriteria structure
Defines the criteria to be used in the filter for querying findings.
- name
-
- Required: Yes
- Type: string
The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.
- reason
-
- Type: string
The reason for creating the filter.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
A list of tags for the filter.
Result Syntax
[ 'arn' => '<string>', ]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the successfully created filter.
Errors
- ServiceQuotaExceededException:
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
- BadRequestException:
One or more tags submitted as part of the request is not valid.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateFindingsReport
$result = $client->createFindingsReport
([/* ... */]); $promise = $client->createFindingsReportAsync
([/* ... */]);
Creates a finding report. By default only ACTIVE
findings are returned in the report. To see SUPRESSED
or CLOSED
findings you must specify a value for the findingStatus
filter criteria.
Parameter Syntax
$result = $client->createFindingsReport([ 'filterCriteria' => [ 'awsAccountId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityDetectorName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityDetectorTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityFilePath' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'componentId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'componentType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceImageId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceSubnetId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceVpcId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageArchitecture' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageHash' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImagePushedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'ecrImageRegistry' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageRepositoryName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'epssScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'exploitAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingStatus' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'firstObservedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'fixAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'inspectorScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'lambdaFunctionExecutionRoleArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionLastModifiedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'lambdaFunctionLayers' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionRuntime' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lastObservedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'networkProtocol' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'portRange' => [ [ 'beginInclusive' => <integer>, 'endInclusive' => <integer>, ], // ... ], 'relatedVulnerabilities' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'severity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'title' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'updatedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'vendorSeverity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilityId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilitySource' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerablePackages' => [ [ 'architecture' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'epoch' => [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], 'name' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'release' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'sourceLambdaLayerArn' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'sourceLayerHash' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'version' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], ], // ... ], ], 'reportFormat' => 'CSV|JSON', // REQUIRED 's3Destination' => [ // REQUIRED 'bucketName' => '<string>', // REQUIRED 'keyPrefix' => '<string>', 'kmsKeyArn' => '<string>', // REQUIRED ], ]);
Parameter Details
Members
- filterCriteria
-
- Type: FilterCriteria structure
The filter criteria to apply to the results of the finding report.
- reportFormat
-
- Required: Yes
- Type: string
The format to generate the report in.
- s3Destination
-
- Required: Yes
- Type: Destination structure
The Amazon S3 export destination for the report.
Result Syntax
[ 'reportId' => '<string>', ]
Result Details
Members
- reportId
-
- Type: string
The ID of the report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateSbomExport
$result = $client->createSbomExport
([/* ... */]); $promise = $client->createSbomExportAsync
([/* ... */]);
Creates a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->createSbomExport([ 'reportFormat' => 'CYCLONEDX_1_4|SPDX_2_3', // REQUIRED 'resourceFilterCriteria' => [ 'accountId' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrRepositoryName' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], ], 's3Destination' => [ // REQUIRED 'bucketName' => '<string>', // REQUIRED 'keyPrefix' => '<string>', 'kmsKeyArn' => '<string>', // REQUIRED ], ]);
Parameter Details
Members
- reportFormat
-
- Required: Yes
- Type: string
The output format for the software bill of materials (SBOM) report.
- resourceFilterCriteria
-
- Type: ResourceFilterCriteria structure
The resource filter criteria for the software bill of materials (SBOM) report.
- s3Destination
-
- Required: Yes
- Type: Destination structure
Contains details of the Amazon S3 bucket and KMS key used to export findings.
Result Syntax
[ 'reportId' => '<string>', ]
Result Details
Members
- reportId
-
- Type: string
The report ID for the software bill of materials (SBOM) report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DeleteCisScanConfiguration
$result = $client->deleteCisScanConfiguration
([/* ... */]); $promise = $client->deleteCisScanConfigurationAsync
([/* ... */]);
Deletes a CIS scan configuration.
Parameter Syntax
$result = $client->deleteCisScanConfiguration([ 'scanConfigurationArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The ARN of the CIS scan configuration.
Result Syntax
[ 'scanConfigurationArn' => '<string>', ]
Result Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The ARN of the CIS scan configuration.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DeleteFilter
$result = $client->deleteFilter
([/* ... */]); $promise = $client->deleteFilterAsync
([/* ... */]);
Deletes a filter resource.
Parameter Syntax
$result = $client->deleteFilter([ 'arn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter to be deleted.
Result Syntax
[ 'arn' => '<string>', ]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter that has been deleted.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DescribeOrganizationConfiguration
$result = $client->describeOrganizationConfiguration
([/* ... */]); $promise = $client->describeOrganizationConfigurationAsync
([/* ... */]);
Describe Amazon Inspector configuration settings for an Amazon Web Services organization.
Parameter Syntax
$result = $client->describeOrganizationConfiguration([ ]);
Parameter Details
Members
Result Syntax
[ 'autoEnable' => [ 'ec2' => true || false, 'ecr' => true || false, 'lambda' => true || false, 'lambdaCode' => true || false, ], 'maxAccountLimitReached' => true || false, ]
Result Details
Members
- autoEnable
-
- Type: AutoEnable structure
The scan types are automatically enabled for new members of your organization.
- maxAccountLimitReached
-
- Type: boolean
Represents whether your organization has reached the maximum Amazon Web Services account limit for Amazon Inspector.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Disable
$result = $client->disable
([/* ... */]); $promise = $client->disableAsync
([/* ... */]);
Disables Amazon Inspector scans for one or more Amazon Web Services accounts. Disabling all scan types in an account disables the Amazon Inspector service.
Parameter Syntax
$result = $client->disable([ 'accountIds' => ['<string>', ...], 'resourceTypes' => ['<string>', ...], ]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
An array of account IDs you want to disable Amazon Inspector scans for.
- resourceTypes
-
- Type: Array of strings
The resource scan types you want to disable.
Result Syntax
[ 'accounts' => [ [ 'accountId' => '<string>', 'resourceStatus' => [ 'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], // ... ], 'failedAccounts' => [ [ 'accountId' => '<string>', 'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage' => '<string>', 'resourceStatus' => [ 'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], // ... ], ]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of Account structures
Information on the accounts that have had Amazon Inspector scans successfully disabled. Details are provided for each account.
- failedAccounts
-
- Type: Array of FailedAccount structures
Information on any accounts for which Amazon Inspector scans could not be disabled. Details are provided for each account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DisableDelegatedAdminAccount
$result = $client->disableDelegatedAdminAccount
([/* ... */]); $promise = $client->disableDelegatedAdminAccountAsync
([/* ... */]);
Disables the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->disableDelegatedAdminAccount([ 'delegatedAdminAccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the current Amazon Inspector delegated administrator.
Result Syntax
[ 'delegatedAdminAccountId' => '<string>', ]
Result Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully disabled delegated administrator.
Errors
- ConflictException:
A conflict occurred.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DisassociateMember
$result = $client->disassociateMember
([/* ... */]); $promise = $client->disassociateMemberAsync
([/* ... */]);
Disassociates a member account from an Amazon Inspector delegated administrator.
Parameter Syntax
$result = $client->disassociateMember([ 'accountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to disassociate.
Result Syntax
[ 'accountId' => '<string>', ]
Result Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully disassociated member.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Enable
$result = $client->enable
([/* ... */]); $promise = $client->enableAsync
([/* ... */]);
Enables Amazon Inspector scans for one or more Amazon Web Services accounts.
Parameter Syntax
$result = $client->enable([ 'accountIds' => ['<string>', ...], 'clientToken' => '<string>', 'resourceTypes' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
A list of account IDs you want to enable Amazon Inspector scans for.
- clientToken
-
- Type: string
The idempotency token for the request.
- resourceTypes
-
- Required: Yes
- Type: Array of strings
The resource scan types you want to enable.
Result Syntax
[ 'accounts' => [ [ 'accountId' => '<string>', 'resourceStatus' => [ 'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], // ... ], 'failedAccounts' => [ [ 'accountId' => '<string>', 'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage' => '<string>', 'resourceStatus' => [ 'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', 'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], 'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED', ], // ... ], ]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of Account structures
Information on the accounts that have had Amazon Inspector scans successfully enabled. Details are provided for each account.
- failedAccounts
-
- Type: Array of FailedAccount structures
Information on any accounts for which Amazon Inspector scans could not be enabled. Details are provided for each account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
EnableDelegatedAdminAccount
$result = $client->enableDelegatedAdminAccount
([/* ... */]); $promise = $client->enableDelegatedAdminAccountAsync
([/* ... */]);
Enables the Amazon Inspector delegated administrator for your Organizations organization.
Parameter Syntax
$result = $client->enableDelegatedAdminAccount([ 'clientToken' => '<string>', 'delegatedAdminAccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- clientToken
-
- Type: string
The idempotency token for the request.
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator.
Result Syntax
[ 'delegatedAdminAccountId' => '<string>', ]
Result Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully Amazon Inspector delegated administrator.
Errors
- ConflictException:
A conflict occurred.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetCisScanReport
$result = $client->getCisScanReport
([/* ... */]); $promise = $client->getCisScanReportAsync
([/* ... */]);
Retrieves a CIS scan report.
Parameter Syntax
$result = $client->getCisScanReport([ 'reportFormat' => 'PDF|CSV', 'scanArn' => '<string>', // REQUIRED 'targetAccounts' => ['<string>', ...], ]);
Parameter Details
Members
- reportFormat
-
- Type: string
The format of the report. Valid values are
PDF
andCSV
. If no value is specified, the report format defaults toPDF
. - scanArn
-
- Required: Yes
- Type: string
The scan ARN.
- targetAccounts
-
- Type: Array of strings
The target accounts.
Result Syntax
[ 'status' => 'SUCCEEDED|FAILED|IN_PROGRESS', 'url' => '<string>', ]
Result Details
Members
- status
-
- Type: string
The status.
- url
-
- Type: string
The URL where a PDF or CSV of the CIS scan report can be downloaded.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetCisScanResultDetails
$result = $client->getCisScanResultDetails
([/* ... */]); $promise = $client->getCisScanResultDetailsAsync
([/* ... */]);
Retrieves CIS scan result details.
Parameter Syntax
$result = $client->getCisScanResultDetails([ 'accountId' => '<string>', // REQUIRED 'filterCriteria' => [ 'checkIdFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingArnFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingStatusFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'value' => 'PASSED|FAILED|SKIPPED', // REQUIRED ], // ... ], 'securityLevelFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'value' => 'LEVEL_1|LEVEL_2', // REQUIRED ], // ... ], 'titleFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], ], 'maxResults' => <integer>, 'nextToken' => '<string>', 'scanArn' => '<string>', // REQUIRED 'sortBy' => 'CHECK_ID|STATUS', 'sortOrder' => 'ASC|DESC', 'targetResourceId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The account ID.
- filterCriteria
-
- Type: CisScanResultDetailsFilterCriteria structure
The filter criteria.
- maxResults
-
- Type: int
The maximum number of CIS scan result details to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN.
- sortBy
-
- Type: string
The sort by order.
- sortOrder
-
- Type: string
The sort order.
- targetResourceId
-
- Required: Yes
- Type: string
The target resource ID.
Result Syntax
[ 'nextToken' => '<string>', 'scanResultDetails' => [ [ 'accountId' => '<string>', 'checkDescription' => '<string>', 'checkId' => '<string>', 'findingArn' => '<string>', 'level' => 'LEVEL_1|LEVEL_2', 'platform' => '<string>', 'remediation' => '<string>', 'scanArn' => '<string>', 'status' => 'PASSED|FAILED|SKIPPED', 'statusReason' => '<string>', 'targetResourceId' => '<string>', 'title' => '<string>', ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanResultDetails
-
- Type: Array of CisScanResultDetails structures
The scan result details.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetConfiguration
$result = $client->getConfiguration
([/* ... */]); $promise = $client->getConfigurationAsync
([/* ... */]);
Retrieves setting configurations for Inspector scans.
Parameter Syntax
$result = $client->getConfiguration([ ]);
Parameter Details
Members
Result Syntax
[ 'ec2Configuration' => [ 'scanModeState' => [ 'scanMode' => 'EC2_SSM_AGENT_BASED|EC2_HYBRID', 'scanModeStatus' => 'SUCCESS|PENDING', ], ], 'ecrConfiguration' => [ 'rescanDurationState' => [ 'pullDateRescanDuration' => 'DAYS_14|DAYS_30|DAYS_60|DAYS_90|DAYS_180', 'rescanDuration' => 'LIFETIME|DAYS_30|DAYS_180|DAYS_14|DAYS_60|DAYS_90', 'status' => 'SUCCESS|PENDING|FAILED', 'updatedAt' => <DateTime>, ], ], ]
Result Details
Members
- ec2Configuration
-
- Type: Ec2ConfigurationState structure
Specifies how the Amazon EC2 automated scan mode is currently configured for your environment.
- ecrConfiguration
-
- Type: EcrConfigurationState structure
Specifies how the ECR automated re-scan duration is currently configured for your environment.
Errors
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetDelegatedAdminAccount
$result = $client->getDelegatedAdminAccount
([/* ... */]); $promise = $client->getDelegatedAdminAccountAsync
([/* ... */]);
Retrieves information about the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->getDelegatedAdminAccount([ ]);
Parameter Details
Members
Result Syntax
[ 'delegatedAdmin' => [ 'accountId' => '<string>', 'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER', ], ]
Result Details
Members
- delegatedAdmin
-
- Type: DelegatedAdmin structure
The Amazon Web Services account ID of the Amazon Inspector delegated administrator.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetEc2DeepInspectionConfiguration
$result = $client->getEc2DeepInspectionConfiguration
([/* ... */]); $promise = $client->getEc2DeepInspectionConfigurationAsync
([/* ... */]);
Retrieves the activation status of Amazon Inspector deep inspection and custom paths associated with your account.
Parameter Syntax
$result = $client->getEc2DeepInspectionConfiguration([ ]);
Parameter Details
Members
Result Syntax
[ 'errorMessage' => '<string>', 'orgPackagePaths' => ['<string>', ...], 'packagePaths' => ['<string>', ...], 'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED', ]
Result Details
Members
- errorMessage
-
- Type: string
An error message explaining why Amazon Inspector deep inspection configurations could not be retrieved for your account.
- orgPackagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths for your organization.
- packagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths for your account.
- status
-
- Type: string
The activation status of Amazon Inspector deep inspection in your account.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetEncryptionKey
$result = $client->getEncryptionKey
([/* ... */]); $promise = $client->getEncryptionKeyAsync
([/* ... */]);
Gets an encryption key.
Parameter Syntax
$result = $client->getEncryptionKey([ 'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION', // REQUIRED 'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED ]);
Parameter Details
Members
- resourceType
-
- Required: Yes
- Type: string
The resource type the key encrypts.
- scanType
-
- Required: Yes
- Type: string
The scan type the key encrypts.
Result Syntax
[ 'kmsKeyId' => '<string>', ]
Result Details
Members
- kmsKeyId
-
- Required: Yes
- Type: string
A kms key ID.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetFindingsReportStatus
$result = $client->getFindingsReportStatus
([/* ... */]); $promise = $client->getFindingsReportStatusAsync
([/* ... */]);
Gets the status of a findings report.
Parameter Syntax
$result = $client->getFindingsReportStatus([ 'reportId' => '<string>', ]);
Parameter Details
Members
- reportId
-
- Type: string
The ID of the report to retrieve the status of.
Result Syntax
[ 'destination' => [ 'bucketName' => '<string>', 'keyPrefix' => '<string>', 'kmsKeyArn' => '<string>', ], 'errorCode' => 'INTERNAL_ERROR|INVALID_PERMISSIONS|NO_FINDINGS_FOUND|BUCKET_NOT_FOUND|INCOMPATIBLE_BUCKET_REGION|MALFORMED_KMS_KEY', 'errorMessage' => '<string>', 'filterCriteria' => [ 'awsAccountId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'codeVulnerabilityDetectorName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'codeVulnerabilityDetectorTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'codeVulnerabilityFilePath' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'componentId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'componentType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ec2InstanceImageId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ec2InstanceSubnetId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ec2InstanceVpcId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImageArchitecture' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImageHash' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImagePushedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'ecrImageRegistry' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImageRepositoryName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'epssScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'exploitAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'findingArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'findingStatus' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'findingType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'firstObservedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'fixAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'inspectorScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'lambdaFunctionExecutionRoleArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lambdaFunctionLastModifiedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'lambdaFunctionLayers' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lambdaFunctionRuntime' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lastObservedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'networkProtocol' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'portRange' => [ [ 'beginInclusive' => <integer>, 'endInclusive' => <integer>, ], // ... ], 'relatedVulnerabilities' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'resourceTags' => [ [ 'comparison' => 'EQUALS', 'key' => '<string>', 'value' => '<string>', ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'severity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'title' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'updatedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'vendorSeverity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'vulnerabilityId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'vulnerabilitySource' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'vulnerablePackages' => [ [ 'architecture' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'epoch' => [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], 'name' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'release' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'sourceLambdaLayerArn' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'sourceLayerHash' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'version' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], ], // ... ], ], 'reportId' => '<string>', 'status' => 'SUCCEEDED|IN_PROGRESS|CANCELLED|FAILED', ]
Result Details
Members
- destination
-
- Type: Destination structure
The destination of the report.
- errorCode
-
- Type: string
The error code of the report.
- errorMessage
-
- Type: string
The error message of the report.
- filterCriteria
-
- Type: FilterCriteria structure
The filter criteria associated with the report.
- reportId
-
- Type: string
The ID of the report.
- status
-
- Type: string
The status of the report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetMember
$result = $client->getMember
([/* ... */]); $promise = $client->getMemberAsync
([/* ... */]);
Gets member information for your organization.
Parameter Syntax
$result = $client->getMember([ 'accountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to retrieve information on.
Result Syntax
[ 'member' => [ 'accountId' => '<string>', 'delegatedAdminAccountId' => '<string>', 'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER', 'updatedAt' => <DateTime>, ], ]
Result Details
Members
- member
-
- Type: Member structure
Details of the retrieved member account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetSbomExport
$result = $client->getSbomExport
([/* ... */]); $promise = $client->getSbomExportAsync
([/* ... */]);
Gets details of a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->getSbomExport([ 'reportId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The report ID of the SBOM export to get details for.
Result Syntax
[ 'errorCode' => 'INTERNAL_ERROR|INVALID_PERMISSIONS|NO_FINDINGS_FOUND|BUCKET_NOT_FOUND|INCOMPATIBLE_BUCKET_REGION|MALFORMED_KMS_KEY', 'errorMessage' => '<string>', 'filterCriteria' => [ 'accountId' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ec2InstanceTags' => [ [ 'comparison' => 'EQUALS', 'key' => '<string>', 'value' => '<string>', ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrRepositoryName' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lambdaFunctionTags' => [ [ 'comparison' => 'EQUALS', 'key' => '<string>', 'value' => '<string>', ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', 'value' => '<string>', ], // ... ], ], 'format' => 'CYCLONEDX_1_4|SPDX_2_3', 'reportId' => '<string>', 's3Destination' => [ 'bucketName' => '<string>', 'keyPrefix' => '<string>', 'kmsKeyArn' => '<string>', ], 'status' => 'SUCCEEDED|IN_PROGRESS|CANCELLED|FAILED', ]
Result Details
Members
- errorCode
-
- Type: string
An error code.
- errorMessage
-
- Type: string
An error message.
- filterCriteria
-
- Type: ResourceFilterCriteria structure
Contains details about the resource filter criteria used for the software bill of materials (SBOM) report.
- format
-
- Type: string
The format of the software bill of materials (SBOM) report.
- reportId
-
- Type: string
The report ID of the software bill of materials (SBOM) report.
- s3Destination
-
- Type: Destination structure
Contains details of the Amazon S3 bucket and KMS key used to export findings.
- status
-
- Type: string
The status of the software bill of materials (SBOM) report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListAccountPermissions
$result = $client->listAccountPermissions
([/* ... */]); $promise = $client->listAccountPermissionsAsync
([/* ... */]);
Lists the permissions an account has to configure Amazon Inspector.
Parameter Syntax
$result = $client->listAccountPermissions([ 'maxResults' => <integer>, 'nextToken' => '<string>', 'service' => 'EC2|ECR|LAMBDA', ]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextToken
value, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResults
maximum value it will also return anextToken
value. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. - service
-
- Type: string
The service scan type to check permissions for.
Result Syntax
[ 'nextToken' => '<string>', 'permissions' => [ [ 'operation' => 'ENABLE_SCANNING|DISABLE_SCANNING|ENABLE_REPOSITORY|DISABLE_REPOSITORY', 'service' => 'EC2|ECR|LAMBDA', ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page. - permissions
-
- Required: Yes
- Type: Array of Permission structures
Contains details on the permissions an account has to configure Amazon Inspector.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCisScanConfigurations
$result = $client->listCisScanConfigurations
([/* ... */]); $promise = $client->listCisScanConfigurationsAsync
([/* ... */]);
Lists CIS scan configurations.
Parameter Syntax
$result = $client->listCisScanConfigurations([ 'filterCriteria' => [ 'scanConfigurationArnFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanNameFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'targetResourceTagFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], ], 'maxResults' => <integer>, 'nextToken' => '<string>', 'sortBy' => 'SCAN_NAME|SCAN_CONFIGURATION_ARN', 'sortOrder' => 'ASC|DESC', ]);
Parameter Details
Members
- filterCriteria
-
- Type: ListCisScanConfigurationsFilterCriteria structure
The CIS scan configuration filter criteria.
- maxResults
-
- Type: int
The maximum number of CIS scan configurations to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- sortBy
-
- Type: string
The CIS scan configuration sort by order.
- sortOrder
-
- Type: string
The CIS scan configuration sort order order.
Result Syntax
[ 'nextToken' => '<string>', 'scanConfigurations' => [ [ 'ownerId' => '<string>', 'scanConfigurationArn' => '<string>', 'scanName' => '<string>', 'schedule' => [ 'daily' => [ 'startTime' => [ 'timeOfDay' => '<string>', 'timezone' => '<string>', ], ], 'monthly' => [ 'day' => 'SUN|MON|TUE|WED|THU|FRI|SAT', 'startTime' => [ 'timeOfDay' => '<string>', 'timezone' => '<string>', ], ], 'oneTime' => [ ], 'weekly' => [ 'days' => ['<string>', ...], 'startTime' => [ 'timeOfDay' => '<string>', 'timezone' => '<string>', ], ], ], 'securityLevel' => 'LEVEL_1|LEVEL_2', 'tags' => ['<string>', ...], 'targets' => [ 'accountIds' => ['<string>', ...], 'targetResourceTags' => [ '<TargetResourceTagsKey>' => ['<string>', ...], // ... ], ], ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanConfigurations
-
- Type: Array of CisScanConfiguration structures
The CIS scan configuration scan configurations.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCisScanResultsAggregatedByChecks
$result = $client->listCisScanResultsAggregatedByChecks
([/* ... */]); $promise = $client->listCisScanResultsAggregatedByChecksAsync
([/* ... */]);
Lists scan results aggregated by checks.
Parameter Syntax
$result = $client->listCisScanResultsAggregatedByChecks([ 'filterCriteria' => [ 'accountIdFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'checkIdFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'failedResourcesFilters' => [ [ 'lowerInclusive' => <integer>, 'upperInclusive' => <integer>, ], // ... ], 'platformFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'securityLevelFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'value' => 'LEVEL_1|LEVEL_2', // REQUIRED ], // ... ], 'titleFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], ], 'maxResults' => <integer>, 'nextToken' => '<string>', 'scanArn' => '<string>', // REQUIRED 'sortBy' => 'CHECK_ID|TITLE|PLATFORM|FAILED_COUNTS|SECURITY_LEVEL', 'sortOrder' => 'ASC|DESC', ]);
Parameter Details
Members
- filterCriteria
-
- Type: CisScanResultsAggregatedByChecksFilterCriteria structure
The filter criteria.
- maxResults
-
- Type: int
The maximum number of scan results aggregated by checks to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN.
- sortBy
-
- Type: string
The sort by order.
- sortOrder
-
- Type: string
The sort order.
Result Syntax
[ 'checkAggregations' => [ [ 'accountId' => '<string>', 'checkDescription' => '<string>', 'checkId' => '<string>', 'level' => 'LEVEL_1|LEVEL_2', 'platform' => '<string>', 'scanArn' => '<string>', 'statusCounts' => [ 'failed' => <integer>, 'passed' => <integer>, 'skipped' => <integer>, ], 'title' => '<string>', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- checkAggregations
-
- Type: Array of CisCheckAggregation structures
The check aggregations.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCisScanResultsAggregatedByTargetResource
$result = $client->listCisScanResultsAggregatedByTargetResource
([/* ... */]); $promise = $client->listCisScanResultsAggregatedByTargetResourceAsync
([/* ... */]);
Lists scan results aggregated by a target resource.
Parameter Syntax
$result = $client->listCisScanResultsAggregatedByTargetResource([ 'filterCriteria' => [ 'accountIdFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'checkIdFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'failedChecksFilters' => [ [ 'lowerInclusive' => <integer>, 'upperInclusive' => <integer>, ], // ... ], 'platformFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'statusFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'value' => 'PASSED|FAILED|SKIPPED', // REQUIRED ], // ... ], 'targetResourceIdFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'targetResourceTagFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'targetStatusFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'value' => 'TIMED_OUT|CANCELLED|COMPLETED', // REQUIRED ], // ... ], 'targetStatusReasonFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'value' => 'SCAN_IN_PROGRESS|UNSUPPORTED_OS|SSM_UNMANAGED', // REQUIRED ], // ... ], ], 'maxResults' => <integer>, 'nextToken' => '<string>', 'scanArn' => '<string>', // REQUIRED 'sortBy' => 'RESOURCE_ID|FAILED_COUNTS|ACCOUNT_ID|PLATFORM|TARGET_STATUS|TARGET_STATUS_REASON', 'sortOrder' => 'ASC|DESC', ]);
Parameter Details
Members
- filterCriteria
-
- Type: CisScanResultsAggregatedByTargetResourceFilterCriteria structure
The filter criteria.
- maxResults
-
- Type: int
The maximum number of scan results aggregated by a target resource to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN.
- sortBy
-
- Type: string
The sort by order.
- sortOrder
-
- Type: string
The sort order.
Result Syntax
[ 'nextToken' => '<string>', 'targetResourceAggregations' => [ [ 'accountId' => '<string>', 'platform' => '<string>', 'scanArn' => '<string>', 'statusCounts' => [ 'failed' => <integer>, 'passed' => <integer>, 'skipped' => <integer>, ], 'targetResourceId' => '<string>', 'targetResourceTags' => [ '<TargetResourceTagsKey>' => ['<string>', ...], // ... ], 'targetStatus' => 'TIMED_OUT|CANCELLED|COMPLETED', 'targetStatusReason' => 'SCAN_IN_PROGRESS|UNSUPPORTED_OS|SSM_UNMANAGED', ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- targetResourceAggregations
-
- Type: Array of CisTargetResourceAggregation structures
The resource aggregations.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCisScans
$result = $client->listCisScans
([/* ... */]); $promise = $client->listCisScansAsync
([/* ... */]);
Returns a CIS scan list.
Parameter Syntax
$result = $client->listCisScans([ 'detailLevel' => 'ORGANIZATION|MEMBER', 'filterCriteria' => [ 'failedChecksFilters' => [ [ 'lowerInclusive' => <integer>, 'upperInclusive' => <integer>, ], // ... ], 'scanArnFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanAtFilters' => [ [ 'earliestScanStartTime' => <integer || string || DateTime>, 'latestScanStartTime' => <integer || string || DateTime>, ], // ... ], 'scanConfigurationArnFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanNameFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanStatusFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'value' => 'FAILED|COMPLETED|CANCELLED|IN_PROGRESS', // REQUIRED ], // ... ], 'scheduledByFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'targetAccountIdFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'targetResourceIdFilters' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'targetResourceTagFilters' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], ], 'maxResults' => <integer>, 'nextToken' => '<string>', 'sortBy' => 'STATUS|SCHEDULED_BY|SCAN_START_DATE|FAILED_CHECKS', 'sortOrder' => 'ASC|DESC', ]);
Parameter Details
Members
- detailLevel
-
- Type: string
The detail applied to the CIS scan.
- filterCriteria
-
- Type: ListCisScansFilterCriteria structure
The CIS scan filter criteria.
- maxResults
-
- Type: int
The maximum number of results to be returned.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- sortBy
-
- Type: string
The CIS scans sort by order.
- sortOrder
-
- Type: string
The CIS scans sort order.
Result Syntax
[ 'nextToken' => '<string>', 'scans' => [ [ 'failedChecks' => <integer>, 'scanArn' => '<string>', 'scanConfigurationArn' => '<string>', 'scanDate' => <DateTime>, 'scanName' => '<string>', 'scheduledBy' => '<string>', 'securityLevel' => 'LEVEL_1|LEVEL_2', 'status' => 'FAILED|COMPLETED|CANCELLED|IN_PROGRESS', 'targets' => [ 'accountIds' => ['<string>', ...], 'targetResourceTags' => [ '<TargetResourceTagsKey>' => ['<string>', ...], // ... ], ], 'totalChecks' => <integer>, ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scans
-
- Type: Array of CisScan structures
The CIS scans.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCoverage
$result = $client->listCoverage
([/* ... */]); $promise = $client->listCoverageAsync
([/* ... */]);
Lists coverage details for you environment.
Parameter Syntax
$result = $client->listCoverage([ 'filterCriteria' => [ 'accountId' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrRepositoryName' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'imagePulledAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionRuntime' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'lastScannedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanMode' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanStatusCode' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanStatusReason' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanType' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], ], 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- filterCriteria
-
- Type: CoverageFilterCriteria structure
An object that contains details on the filters to apply to the coverage data for your environment.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextToken
value, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResults
maximum value it will also return anextToken
value. For subsequent calls, use thenextToken
value returned from the previous request to continue listing results after the first page.
Result Syntax
[ 'coveredResources' => [ [ 'accountId' => '<string>', 'lastScannedAt' => <DateTime>, 'resourceId' => '<string>', 'resourceMetadata' => [ 'ec2' => [ 'amiId' => '<string>', 'platform' => 'WINDOWS|LINUX|UNKNOWN|MACOS', 'tags' => ['<string>', ...], ], 'ecrImage' => [ 'imagePulledAt' => <DateTime>, 'tags' => ['<string>', ...], ], 'ecrRepository' => [ 'name' => '<string>', 'scanFrequency' => 'MANUAL|SCAN_ON_PUSH|CONTINUOUS_SCAN', ], 'lambdaFunction' => [ 'functionName' => '<string>', 'functionTags' => ['<string>', ...], 'layers' => ['<string>', ...], 'runtime' => 'NODEJS|NODEJS_12_X|NODEJS_14_X|NODEJS_16_X|JAVA_8|JAVA_8_AL2|JAVA_11|PYTHON_3_7|PYTHON_3_8|PYTHON_3_9|UNSUPPORTED|NODEJS_18_X|GO_1_X|JAVA_17|PYTHON_3_10', ], ], 'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION', 'scanMode' => 'EC2_SSM_AGENT_BASED|EC2_AGENTLESS', 'scanStatus' => [ 'reason' => 'PENDING_INITIAL_SCAN|ACCESS_DENIED|INTERNAL_ERROR|UNMANAGED_EC2_INSTANCE|UNSUPPORTED_OS|SCAN_ELIGIBILITY_EXPIRED|RESOURCE_TERMINATED|SUCCESSFUL|NO_RESOURCES_FOUND|IMAGE_SIZE_EXCEEDED|SCAN_FREQUENCY_MANUAL|SCAN_FREQUENCY_SCAN_ON_PUSH|EC2_INSTANCE_STOPPED|PENDING_DISABLE|NO_INVENTORY|STALE_INVENTORY|EXCLUDED_BY_TAG|UNSUPPORTED_RUNTIME|UNSUPPORTED_MEDIA_TYPE|UNSUPPORTED_CONFIG_FILE|DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED|DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED|DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED|DEEP_INSPECTION_NO_INVENTORY|AGENTLESS_INSTANCE_STORAGE_LIMIT_EXCEEDED|AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED', 'statusCode' => 'ACTIVE|INACTIVE', ], 'scanType' => 'NETWORK|PACKAGE|CODE', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- coveredResources
-
- Type: Array of CoveredResource structures
An object that contains details on the covered resources in your environment.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCoverageStatistics
$result = $client->listCoverageStatistics
([/* ... */]); $promise = $client->listCoverageStatisticsAsync
([/* ... */]);
Lists Amazon Inspector coverage statistics for your environment.
Parameter Syntax
$result = $client->listCoverageStatistics([ 'filterCriteria' => [ 'accountId' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrRepositoryName' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'imagePulledAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionRuntime' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'lastScannedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanMode' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanStatusCode' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanStatusReason' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'scanType' => [ [ 'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], ], 'groupBy' => 'SCAN_STATUS_CODE|SCAN_STATUS_REASON|ACCOUNT_ID|RESOURCE_TYPE|ECR_REPOSITORY_NAME', 'nextToken' => '<string>', ]);
Parameter Details
Members
- filterCriteria
-
- Type: CoverageFilterCriteria structure
An object that contains details on the filters to apply to the coverage data for your environment.
- groupBy
-
- Type: string
The value to group the results by.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page.
Result Syntax
[ 'countsByGroup' => [ [ 'count' => <integer>, 'groupKey' => 'SCAN_STATUS_CODE|SCAN_STATUS_REASON|ACCOUNT_ID|RESOURCE_TYPE|ECR_REPOSITORY_NAME', ], // ... ], 'nextToken' => '<string>', 'totalCounts' => <integer>, ]
Result Details
Members
- countsByGroup
-
- Type: Array of Counts structures
An array with the number for each group.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page. - totalCounts
-
- Required: Yes
- Type: long (int|float)
The total number for all groups.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListDelegatedAdminAccounts
$result = $client->listDelegatedAdminAccounts
([/* ... */]); $promise = $client->listDelegatedAdminAccountsAsync
([/* ... */]);
Lists information about the Amazon Inspector delegated administrator of your organization.
Parameter Syntax
$result = $client->listDelegatedAdminAccounts([ 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextToken
value, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResults
maximum value it will also return anextToken
value. For subsequent calls, use thenextToken
value returned from the previous request to continue listing results after the first page.
Result Syntax
[ 'delegatedAdminAccounts' => [ [ 'accountId' => '<string>', 'status' => 'ENABLED|DISABLE_IN_PROGRESS', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- delegatedAdminAccounts
-
- Type: Array of DelegatedAdminAccount structures
Details of the Amazon Inspector delegated administrator of your organization.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListFilters
$result = $client->listFilters
([/* ... */]); $promise = $client->listFiltersAsync
([/* ... */]);
Lists the filters associated with your account.
Parameter Syntax
$result = $client->listFilters([ 'action' => 'NONE|SUPPRESS', 'arns' => ['<string>', ...], 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- action
-
- Type: string
The action the filter applies to matched findings.
- arns
-
- Type: Array of strings
The Amazon resource number (ARN) of the filter.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextToken
value, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResults
maximum value it will also return anextToken
value. For subsequent calls, use thenextToken
value returned from the previous request to continue listing results after the first page.
Result Syntax
[ 'filters' => [ [ 'action' => 'NONE|SUPPRESS', 'arn' => '<string>', 'createdAt' => <DateTime>, 'criteria' => [ 'awsAccountId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'codeVulnerabilityDetectorName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'codeVulnerabilityDetectorTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'codeVulnerabilityFilePath' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'componentId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'componentType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ec2InstanceImageId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ec2InstanceSubnetId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ec2InstanceVpcId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImageArchitecture' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImageHash' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImagePushedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'ecrImageRegistry' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImageRepositoryName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'epssScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'exploitAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'findingArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'findingStatus' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'findingType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'firstObservedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'fixAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'inspectorScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'lambdaFunctionExecutionRoleArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lambdaFunctionLastModifiedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'lambdaFunctionLayers' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lambdaFunctionRuntime' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'lastObservedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'networkProtocol' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'portRange' => [ [ 'beginInclusive' => <integer>, 'endInclusive' => <integer>, ], // ... ], 'relatedVulnerabilities' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'resourceTags' => [ [ 'comparison' => 'EQUALS', 'key' => '<string>', 'value' => '<string>', ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'severity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'title' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'updatedAt' => [ [ 'endInclusive' => <DateTime>, 'startInclusive' => <DateTime>, ], // ... ], 'vendorSeverity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'vulnerabilityId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'vulnerabilitySource' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], // ... ], 'vulnerablePackages' => [ [ 'architecture' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'epoch' => [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], 'name' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'release' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'sourceLambdaLayerArn' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'sourceLayerHash' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], 'version' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', 'value' => '<string>', ], ], // ... ], ], 'description' => '<string>', 'name' => '<string>', 'ownerId' => '<string>', 'reason' => '<string>', 'tags' => ['<string>', ...], 'updatedAt' => <DateTime>, ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- filters
-
- Required: Yes
- Type: Array of Filter structures
Contains details on the filters associated with your account.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListFindingAggregations
$result = $client->listFindingAggregations
([/* ... */]); $promise = $client->listFindingAggregationsAsync
([/* ... */]);
Lists aggregated finding data for your environment based on specific criteria.
Parameter Syntax
$result = $client->listFindingAggregations([ 'accountIds' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'aggregationRequest' => [ 'accountAggregation' => [ 'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY', 'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION', 'sortBy' => 'CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', ], 'amiAggregation' => [ 'amis' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'sortBy' => 'CRITICAL|HIGH|ALL|AFFECTED_INSTANCES', 'sortOrder' => 'ASC|DESC', ], 'awsEcrContainerAggregation' => [ 'architectures' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'imageShas' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'imageTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'repositories' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceIds' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'sortBy' => 'CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', ], 'ec2InstanceAggregation' => [ 'amis' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'instanceIds' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'instanceTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'operatingSystems' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'sortBy' => 'NETWORK_FINDINGS|CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', ], 'findingTypeAggregation' => [ 'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY', 'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION', 'sortBy' => 'CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', ], 'imageLayerAggregation' => [ 'layerHashes' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'repositories' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceIds' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'sortBy' => 'CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', ], 'lambdaFunctionAggregation' => [ 'functionNames' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'functionTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'resourceIds' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'runtimes' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'sortBy' => 'CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', ], 'lambdaLayerAggregation' => [ 'functionNames' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'layerArns' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceIds' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'sortBy' => 'CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', ], 'packageAggregation' => [ 'packageNames' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'sortBy' => 'CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', ], 'repositoryAggregation' => [ 'repositories' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'sortBy' => 'CRITICAL|HIGH|ALL|AFFECTED_IMAGES', 'sortOrder' => 'ASC|DESC', ], 'titleAggregation' => [ 'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY', 'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION', 'sortBy' => 'CRITICAL|HIGH|ALL', 'sortOrder' => 'ASC|DESC', 'titles' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilityIds' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], ], ], 'aggregationType' => 'FINDING_TYPE|PACKAGE|TITLE|REPOSITORY|AMI|AWS_EC2_INSTANCE|AWS_ECR_CONTAINER|IMAGE_LAYER|ACCOUNT|AWS_LAMBDA_FUNCTION|LAMBDA_LAYER', // REQUIRED 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- accountIds
-
- Type: Array of StringFilter structures
The Amazon Web Services account IDs to retrieve finding aggregation data for.
- aggregationRequest
-
- Type: AggregationRequest structure
Details of the aggregation request that is used to filter your aggregation results.
- aggregationType
-
- Required: Yes
- Type: string
The type of the aggregation request.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextToken
value, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResults
maximum value it will also return anextToken
value. For subsequent calls, use thenextToken
value returned from the previous request to continue listing results after the first page.
Result Syntax
[ 'aggregationType' => 'FINDING_TYPE|PACKAGE|TITLE|REPOSITORY|AMI|AWS_EC2_INSTANCE|AWS_ECR_CONTAINER|IMAGE_LAYER|ACCOUNT|AWS_LAMBDA_FUNCTION|LAMBDA_LAYER', 'nextToken' => '<string>', 'responses' => [ [ 'accountAggregation' => [ 'accountId' => '<string>', 'exploitAvailableCount' => <integer>, 'fixAvailableCount' => <integer>, 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'amiAggregation' => [ 'accountId' => '<string>', 'affectedInstances' => <integer>, 'ami' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'awsEcrContainerAggregation' => [ 'accountId' => '<string>', 'architecture' => '<string>', 'imageSha' => '<string>', 'imageTags' => ['<string>', ...], 'repository' => '<string>', 'resourceId' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'ec2InstanceAggregation' => [ 'accountId' => '<string>', 'ami' => '<string>', 'instanceId' => '<string>', 'instanceTags' => ['<string>', ...], 'networkFindings' => <integer>, 'operatingSystem' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'findingTypeAggregation' => [ 'accountId' => '<string>', 'exploitAvailableCount' => <integer>, 'fixAvailableCount' => <integer>, 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'imageLayerAggregation' => [ 'accountId' => '<string>', 'layerHash' => '<string>', 'repository' => '<string>', 'resourceId' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'lambdaFunctionAggregation' => [ 'accountId' => '<string>', 'functionName' => '<string>', 'lambdaTags' => ['<string>', ...], 'lastModifiedAt' => <DateTime>, 'resourceId' => '<string>', 'runtime' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'lambdaLayerAggregation' => [ 'accountId' => '<string>', 'functionName' => '<string>', 'layerArn' => '<string>', 'resourceId' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'packageAggregation' => [ 'accountId' => '<string>', 'packageName' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'repositoryAggregation' => [ 'accountId' => '<string>', 'affectedImages' => <integer>, 'repository' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], ], 'titleAggregation' => [ 'accountId' => '<string>', 'severityCounts' => [ 'all' => <integer>, 'critical' => <integer>, 'high' => <integer>, 'medium' => <integer>, ], 'title' => '<string>', 'vulnerabilityId' => '<string>', ], ], // ... ], ]
Result Details
Members
- aggregationType
-
- Required: Yes
- Type: string
The type of aggregation to perform.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page. - responses
-
- Type: Array of AggregationResponse structures
Objects that contain the results of an aggregation operation.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListFindings
$result = $client->listFindings
([/* ... */]); $promise = $client->listFindingsAsync
([/* ... */]);
Lists findings for your environment.
Parameter Syntax
$result = $client->listFindings([ 'filterCriteria' => [ 'awsAccountId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityDetectorName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityDetectorTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityFilePath' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'componentId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'componentType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceImageId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceSubnetId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceVpcId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageArchitecture' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageHash' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImagePushedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'ecrImageRegistry' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageRepositoryName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'epssScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'exploitAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingStatus' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'firstObservedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'fixAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'inspectorScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'lambdaFunctionExecutionRoleArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionLastModifiedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'lambdaFunctionLayers' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionRuntime' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lastObservedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'networkProtocol' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'portRange' => [ [ 'beginInclusive' => <integer>, 'endInclusive' => <integer>, ], // ... ], 'relatedVulnerabilities' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'severity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'title' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'updatedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'vendorSeverity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilityId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilitySource' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerablePackages' => [ [ 'architecture' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'epoch' => [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], 'name' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'release' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'sourceLambdaLayerArn' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'sourceLayerHash' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'version' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], ], // ... ], ], 'maxResults' => <integer>, 'nextToken' => '<string>', 'sortCriteria' => [ 'field' => 'AWS_ACCOUNT_ID|FINDING_TYPE|SEVERITY|FIRST_OBSERVED_AT|LAST_OBSERVED_AT|FINDING_STATUS|RESOURCE_TYPE|ECR_IMAGE_PUSHED_AT|ECR_IMAGE_REPOSITORY_NAME|ECR_IMAGE_REGISTRY|NETWORK_PROTOCOL|COMPONENT_TYPE|VULNERABILITY_ID|VULNERABILITY_SOURCE|INSPECTOR_SCORE|VENDOR_SEVERITY|EPSS_SCORE', // REQUIRED 'sortOrder' => 'ASC|DESC', // REQUIRED ], ]);
Parameter Details
Members
- filterCriteria
-
- Type: FilterCriteria structure
Details on the filters to apply to your finding results.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextToken
value, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResults
maximum value it will also return anextToken
value. For subsequent calls, use thenextToken
value returned from the previous request to continue listing results after the first page. - sortCriteria
-
- Type: SortCriteria structure
Details on the sort criteria to apply to your finding results.
Result Syntax
[ 'findings' => [ [ 'awsAccountId' => '<string>', 'codeVulnerabilityDetails' => [ 'cwes' => ['<string>', ...], 'detectorId' => '<string>', 'detectorName' => '<string>', 'detectorTags' => ['<string>', ...], 'filePath' => [ 'endLine' => <integer>, 'fileName' => '<string>', 'filePath' => '<string>', 'startLine' => <integer>, ], 'referenceUrls' => ['<string>', ...], 'ruleId' => '<string>', 'sourceLambdaLayerArn' => '<string>', ], 'description' => '<string>', 'epss' => [ 'score' => <float>, ], 'exploitAvailable' => 'YES|NO', 'exploitabilityDetails' => [ 'lastKnownExploitAt' => <DateTime>, ], 'findingArn' => '<string>', 'firstObservedAt' => <DateTime>, 'fixAvailable' => 'YES|NO|PARTIAL', 'inspectorScore' => <float>, 'inspectorScoreDetails' => [ 'adjustedCvss' => [ 'adjustments' => [ [ 'metric' => '<string>', 'reason' => '<string>', ], // ... ], 'cvssSource' => '<string>', 'score' => <float>, 'scoreSource' => '<string>', 'scoringVector' => '<string>', 'version' => '<string>', ], ], 'lastObservedAt' => <DateTime>, 'networkReachabilityDetails' => [ 'networkPath' => [ 'steps' => [ [ 'componentId' => '<string>', 'componentType' => '<string>', ], // ... ], ], 'openPortRange' => [ 'begin' => <integer>, 'end' => <integer>, ], 'protocol' => 'TCP|UDP', ], 'packageVulnerabilityDetails' => [ 'cvss' => [ [ 'baseScore' => <float>, 'scoringVector' => '<string>', 'source' => '<string>', 'version' => '<string>', ], // ... ], 'referenceUrls' => ['<string>', ...], 'relatedVulnerabilities' => ['<string>', ...], 'source' => '<string>', 'sourceUrl' => '<string>', 'vendorCreatedAt' => <DateTime>, 'vendorSeverity' => '<string>', 'vendorUpdatedAt' => <DateTime>, 'vulnerabilityId' => '<string>', 'vulnerablePackages' => [ [ 'arch' => '<string>', 'epoch' => <integer>, 'filePath' => '<string>', 'fixedInVersion' => '<string>', 'name' => '<string>', 'packageManager' => 'BUNDLER|CARGO|COMPOSER|NPM|NUGET|PIPENV|POETRY|YARN|GOBINARY|GOMOD|JAR|OS|PIP|PYTHONPKG|NODEPKG|POM|GEMSPEC', 'release' => '<string>', 'remediation' => '<string>', 'sourceLambdaLayerArn' => '<string>', 'sourceLayerHash' => '<string>', 'version' => '<string>', ], // ... ], ], 'remediation' => [ 'recommendation' => [ 'Url' => '<string>', 'text' => '<string>', ], ], 'resources' => [ [ 'details' => [ 'awsEc2Instance' => [ 'iamInstanceProfileArn' => '<string>', 'imageId' => '<string>', 'ipV4Addresses' => ['<string>', ...], 'ipV6Addresses' => ['<string>', ...], 'keyName' => '<string>', 'launchedAt' => <DateTime>, 'platform' => '<string>', 'subnetId' => '<string>', 'type' => '<string>', 'vpcId' => '<string>', ], 'awsEcrContainerImage' => [ 'architecture' => '<string>', 'author' => '<string>', 'imageHash' => '<string>', 'imageTags' => ['<string>', ...], 'platform' => '<string>', 'pushedAt' => <DateTime>, 'registry' => '<string>', 'repositoryName' => '<string>', ], 'awsLambdaFunction' => [ 'architectures' => ['<string>', ...], 'codeSha256' => '<string>', 'executionRoleArn' => '<string>', 'functionName' => '<string>', 'lastModifiedAt' => <DateTime>, 'layers' => ['<string>', ...], 'packageType' => 'IMAGE|ZIP', 'runtime' => 'NODEJS|NODEJS_12_X|NODEJS_14_X|NODEJS_16_X|JAVA_8|JAVA_8_AL2|JAVA_11|PYTHON_3_7|PYTHON_3_8|PYTHON_3_9|UNSUPPORTED|NODEJS_18_X|GO_1_X|JAVA_17|PYTHON_3_10', 'version' => '<string>', 'vpcConfig' => [ 'securityGroupIds' => ['<string>', ...], 'subnetIds' => ['<string>', ...], 'vpcId' => '<string>', ], ], ], 'id' => '<string>', 'partition' => '<string>', 'region' => '<string>', 'tags' => ['<string>', ...], 'type' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION', ], // ... ], 'severity' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL|UNTRIAGED', 'status' => 'ACTIVE|SUPPRESSED|CLOSED', 'title' => '<string>', 'type' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY', 'updatedAt' => <DateTime>, ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- findings
-
- Type: Array of Finding structures
Contains details on the findings in your environment.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListMembers
$result = $client->listMembers
([/* ... */]); $promise = $client->listMembersAsync
([/* ... */]);
List members associated with the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->listMembers([ 'maxResults' => <integer>, 'nextToken' => '<string>', 'onlyAssociated' => true || false, ]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextToken
value, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResults
maximum value it will also return anextToken
value. For subsequent calls, use thenextToken
value returned from the previous request to continue listing results after the first page. - onlyAssociated
-
- Type: boolean
Specifies whether to list only currently associated members if
True
or to list all members within the organization ifFalse
.
Result Syntax
[ 'members' => [ [ 'accountId' => '<string>', 'delegatedAdminAccountId' => '<string>', 'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER', 'updatedAt' => <DateTime>, ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- members
-
- Type: Array of Member structures
An object that contains details for each member account.
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
Lists all tags attached to a given resource.
Parameter Syntax
$result = $client->listTagsForResource([ 'resourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon resource number (ARN) of the resource to list tags of.
Result Syntax
[ 'tags' => ['<string>', ...], ]
Result Details
Members
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags associated with the resource.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListUsageTotals
$result = $client->listUsageTotals
([/* ... */]); $promise = $client->listUsageTotalsAsync
([/* ... */]);
Lists the Amazon Inspector usage totals over the last 30 days.
Parameter Syntax
$result = $client->listUsageTotals([ 'accountIds' => ['<string>', ...], 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The Amazon Web Services account IDs to retrieve usage totals for.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextToken
value, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResults
maximum value it will also return anextToken
value. For subsequent calls, use thenextToken
value returned from the previous request to continue listing results after the first page.
Result Syntax
[ 'nextToken' => '<string>', 'totals' => [ [ 'accountId' => '<string>', 'usage' => [ [ 'currency' => 'USD', 'estimatedMonthlyCost' => <float>, 'total' => <float>, 'type' => 'EC2_INSTANCE_HOURS|ECR_INITIAL_SCAN|ECR_RESCAN|LAMBDA_FUNCTION_HOURS|LAMBDA_FUNCTION_CODE_HOURS', ], // ... ], ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
- totals
-
- Type: Array of UsageTotal structures
An object with details on the total usage for the requested account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ResetEncryptionKey
$result = $client->resetEncryptionKey
([/* ... */]); $promise = $client->resetEncryptionKeyAsync
([/* ... */]);
Resets an encryption key. After the key is reset your resources will be encrypted by an Amazon Web Services owned key.
Parameter Syntax
$result = $client->resetEncryptionKey([ 'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION', // REQUIRED 'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED ]);
Parameter Details
Members
- resourceType
-
- Required: Yes
- Type: string
The resource type the key encrypts.
- scanType
-
- Required: Yes
- Type: string
The scan type the key encrypts.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
SearchVulnerabilities
$result = $client->searchVulnerabilities
([/* ... */]); $promise = $client->searchVulnerabilitiesAsync
([/* ... */]);
Lists Amazon Inspector coverage details for a specific vulnerability.
Parameter Syntax
$result = $client->searchVulnerabilities([ 'filterCriteria' => [ // REQUIRED 'vulnerabilityIds' => ['<string>', ...], // REQUIRED ], 'nextToken' => '<string>', ]);
Parameter Details
Members
- filterCriteria
-
- Required: Yes
- Type: SearchVulnerabilitiesFilterCriteria structure
The criteria used to filter the results of a vulnerability search.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextToken
value returned from the previous request to continue listing results after the first page.
Result Syntax
[ 'nextToken' => '<string>', 'vulnerabilities' => [ [ 'atigData' => [ 'firstSeen' => <DateTime>, 'lastSeen' => <DateTime>, 'targets' => ['<string>', ...], 'ttps' => ['<string>', ...], ], 'cisaData' => [ 'action' => '<string>', 'dateAdded' => <DateTime>, 'dateDue' => <DateTime>, ], 'cvss2' => [ 'baseScore' => <float>, 'scoringVector' => '<string>', ], 'cvss3' => [ 'baseScore' => <float>, 'scoringVector' => '<string>', ], 'cwes' => ['<string>', ...], 'description' => '<string>', 'detectionPlatforms' => ['<string>', ...], 'epss' => [ 'score' => <float>, ], 'exploitObserved' => [ 'firstSeen' => <DateTime>, 'lastSeen' => <DateTime>, ], 'id' => '<string>', 'referenceUrls' => ['<string>', ...], 'relatedVulnerabilities' => ['<string>', ...], 'source' => 'NVD', 'sourceUrl' => '<string>', 'vendorCreatedAt' => <DateTime>, 'vendorSeverity' => '<string>', 'vendorUpdatedAt' => <DateTime>, ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
- vulnerabilities
-
- Required: Yes
- Type: Array of Vulnerability structures
Details about the listed vulnerability.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
SendCisSessionHealth
$result = $client->sendCisSessionHealth
([/* ... */]); $promise = $client->sendCisSessionHealthAsync
([/* ... */]);
Sends a CIS session health. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
Parameter Syntax
$result = $client->sendCisSessionHealth([ 'scanJobId' => '<string>', // REQUIRED 'sessionToken' => '<string>', // REQUIRED ]);
Parameter Details
Members
- scanJobId
-
- Required: Yes
- Type: string
A unique identifier for the scan job.
- sessionToken
-
- Required: Yes
- Type: string
The unique token that identifies the CIS session.
Result Syntax
[]
Result Details
Errors
- ConflictException:
A conflict occurred.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
SendCisSessionTelemetry
$result = $client->sendCisSessionTelemetry
([/* ... */]); $promise = $client->sendCisSessionTelemetryAsync
([/* ... */]);
Sends a CIS session telemetry. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
Parameter Syntax
$result = $client->sendCisSessionTelemetry([ 'messages' => [ // REQUIRED [ 'cisRuleDetails' => <string || resource || Psr\Http\Message\StreamInterface>, // REQUIRED 'ruleId' => '<string>', // REQUIRED 'status' => 'FAILED|PASSED|NOT_EVALUATED|INFORMATIONAL|UNKNOWN|NOT_APPLICABLE|ERROR', // REQUIRED ], // ... ], 'scanJobId' => '<string>', // REQUIRED 'sessionToken' => '<string>', // REQUIRED ]);
Parameter Details
Members
- messages
-
- Required: Yes
- Type: Array of CisSessionMessage structures
The CIS session telemetry messages.
- scanJobId
-
- Required: Yes
- Type: string
A unique identifier for the scan job.
- sessionToken
-
- Required: Yes
- Type: string
The unique token that identifies the CIS session.
Result Syntax
[]
Result Details
Errors
- ConflictException:
A conflict occurred.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
StartCisSession
$result = $client->startCisSession
([/* ... */]); $promise = $client->startCisSessionAsync
([/* ... */]);
Starts a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
Parameter Syntax
$result = $client->startCisSession([ 'message' => [ // REQUIRED 'sessionToken' => '<string>', // REQUIRED ], 'scanJobId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- message
-
- Required: Yes
- Type: StartCisSessionMessage structure
The start CIS session message.
- scanJobId
-
- Required: Yes
- Type: string
A unique identifier for the scan job.
Result Syntax
[]
Result Details
Errors
- ConflictException:
A conflict occurred.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
StopCisSession
$result = $client->stopCisSession
([/* ... */]); $promise = $client->stopCisSessionAsync
([/* ... */]);
Stops a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
Parameter Syntax
$result = $client->stopCisSession([ 'message' => [ // REQUIRED 'benchmarkProfile' => '<string>', 'benchmarkVersion' => '<string>', 'computePlatform' => [ 'product' => '<string>', 'vendor' => '<string>', 'version' => '<string>', ], 'progress' => [ // REQUIRED 'errorChecks' => <integer>, 'failedChecks' => <integer>, 'informationalChecks' => <integer>, 'notApplicableChecks' => <integer>, 'notEvaluatedChecks' => <integer>, 'successfulChecks' => <integer>, 'totalChecks' => <integer>, 'unknownChecks' => <integer>, ], 'reason' => '<string>', 'status' => 'SUCCESS|FAILED|INTERRUPTED|UNSUPPORTED_OS', // REQUIRED ], 'scanJobId' => '<string>', // REQUIRED 'sessionToken' => '<string>', // REQUIRED ]);
Parameter Details
Members
- message
-
- Required: Yes
- Type: StopCisSessionMessage structure
The stop CIS session message.
- scanJobId
-
- Required: Yes
- Type: string
A unique identifier for the scan job.
- sessionToken
-
- Required: Yes
- Type: string
The unique token that identifies the CIS session.
Result Syntax
[]
Result Details
Errors
- ConflictException:
A conflict occurred.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
TagResource
$result = $client->tagResource
([/* ... */]); $promise = $client->tagResourceAsync
([/* ... */]);
Adds tags to a resource.
Parameter Syntax
$result = $client->tagResource([ 'resourceArn' => '<string>', // REQUIRED 'tags' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource to apply a tag to.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (MapKey) to strings
The tags to be added to a resource.
Result Syntax
[]
Result Details
Errors
- BadRequestException:
One or more tags submitted as part of the request is not valid.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UntagResource
$result = $client->untagResource
([/* ... */]); $promise = $client->untagResourceAsync
([/* ... */]);
Removes tags from a resource.
Parameter Syntax
$result = $client->untagResource([ 'resourceArn' => '<string>', // REQUIRED 'tagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for the resource to remove tags from.
- tagKeys
-
- Required: Yes
- Type: Array of strings
The tag keys to remove from the resource.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateCisScanConfiguration
$result = $client->updateCisScanConfiguration
([/* ... */]); $promise = $client->updateCisScanConfigurationAsync
([/* ... */]);
Updates a CIS scan configuration.
Parameter Syntax
$result = $client->updateCisScanConfiguration([ 'scanConfigurationArn' => '<string>', // REQUIRED 'scanName' => '<string>', 'schedule' => [ 'daily' => [ 'startTime' => [ // REQUIRED 'timeOfDay' => '<string>', // REQUIRED 'timezone' => '<string>', // REQUIRED ], ], 'monthly' => [ 'day' => 'SUN|MON|TUE|WED|THU|FRI|SAT', // REQUIRED 'startTime' => [ // REQUIRED 'timeOfDay' => '<string>', // REQUIRED 'timezone' => '<string>', // REQUIRED ], ], 'oneTime' => [ ], 'weekly' => [ 'days' => ['<string>', ...], // REQUIRED 'startTime' => [ // REQUIRED 'timeOfDay' => '<string>', // REQUIRED 'timezone' => '<string>', // REQUIRED ], ], ], 'securityLevel' => 'LEVEL_1|LEVEL_2', 'targets' => [ 'accountIds' => ['<string>', ...], 'targetResourceTags' => [ '<TargetResourceTagsKey>' => ['<string>', ...], // ... ], ], ]);
Parameter Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The CIS scan configuration ARN.
- scanName
-
- Type: string
The scan name for the CIS scan configuration.
- schedule
-
- Type: Schedule structure
The schedule for the CIS scan configuration.
- securityLevel
-
- Type: string
The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile.
- targets
-
- Type: UpdateCisTargets structure
The targets for the CIS scan configuration.
Result Syntax
[ 'scanConfigurationArn' => '<string>', ]
Result Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The CIS scan configuration ARN.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateConfiguration
$result = $client->updateConfiguration
([/* ... */]); $promise = $client->updateConfigurationAsync
([/* ... */]);
Updates setting configurations for your Amazon Inspector account. When you use this API as an Amazon Inspector delegated administrator this updates the setting for all accounts you manage. Member accounts in an organization cannot update this setting.
Parameter Syntax
$result = $client->updateConfiguration([ 'ec2Configuration' => [ 'scanMode' => 'EC2_SSM_AGENT_BASED|EC2_HYBRID', // REQUIRED ], 'ecrConfiguration' => [ 'pullDateRescanDuration' => 'DAYS_14|DAYS_30|DAYS_60|DAYS_90|DAYS_180', 'rescanDuration' => 'LIFETIME|DAYS_30|DAYS_180|DAYS_14|DAYS_60|DAYS_90', // REQUIRED ], ]);
Parameter Details
Members
- ec2Configuration
-
- Type: Ec2Configuration structure
Specifies how the Amazon EC2 automated scan will be updated for your environment.
- ecrConfiguration
-
- Type: EcrConfiguration structure
Specifies how the ECR automated re-scan will be updated for your environment.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateEc2DeepInspectionConfiguration
$result = $client->updateEc2DeepInspectionConfiguration
([/* ... */]); $promise = $client->updateEc2DeepInspectionConfigurationAsync
([/* ... */]);
Activates, deactivates Amazon Inspector deep inspection, or updates custom paths for your account.
Parameter Syntax
$result = $client->updateEc2DeepInspectionConfiguration([ 'activateDeepInspection' => true || false, 'packagePaths' => ['<string>', ...], ]);
Parameter Details
Members
- activateDeepInspection
-
- Type: boolean
Specify
TRUE
to activate Amazon Inspector deep inspection in your account, orFALSE
to deactivate. Member accounts in an organization cannot deactivate deep inspection, instead the delegated administrator for the organization can deactivate a member account using BatchUpdateMemberEc2DeepInspectionStatus. - packagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths you are adding for your account.
Result Syntax
[ 'errorMessage' => '<string>', 'orgPackagePaths' => ['<string>', ...], 'packagePaths' => ['<string>', ...], 'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED', ]
Result Details
Members
- errorMessage
-
- Type: string
An error message explaining why new Amazon Inspector deep inspection custom paths could not be added.
- orgPackagePaths
-
- Type: Array of strings
The current Amazon Inspector deep inspection custom paths for the organization.
- packagePaths
-
- Type: Array of strings
The current Amazon Inspector deep inspection custom paths for your account.
- status
-
- Type: string
The status of Amazon Inspector deep inspection in your account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateEncryptionKey
$result = $client->updateEncryptionKey
([/* ... */]); $promise = $client->updateEncryptionKeyAsync
([/* ... */]);
Updates an encryption key. A ResourceNotFoundException
means that an Amazon Web Services owned key is being used for encryption.
Parameter Syntax
$result = $client->updateEncryptionKey([ 'kmsKeyId' => '<string>', // REQUIRED 'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION', // REQUIRED 'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED ]);
Parameter Details
Members
- kmsKeyId
-
- Required: Yes
- Type: string
A KMS key ID for the encryption key.
- resourceType
-
- Required: Yes
- Type: string
The resource type for the encryption key.
- scanType
-
- Required: Yes
- Type: string
The scan type for the encryption key.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateFilter
$result = $client->updateFilter
([/* ... */]); $promise = $client->updateFilterAsync
([/* ... */]);
Specifies the action that is to be applied to the findings that match the filter.
Parameter Syntax
$result = $client->updateFilter([ 'action' => 'NONE|SUPPRESS', 'description' => '<string>', 'filterArn' => '<string>', // REQUIRED 'filterCriteria' => [ 'awsAccountId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityDetectorName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityDetectorTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'codeVulnerabilityFilePath' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'componentId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'componentType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceImageId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceSubnetId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ec2InstanceVpcId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageArchitecture' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageHash' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImagePushedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'ecrImageRegistry' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageRepositoryName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'ecrImageTags' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'epssScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'exploitAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingStatus' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'findingType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'firstObservedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'fixAvailable' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'inspectorScore' => [ [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], // ... ], 'lambdaFunctionExecutionRoleArn' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionLastModifiedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'lambdaFunctionLayers' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionName' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lambdaFunctionRuntime' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'lastObservedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'networkProtocol' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'portRange' => [ [ 'beginInclusive' => <integer>, 'endInclusive' => <integer>, ], // ... ], 'relatedVulnerabilities' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'resourceTags' => [ [ 'comparison' => 'EQUALS', // REQUIRED 'key' => '<string>', // REQUIRED 'value' => '<string>', ], // ... ], 'resourceType' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'severity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'title' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'updatedAt' => [ [ 'endInclusive' => <integer || string || DateTime>, 'startInclusive' => <integer || string || DateTime>, ], // ... ], 'vendorSeverity' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilityId' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerabilitySource' => [ [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'vulnerablePackages' => [ [ 'architecture' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'epoch' => [ 'lowerInclusive' => <float>, 'upperInclusive' => <float>, ], 'name' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'release' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'sourceLambdaLayerArn' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'sourceLayerHash' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], 'version' => [ 'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED 'value' => '<string>', // REQUIRED ], ], // ... ], ], 'name' => '<string>', 'reason' => '<string>', ]);
Parameter Details
Members
- action
-
- Type: string
Specifies the action that is to be applied to the findings that match the filter.
- description
-
- Type: string
A description of the filter.
- filterArn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter to update.
- filterCriteria
-
- Type: FilterCriteria structure
Defines the criteria to be update in the filter.
- name
-
- Type: string
The name of the filter.
- reason
-
- Type: string
The reason the filter was updated.
Result Syntax
[ 'arn' => '<string>', ]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the successfully updated filter.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateOrgEc2DeepInspectionConfiguration
$result = $client->updateOrgEc2DeepInspectionConfiguration
([/* ... */]); $promise = $client->updateOrgEc2DeepInspectionConfigurationAsync
([/* ... */]);
Updates the Amazon Inspector deep inspection custom paths for your organization. You must be an Amazon Inspector delegated administrator to use this API.
Parameter Syntax
$result = $client->updateOrgEc2DeepInspectionConfiguration([ 'orgPackagePaths' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- orgPackagePaths
-
- Required: Yes
- Type: Array of strings
The Amazon Inspector deep inspection custom paths you are adding for your organization.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateOrganizationConfiguration
$result = $client->updateOrganizationConfiguration
([/* ... */]); $promise = $client->updateOrganizationConfigurationAsync
([/* ... */]);
Updates the configurations for your Amazon Inspector organization.
Parameter Syntax
$result = $client->updateOrganizationConfiguration([ 'autoEnable' => [ // REQUIRED 'ec2' => true || false, // REQUIRED 'ecr' => true || false, // REQUIRED 'lambda' => true || false, 'lambdaCode' => true || false, ], ]);
Parameter Details
Members
- autoEnable
-
- Required: Yes
- Type: AutoEnable structure
Defines which scan types are enabled automatically for new members of your Amazon Inspector organization.
Result Syntax
[ 'autoEnable' => [ 'ec2' => true || false, 'ecr' => true || false, 'lambda' => true || false, 'lambdaCode' => true || false, ], ]
Result Details
Members
- autoEnable
-
- Required: Yes
- Type: AutoEnable structure
The updated status of scan types automatically enabled for new members of your Amazon Inspector organization.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Shapes
AccessDeniedException
Description
You do not have sufficient access to perform this action.
For Enable
, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.
Members
- message
-
- Required: Yes
- Type: string
Account
Description
An Amazon Web Services account within your environment that Amazon Inspector has been enabled for.
Members
- accountId
-
- Required: Yes
- Type: string
The ID of the Amazon Web Services account.
- resourceStatus
-
- Required: Yes
- Type: ResourceStatus structure
Details of the status of Amazon Inspector scans by resource type.
- status
-
- Required: Yes
- Type: string
The status of Amazon Inspector for the account.
AccountAggregation
Description
An object that contains details about an aggregation response based on Amazon Web Services accounts.
Members
- findingType
-
- Type: string
The type of finding.
- resourceType
-
- Type: string
The type of resource.
- sortBy
-
- Type: string
The value to sort by.
- sortOrder
-
- Type: string
The sort order (ascending or descending).
AccountAggregationResponse
Description
An aggregation of findings by Amazon Web Services account ID.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID.
- exploitAvailableCount
-
- Type: long (int|float)
The number of findings that have an exploit available.
- fixAvailableCount
-
- Type: long (int|float)
Details about the number of fixes.
- severityCounts
-
- Type: SeverityCounts structure
The number of findings by severity.
AccountState
Description
An object with details the status of an Amazon Web Services account within your Amazon Inspector environment.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID.
- resourceState
-
- Required: Yes
- Type: ResourceState structure
An object detailing which resources Amazon Inspector is enabled to scan for the account.
- state
-
- Required: Yes
- Type: State structure
An object detailing the status of Amazon Inspector for the account.
AggregationRequest
Description
Contains details about an aggregation request.
Members
- accountAggregation
-
- Type: AccountAggregation structure
An object that contains details about an aggregation request based on Amazon Web Services account IDs.
- amiAggregation
-
- Type: AmiAggregation structure
An object that contains details about an aggregation request based on Amazon Machine Images (AMIs).
- awsEcrContainerAggregation
-
- Type: AwsEcrContainerAggregation structure
An object that contains details about an aggregation request based on Amazon ECR container images.
- ec2InstanceAggregation
-
- Type: Ec2InstanceAggregation structure
An object that contains details about an aggregation request based on Amazon EC2 instances.
- findingTypeAggregation
-
- Type: FindingTypeAggregation structure
An object that contains details about an aggregation request based on finding types.
- imageLayerAggregation
-
- Type: ImageLayerAggregation structure
An object that contains details about an aggregation request based on container image layers.
- lambdaFunctionAggregation
-
- Type: LambdaFunctionAggregation structure
Returns an object with findings aggregated by Amazon Web Services Lambda function.
- lambdaLayerAggregation
-
- Type: LambdaLayerAggregation structure
Returns an object with findings aggregated by Amazon Web Services Lambda layer.
- packageAggregation
-
- Type: PackageAggregation structure
An object that contains details about an aggregation request based on operating system package type.
- repositoryAggregation
-
- Type: RepositoryAggregation structure
An object that contains details about an aggregation request based on Amazon ECR repositories.
- titleAggregation
-
- Type: TitleAggregation structure
An object that contains details about an aggregation request based on finding title.
AggregationResponse
Description
A structure that contains details about the results of an aggregation type.
Members
- accountAggregation
-
- Type: AccountAggregationResponse structure
An object that contains details about an aggregation response based on Amazon Web Services account IDs.
- amiAggregation
-
- Type: AmiAggregationResponse structure
An object that contains details about an aggregation response based on Amazon Machine Images (AMIs).
- awsEcrContainerAggregation
-
- Type: AwsEcrContainerAggregationResponse structure
An object that contains details about an aggregation response based on Amazon ECR container images.
- ec2InstanceAggregation
-
- Type: Ec2InstanceAggregationResponse structure
An object that contains details about an aggregation response based on Amazon EC2 instances.
- findingTypeAggregation
-
- Type: FindingTypeAggregationResponse structure
An object that contains details about an aggregation response based on finding types.
- imageLayerAggregation
-
- Type: ImageLayerAggregationResponse structure
An object that contains details about an aggregation response based on container image layers.
- lambdaFunctionAggregation
-
- Type: LambdaFunctionAggregationResponse structure
An aggregation of findings by Amazon Web Services Lambda function.
- lambdaLayerAggregation
-
- Type: LambdaLayerAggregationResponse structure
An aggregation of findings by Amazon Web Services Lambda layer.
- packageAggregation
-
- Type: PackageAggregationResponse structure
An object that contains details about an aggregation response based on operating system package type.
- repositoryAggregation
-
- Type: RepositoryAggregationResponse structure
An object that contains details about an aggregation response based on Amazon ECR repositories.
- titleAggregation
-
- Type: TitleAggregationResponse structure
An object that contains details about an aggregation response based on finding title.
AmiAggregation
Description
The details that define an aggregation based on Amazon machine images (AMIs).
Members
- amis
-
- Type: Array of StringFilter structures
The IDs of AMIs to aggregate findings for.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
AmiAggregationResponse
Description
A response that contains the results of a finding aggregation by AMI.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID for the AMI.
- affectedInstances
-
- Type: long (int|float)
The IDs of Amazon EC2 instances using this AMI.
- ami
-
- Required: Yes
- Type: string
The ID of the AMI that findings were aggregated for.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
AtigData
Description
The Amazon Web Services Threat Intel Group (ATIG) details for a specific vulnerability.
Members
- firstSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this vulnerability was first observed.
- lastSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this vulnerability was last observed.
- targets
-
- Type: Array of strings
The commercial sectors this vulnerability targets.
- ttps
-
- Type: Array of strings
The MITRE ATT&CK tactics, techniques, and procedures (TTPs) associated with vulnerability.
AutoEnable
Description
Represents which scan types are automatically enabled for new members of your Amazon Inspector organization.
Members
- ec2
-
- Required: Yes
- Type: boolean
Represents whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization.
- ecr
-
- Required: Yes
- Type: boolean
Represents whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization.
- lambda
-
- Type: boolean
Represents whether Amazon Web Services Lambda standard scans are automatically enabled for new members of your Amazon Inspector organization.
- lambdaCode
-
- Type: boolean
Represents whether Lambda code scans are automatically enabled for new members of your Amazon Inspector organization.
</p>
AwsEc2InstanceDetails
Description
Details of the Amazon EC2 instance involved in a finding.
Members
- iamInstanceProfileArn
-
- Type: string
The IAM instance profile ARN of the Amazon EC2 instance.
- imageId
-
- Type: string
The image ID of the Amazon EC2 instance.
- ipV4Addresses
-
- Type: Array of strings
The IPv4 addresses of the Amazon EC2 instance.
- ipV6Addresses
-
- Type: Array of strings
The IPv6 addresses of the Amazon EC2 instance.
- keyName
-
- Type: string
The name of the key pair used to launch the Amazon EC2 instance.
- launchedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the Amazon EC2 instance was launched at.
- platform
-
- Type: string
The platform of the Amazon EC2 instance.
- subnetId
-
- Type: string
The subnet ID of the Amazon EC2 instance.
- type
-
- Type: string
The type of the Amazon EC2 instance.
- vpcId
-
- Type: string
The VPC ID of the Amazon EC2 instance.
AwsEcrContainerAggregation
Description
An aggregation of information about Amazon ECR containers.
Members
- architectures
-
- Type: Array of StringFilter structures
The architecture of the containers.
- imageShas
-
- Type: Array of StringFilter structures
The image SHA values.
- imageTags
-
- Type: Array of StringFilter structures
The image tags.
- repositories
-
- Type: Array of StringFilter structures
The container repositories.
- resourceIds
-
- Type: Array of StringFilter structures
The container resource IDs.
- sortBy
-
- Type: string
The value to sort by.
- sortOrder
-
- Type: string
The sort order (ascending or descending).
AwsEcrContainerAggregationResponse
Description
An aggregation of information about Amazon ECR containers.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the account that owns the container.
- architecture
-
- Type: string
The architecture of the container.
- imageSha
-
- Type: string
The SHA value of the container image.
- imageTags
-
- Type: Array of strings
The container image stags.
- repository
-
- Type: string
The container repository.
- resourceId
-
- Required: Yes
- Type: string
The resource ID of the container.
- severityCounts
-
- Type: SeverityCounts structure
The number of finding by severity.
AwsEcrContainerImageDetails
Description
The image details of the Amazon ECR container image.
Members
- architecture
-
- Type: string
The architecture of the Amazon ECR container image.
- author
-
- Type: string
The image author of the Amazon ECR container image.
- imageHash
-
- Required: Yes
- Type: string
The image hash of the Amazon ECR container image.
- imageTags
-
- Type: Array of strings
The image tags attached to the Amazon ECR container image.
- platform
-
- Type: string
The platform of the Amazon ECR container image.
- pushedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the Amazon ECR container image was pushed.
- registry
-
- Required: Yes
- Type: string
The registry for the Amazon ECR container image.
- repositoryName
-
- Required: Yes
- Type: string
The name of the repository the Amazon ECR container image resides in.
AwsLambdaFunctionDetails
Description
A summary of information about the Amazon Web Services Lambda function.
Members
- architectures
-
- Type: Array of strings
The instruction set architecture that the Amazon Web Services Lambda function supports. Architecture is a string array with one of the valid values. The default architecture value is
x86_64
. - codeSha256
-
- Required: Yes
- Type: string
The SHA256 hash of the Amazon Web Services Lambda function's deployment package.
- executionRoleArn
-
- Required: Yes
- Type: string
The Amazon Web Services Lambda function's execution role.
- functionName
-
- Required: Yes
- Type: string
The name of the Amazon Web Services Lambda function.
- lastModifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that a user last updated the configuration, in ISO 8601 format
- layers
-
- Type: Array of strings
The Amazon Web Services Lambda function's layers. A Lambda function can have up to five layers.
- packageType
-
- Type: string
The type of deployment package. Set to
Image
for container image and setZip
for .zip file archive. - runtime
-
- Required: Yes
- Type: string
The runtime environment for the Amazon Web Services Lambda function.
- version
-
- Required: Yes
- Type: string
The version of the Amazon Web Services Lambda function.
- vpcConfig
-
- Type: LambdaVpcConfig structure
The Amazon Web Services Lambda function's networking configuration.
BadRequestException
Description
One or more tags submitted as part of the request is not valid.
Members
- message
-
- Required: Yes
- Type: string
CisCheckAggregation
Description
A CIS check.
Members
- accountId
-
- Type: string
The account ID for the CIS check.
- checkDescription
-
- Type: string
The description for the CIS check.
- checkId
-
- Type: string
The check ID for the CIS check.
- level
-
- Type: string
The CIS check level.
- platform
-
- Type: string
The CIS check platform.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN for the CIS check scan ARN.
- statusCounts
-
- Type: StatusCounts structure
The CIS check status counts.
- title
-
- Type: string
The CIS check title.
CisDateFilter
Description
The CIS date filter.
Members
- earliestScanStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The CIS date filter's earliest scan start time.
- latestScanStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The CIS date filter's latest scan start time.
CisFindingStatusFilter
Description
The CIS finding status filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS finding status filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS finding status filter.
CisNumberFilter
Description
The CIS number filter.
Members
- lowerInclusive
-
- Type: int
The CIS number filter's lower inclusive.
- upperInclusive
-
- Type: int
The CIS number filter's upper inclusive.
CisResultStatusFilter
Description
The CIS result status filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS result status filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS result status filter.
CisScan
Description
The CIS scan.
Members
- failedChecks
-
- Type: int
The CIS scan's failed checks.
- scanArn
-
- Required: Yes
- Type: string
The CIS scan's ARN.
- scanConfigurationArn
-
- Required: Yes
- Type: string
The CIS scan's configuration ARN.
- scanDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The CIS scan's date.
- scanName
-
- Type: string
The the name of the scan configuration that's associated with this scan.
- scheduledBy
-
- Type: string
The account or organization that schedules the CIS scan.
- securityLevel
-
- Type: string
The security level for the CIS scan. Security level refers to the Benchmark levels that CIS assigns to a profile.
- status
-
- Type: string
The CIS scan's status.
- targets
-
- Type: CisTargets structure
The CIS scan's targets.
- totalChecks
-
- Type: int
The CIS scan's total checks.
CisScanConfiguration
Description
The CIS scan configuration.
Members
- ownerId
-
- Type: string
The CIS scan configuration's owner ID.
- scanConfigurationArn
-
- Required: Yes
- Type: string
The CIS scan configuration's scan configuration ARN.
- scanName
-
- Type: string
The name of the CIS scan configuration.
- schedule
-
- Type: Schedule structure
The CIS scan configuration's schedule.
- securityLevel
-
- Type: string
The CIS scan configuration's security level.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The CIS scan configuration's tags.
- targets
-
- Type: CisTargets structure
The CIS scan configuration's targets.
CisScanResultDetails
Description
The CIS scan result details.
Members
- accountId
-
- Type: string
The CIS scan result details' account ID.
- checkDescription
-
- Type: string
The account ID that's associated with the CIS scan result details.
- checkId
-
- Type: string
The CIS scan result details' check ID.
- findingArn
-
- Type: string
The CIS scan result details' finding ARN.
- level
-
- Type: string
The CIS scan result details' level.
- platform
-
- Type: string
The CIS scan result details' platform.
- remediation
-
- Type: string
The CIS scan result details' remediation.
- scanArn
-
- Required: Yes
- Type: string
The CIS scan result details' scan ARN.
- status
-
- Type: string
The CIS scan result details' status.
- statusReason
-
- Type: string
The CIS scan result details' status reason.
- targetResourceId
-
- Type: string
The CIS scan result details' target resource ID.
- title
-
- Type: string
The CIS scan result details' title.
CisScanResultDetailsFilterCriteria
Description
The CIS scan result details filter criteria.
Members
- checkIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's check ID filters.
- findingArnFilters
-
- Type: Array of CisStringFilter structures
The criteria's finding ARN filters.
- findingStatusFilters
-
- Type: Array of CisFindingStatusFilter structures
The criteria's finding status filters.
- securityLevelFilters
-
- Type: Array of CisSecurityLevelFilter structures
The criteria's security level filters. . Security level refers to the Benchmark levels that CIS assigns to a profile.
- titleFilters
-
- Type: Array of CisStringFilter structures
The criteria's title filters.
CisScanResultsAggregatedByChecksFilterCriteria
Description
The scan results aggregated by checks filter criteria.
Members
- accountIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's account ID filters.
- checkIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's check ID filters.
- failedResourcesFilters
-
- Type: Array of CisNumberFilter structures
The criteria's failed resources filters.
- platformFilters
-
- Type: Array of CisStringFilter structures
The criteria's platform filters.
- securityLevelFilters
-
- Type: Array of CisSecurityLevelFilter structures
The criteria's security level filters.
- titleFilters
-
- Type: Array of CisStringFilter structures
The criteria's title filters.
CisScanResultsAggregatedByTargetResourceFilterCriteria
Description
The scan results aggregated by target resource filter criteria.
Members
- accountIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's account ID filters.
- checkIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's check ID filters.
- failedChecksFilters
-
- Type: Array of CisNumberFilter structures
The criteria's failed checks filters.
- platformFilters
-
- Type: Array of CisStringFilter structures
The criteria's platform filters.
- statusFilters
-
- Type: Array of CisResultStatusFilter structures
The criteria's status filter.
- targetResourceIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's target resource ID filters.
- targetResourceTagFilters
-
- Type: Array of TagFilter structures
The criteria's target resource tag filters.
- targetStatusFilters
-
- Type: Array of CisTargetStatusFilter structures
The criteria's target status filters.
- targetStatusReasonFilters
-
- Type: Array of CisTargetStatusReasonFilter structures
The criteria's target status reason filters.
CisScanStatusFilter
Description
The CIS scan status filter.
Members
- comparison
-
- Required: Yes
- Type: string
The filter comparison value.
- value
-
- Required: Yes
- Type: string
The filter value.
CisSecurityLevelFilter
Description
The CIS security level filter. Security level refers to the Benchmark levels that CIS assigns to a profile.
Members
- comparison
-
- Required: Yes
- Type: string
The CIS security filter comparison value.
- value
-
- Required: Yes
- Type: string
The CIS security filter value.
CisSessionMessage
Description
The CIS session message.
Members
- cisRuleDetails
-
- Required: Yes
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
The CIS rule details for the CIS session message.
- ruleId
-
- Required: Yes
- Type: string
The rule ID for the CIS session message.
- status
-
- Required: Yes
- Type: string
The status of the CIS session message.
CisStringFilter
Description
The CIS string filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS string filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS string filter.
CisTargetResourceAggregation
Description
The CIS target resource aggregation.
Members
- accountId
-
- Type: string
The account ID for the CIS target resource.
- platform
-
- Type: string
The platform for the CIS target resource.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN for the CIS target resource.
- statusCounts
-
- Type: StatusCounts structure
The target resource status counts.
- targetResourceId
-
- Type: string
The ID of the target resource.
- targetResourceTags
-
- Type: Associative array of custom strings keys (TargetResourceTagsKey) to stringss
The tag for the target resource.
- targetStatus
-
- Type: string
The status of the target resource.
- targetStatusReason
-
- Type: string
The reason for the target resource.
CisTargetStatusFilter
Description
The CIS target status filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS target status filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS target status filter.
CisTargetStatusReasonFilter
Description
The CIS target status reason filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS target status reason filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS target status reason filter.
CisTargets
Description
The CIS targets.
Members
- accountIds
-
- Type: Array of strings
The CIS target account ids.
- targetResourceTags
-
- Type: Associative array of custom strings keys (TargetResourceTagsKey) to stringss
The CIS target resource tags.
CisaData
Description
The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.
Members
- action
-
- Type: string
The remediation action recommended by CISA for this vulnerability.
- dateAdded
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time CISA added this vulnerability to their catalogue.
- dateDue
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time CISA expects a fix to have been provided vulnerability.
CodeFilePath
Description
Contains information on where a code vulnerability is located in your Lambda function.
Members
- endLine
-
- Required: Yes
- Type: int
The line number of the last line of code that a vulnerability was found in.
- fileName
-
- Required: Yes
- Type: string
The name of the file the code vulnerability was found in.
- filePath
-
- Required: Yes
- Type: string
The file path to the code that a vulnerability was found in.
- startLine
-
- Required: Yes
- Type: int
The line number of the first line of code that a vulnerability was found in.
CodeLine
Description
Contains information on the lines of code associated with a code snippet.
Members
- content
-
- Required: Yes
- Type: string
The content of a line of code
- lineNumber
-
- Required: Yes
- Type: int
The line number that a section of code is located at.
CodeSnippetError
Description
Contains information about any errors encountered while trying to retrieve a code snippet.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code for the error that prevented a code snippet from being retrieved.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when Amazon Inspector failed to retrieve a code snippet.
- findingArn
-
- Required: Yes
- Type: string
The ARN of the finding that a code snippet couldn't be retrieved for.
CodeSnippetResult
Description
Contains information on a code snippet retrieved by Amazon Inspector from a code vulnerability finding.
Members
- codeSnippet
-
- Type: Array of CodeLine structures
Contains information on the retrieved code snippet.
- endLine
-
- Type: int
The line number of the last line of a code snippet.
- findingArn
-
- Type: string
The ARN of a finding that the code snippet is associated with.
- startLine
-
- Type: int
The line number of the first line of a code snippet.
- suggestedFixes
-
- Type: Array of SuggestedFix structures
Details of a suggested code fix.
CodeVulnerabilityDetails
Description
Contains information on the code vulnerability identified in your Lambda function.
Members
- cwes
-
- Required: Yes
- Type: Array of strings
The Common Weakness Enumeration (CWE) item associated with the detected vulnerability.
- detectorId
-
- Required: Yes
- Type: string
The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru Detector Library.
- detectorName
-
- Required: Yes
- Type: string
The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library.
- detectorTags
-
- Type: Array of strings
The detector tag associated with the vulnerability. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
- filePath
-
- Required: Yes
- Type: CodeFilePath structure
Contains information on where the code vulnerability is located in your code.
- referenceUrls
-
- Type: Array of strings
A URL containing supporting documentation about the code vulnerability detected.
- ruleId
-
- Type: string
The identifier for a rule that was used to detect the code vulnerability.
- sourceLambdaLayerArn
-
- Type: string
The Amazon Resource Name (ARN) of the Lambda layer that the code vulnerability was detected in.
ComputePlatform
Description
A compute platform.
Members
- product
-
- Type: string
The compute platform product.
- vendor
-
- Type: string
The compute platform vendor.
- version
-
- Type: string
The compute platform version.
ConflictException
Description
A conflict occurred.
Members
- message
-
- Required: Yes
- Type: string
- resourceId
-
- Required: Yes
- Type: string
The ID of the conflicting resource.
- resourceType
-
- Required: Yes
- Type: string
The type of the conflicting resource.
Counts
Description
a structure that contains information on the count of resources within a group.
Members
- count
-
- Type: long (int|float)
The number of resources.
- groupKey
-
- Type: string
The key associated with this group
CoverageDateFilter
Description
Contains details of a coverage date filter.
Members
- endInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the end of the time period to filter results by.
- startInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the start of the time period to filter results by.
CoverageFilterCriteria
Description
A structure that identifies filter criteria for GetCoverageStatistics
.
Members
- accountId
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services account IDs to return coverage statistics for.
- ec2InstanceTags
-
- Type: Array of CoverageMapFilter structures
The Amazon EC2 instance tags to filter on.
- ecrImageTags
-
- Type: Array of CoverageStringFilter structures
The Amazon ECR image tags to filter on.
- ecrRepositoryName
-
- Type: Array of CoverageStringFilter structures
The Amazon ECR repository name to filter on.
- imagePulledAt
-
- Type: Array of CoverageDateFilter structures
The date an image was last pulled at.
- lambdaFunctionName
-
- Type: Array of CoverageStringFilter structures
Returns coverage statistics for Amazon Web Services Lambda functions filtered by function names.
- lambdaFunctionRuntime
-
- Type: Array of CoverageStringFilter structures
Returns coverage statistics for Amazon Web Services Lambda functions filtered by runtime.
- lambdaFunctionTags
-
- Type: Array of CoverageMapFilter structures
Returns coverage statistics for Amazon Web Services Lambda functions filtered by tag.
- lastScannedAt
-
- Type: Array of CoverageDateFilter structures
Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range.
- resourceId
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services resource IDs to return coverage statistics for.
- resourceType
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services resource types to return coverage statistics for. The values can be
AWS_EC2_INSTANCE
,AWS_LAMBDA_FUNCTION
,AWS_ECR_CONTAINER_IMAGE
,AWS_ECR_REPOSITORY
orAWS_ACCOUNT
. - scanMode
-
- Type: Array of CoverageStringFilter structures
The filter to search for Amazon EC2 instance coverage by scan mode. Valid values are
EC2_SSM_AGENT_BASED
andEC2_HYBRID
. - scanStatusCode
-
- Type: Array of CoverageStringFilter structures
The scan status code to filter on. Valid values are:
ValidationException
,InternalServerException
,ResourceNotFoundException
,BadRequestException
, andThrottlingException
. - scanStatusReason
-
- Type: Array of CoverageStringFilter structures
The scan status reason to filter on.
- scanType
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Inspector scan types to return coverage statistics for.
CoverageMapFilter
Description
Contains details of a coverage map filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to compare coverage on.
- key
-
- Required: Yes
- Type: string
The tag key associated with the coverage map filter.
- value
-
- Type: string
The tag value associated with the coverage map filter.
CoverageStringFilter
Description
Contains details of a coverage string filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to compare strings on.
- value
-
- Required: Yes
- Type: string
The value to compare strings on.
CoveredResource
Description
An object that contains details about a resource covered by Amazon Inspector.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the covered resource.
- lastScannedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the resource was last checked for vulnerabilities.
- resourceId
-
- Required: Yes
- Type: string
The ID of the covered resource.
- resourceMetadata
-
- Type: ResourceScanMetadata structure
An object that contains details about the metadata.
- resourceType
-
- Required: Yes
- Type: string
The type of the covered resource.
- scanMode
-
- Type: string
The scan method that is applied to the instance.
- scanStatus
-
- Type: ScanStatus structure
The status of the scan covering the resource.
- scanType
-
- Required: Yes
- Type: string
The Amazon Inspector scan type covering the resource.
CreateCisTargets
Description
Creates CIS targets.
Members
- accountIds
-
- Required: Yes
- Type: Array of strings
The CIS target account ids.
- targetResourceTags
-
- Required: Yes
- Type: Associative array of custom strings keys (TargetResourceTagsKey) to stringss
The CIS target resource tags.
Cvss2
Description
The Common Vulnerability Scoring System (CVSS) version 2 details for the vulnerability.
Members
- baseScore
-
- Type: double
The CVSS v2 base score for the vulnerability.
- scoringVector
-
- Type: string
The scoring vector associated with the CVSS v2 score.
Cvss3
Description
The Common Vulnerability Scoring System (CVSS) version 3 details for the vulnerability.
Members
- baseScore
-
- Type: double
The CVSS v3 base score for the vulnerability.
- scoringVector
-
- Type: string
The scoring vector associated with the CVSS v3 score.
CvssScore
Description
The CVSS score for a finding.
Members
- baseScore
-
- Required: Yes
- Type: double
The base CVSS score used for the finding.
- scoringVector
-
- Required: Yes
- Type: string
The vector string of the CVSS score.
- source
-
- Required: Yes
- Type: string
The source of the CVSS score.
- version
-
- Required: Yes
- Type: string
The version of CVSS used for the score.
CvssScoreAdjustment
Description
Details on adjustments Amazon Inspector made to the CVSS score for a finding.
Members
- metric
-
- Required: Yes
- Type: string
The metric used to adjust the CVSS score.
- reason
-
- Required: Yes
- Type: string
The reason the CVSS score has been adjustment.
CvssScoreDetails
Description
Information about the CVSS score.
Members
- adjustments
-
- Type: Array of CvssScoreAdjustment structures
An object that contains details about adjustment Amazon Inspector made to the CVSS score.
- cvssSource
-
- Type: string
The source of the CVSS data.
- score
-
- Required: Yes
- Type: double
The CVSS score.
- scoreSource
-
- Required: Yes
- Type: string
The source for the CVSS score.
- scoringVector
-
- Required: Yes
- Type: string
The vector for the CVSS score.
- version
-
- Required: Yes
- Type: string
The CVSS version used in scoring.
DailySchedule
Description
A daily schedule.
Members
- startTime
-
- Required: Yes
- Type: Time structure
The schedule start time.
DateFilter
Description
Contains details on the time range used to filter findings.
Members
- endInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the end of the time period filtered on.
- startInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the start of the time period filtered on.
DelegatedAdmin
Description
Details of the Amazon Inspector delegated administrator for your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization.
- relationshipStatus
-
- Type: string
The status of the Amazon Inspector delegated administrator.
DelegatedAdminAccount
Description
Details of the Amazon Inspector delegated administrator for your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization.
- status
-
- Type: string
The status of the Amazon Inspector delegated administrator.
Destination
Description
Contains details of the Amazon S3 bucket and KMS key used to export findings.
Members
- bucketName
-
- Required: Yes
- Type: string
The name of the Amazon S3 bucket to export findings to.
- keyPrefix
-
- Type: string
The prefix that the findings will be written under.
- kmsKeyArn
-
- Required: Yes
- Type: string
The ARN of the KMS key used to encrypt data when exporting findings.
Ec2Configuration
Description
Enables agent-based scanning, which scans instances that are not managed by SSM.
Members
- scanMode
-
- Required: Yes
- Type: string
The scan method that is applied to the instance.
Ec2ConfigurationState
Description
Details about the state of the EC2 scan configuration for your environment.
Members
- scanModeState
-
- Type: Ec2ScanModeState structure
An object that contains details about the state of the Amazon EC2 scan mode.
Ec2InstanceAggregation
Description
The details that define an aggregation based on Amazon EC2 instances.
Members
- amis
-
- Type: Array of StringFilter structures
The AMI IDs associated with the Amazon EC2 instances to aggregate findings for.
- instanceIds
-
- Type: Array of StringFilter structures
The Amazon EC2 instance IDs to aggregate findings for.
- instanceTags
-
- Type: Array of MapFilter structures
The Amazon EC2 instance tags to aggregate findings for.
- operatingSystems
-
- Type: Array of StringFilter structures
The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are
ORACLE_LINUX_7
andALPINE_LINUX_3_8
. - sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
Ec2InstanceAggregationResponse
Description
A response that contains the results of a finding aggregation by Amazon EC2 instance.
Members
- accountId
-
- Type: string
The Amazon Web Services account for the Amazon EC2 instance.
- ami
-
- Type: string
The Amazon Machine Image (AMI) of the Amazon EC2 instance.
- instanceId
-
- Required: Yes
- Type: string
The Amazon EC2 instance ID.
- instanceTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the instance.
- networkFindings
-
- Type: long (int|float)
The number of network findings for the Amazon EC2 instance.
- operatingSystem
-
- Type: string
The operating system of the Amazon EC2 instance.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
Ec2Metadata
Description
Meta data details of an Amazon EC2 instance.
Members
- amiId
-
- Type: string
The ID of the Amazon Machine Image (AMI) used to launch the instance.
- platform
-
- Type: string
The platform of the instance.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the instance.
Ec2ScanModeState
Description
The state of your Amazon EC2 scan mode configuration.
Members
- scanMode
-
- Type: string
The scan method that is applied to the instance.
- scanModeStatus
-
- Type: string
The status of the Amazon EC2 scan mode setting.
EcrConfiguration
Description
Details about the ECR automated re-scan duration setting for your environment.
Members
- pullDateRescanDuration
-
- Type: string
The rescan duration configured for image pull date.
- rescanDuration
-
- Required: Yes
- Type: string
The rescan duration configured for image push date.
EcrConfigurationState
Description
Details about the state of the ECR scans for your environment.
Members
- rescanDurationState
-
- Type: EcrRescanDurationState structure
An object that contains details about the state of the ECR re-scan settings.
EcrContainerImageMetadata
Description
Information on the Amazon ECR image metadata associated with a finding.
Members
- imagePulledAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date an image was last pulled at.
- tags
-
- Type: Array of strings
Tags associated with the Amazon ECR image metadata.
EcrRepositoryMetadata
Description
Information on the Amazon ECR repository metadata associated with a finding.
Members
- name
-
- Type: string
The name of the Amazon ECR repository.
- scanFrequency
-
- Type: string
The frequency of scans.
EcrRescanDurationState
Description
Details about the state of your ECR re-scan duration settings. The ECR re-scan duration defines how long an ECR image will be actively scanned by Amazon Inspector. When the number of days since an image was last pushed exceeds the duration configured for image pull date, and the duration configured for image pull date, the monitoring state of that image becomes inactive
and all associated findings are scheduled for closure.
Members
- pullDateRescanDuration
-
- Type: string
The rescan duration configured for image pull date.
- rescanDuration
-
- Type: string
The rescan duration configured for image push date.
</p>
- status
-
- Type: string
The status of changes to the ECR automated re-scan duration.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing when the last time the ECR scan duration setting was changed.
Epss
Description
Details about the Exploit Prediction Scoring System (EPSS) score.
Members
- score
-
- Type: double
The Exploit Prediction Scoring System (EPSS) score.
EpssDetails
Description
Details about the Exploit Prediction Scoring System (EPSS) score for a finding.
Members
- score
-
- Type: double
The EPSS score.
Evidence
Description
Details of the evidence for a vulnerability identified in a finding.
Members
- evidenceDetail
-
- Type: string
The evidence details.
- evidenceRule
-
- Type: string
The evidence rule.
- severity
-
- Type: string
The evidence severity.
ExploitObserved
Description
Contains information on when this exploit was observed.
Members
- firstSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date an time when the exploit was first seen.
- lastSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date an time when the exploit was last seen.
ExploitabilityDetails
Description
The details of an exploit available for a finding discovered in your environment.
Members
- lastKnownExploitAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time of the last exploit associated with a finding discovered in your environment.
FailedAccount
Description
An object with details on why an account failed to enable Amazon Inspector.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID.
- errorCode
-
- Required: Yes
- Type: string
The error code explaining why the account failed to enable Amazon Inspector.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when the account failed to enable Amazon Inspector.
- resourceStatus
-
- Type: ResourceStatus structure
An object detailing which resources Amazon Inspector is enabled to scan for the account.
- status
-
- Type: string
The status of Amazon Inspector for the account.
FailedMemberAccountEc2DeepInspectionStatusState
Description
An object that contains details about a member account in your organization that failed to activate Amazon Inspector deep inspection.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member that failed to activate Amazon Inspector deep inspection.
- ec2ScanStatus
-
- Type: string
The status of EC2 scanning in the account that failed to activate Amazon Inspector deep inspection.
- errorMessage
-
- Type: string
The error message explaining why the account failed to activate Amazon Inspector deep inspection.
Filter
Description
Details about a filter.
Members
- action
-
- Required: Yes
- Type: string
The action that is to be applied to the findings that match the filter.
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) associated with this filter.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this filter was created at.
- criteria
-
- Required: Yes
- Type: FilterCriteria structure
Details on the filter criteria associated with this filter.
- description
-
- Type: string
A description of the filter.
- name
-
- Required: Yes
- Type: string
The name of the filter.
- ownerId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the account that created the filter.
- reason
-
- Type: string
The reason for the filter.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the filter.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the filter was last updated at.
FilterCriteria
Description
Details on the criteria used to define the filter.
Members
- awsAccountId
-
- Type: Array of StringFilter structures
Details of the Amazon Web Services account IDs used to filter findings.
- codeVulnerabilityDetectorName
-
- Type: Array of StringFilter structures
The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.
- codeVulnerabilityDetectorTags
-
- Type: Array of StringFilter structures
The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
- codeVulnerabilityFilePath
-
- Type: Array of StringFilter structures
The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.
- componentId
-
- Type: Array of StringFilter structures
Details of the component IDs used to filter findings.
- componentType
-
- Type: Array of StringFilter structures
Details of the component types used to filter findings.
- ec2InstanceImageId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance image IDs used to filter findings.
- ec2InstanceSubnetId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance subnet IDs used to filter findings.
- ec2InstanceVpcId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance VPC IDs used to filter findings.
- ecrImageArchitecture
-
- Type: Array of StringFilter structures
Details of the Amazon ECR image architecture types used to filter findings.
- ecrImageHash
-
- Type: Array of StringFilter structures
Details of the Amazon ECR image hashes used to filter findings.
- ecrImagePushedAt
-
- Type: Array of DateFilter structures
Details on the Amazon ECR image push date and time used to filter findings.
- ecrImageRegistry
-
- Type: Array of StringFilter structures
Details on the Amazon ECR registry used to filter findings.
- ecrImageRepositoryName
-
- Type: Array of StringFilter structures
Details on the name of the Amazon ECR repository used to filter findings.
- ecrImageTags
-
- Type: Array of StringFilter structures
The tags attached to the Amazon ECR container image.
- epssScore
-
- Type: Array of NumberFilter structures
The EPSS score used to filter findings.
- exploitAvailable
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda findings by the availability of exploits.
- findingArn
-
- Type: Array of StringFilter structures
Details on the finding ARNs used to filter findings.
- findingStatus
-
- Type: Array of StringFilter structures
Details on the finding status types used to filter findings.
- findingType
-
- Type: Array of StringFilter structures
Details on the finding types used to filter findings.
- firstObservedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was first seen used to filter findings.
- fixAvailable
-
- Type: Array of StringFilter structures
Details on whether a fix is available through a version update. This value can be
YES
,NO
, orPARTIAL
. APARTIAL
fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. - inspectorScore
-
- Type: Array of NumberFilter structures
The Amazon Inspector score to filter on.
- lambdaFunctionExecutionRoleArn
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda functions by execution role.
- lambdaFunctionLastModifiedAt
-
- Type: Array of DateFilter structures
Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format
- lambdaFunctionLayers
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers.
- lambdaFunctionName
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda functions by the name of the function.
- lambdaFunctionRuntime
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function.
- lastObservedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was last seen used to filter findings.
- networkProtocol
-
- Type: Array of StringFilter structures
Details on network protocol used to filter findings.
- portRange
-
- Type: Array of PortRangeFilter structures
Details on the port ranges used to filter findings.
- relatedVulnerabilities
-
- Type: Array of StringFilter structures
Details on the related vulnerabilities used to filter findings.
- resourceId
-
- Type: Array of StringFilter structures
Details on the resource IDs used to filter findings.
- resourceTags
-
- Type: Array of MapFilter structures
Details on the resource tags used to filter findings.
- resourceType
-
- Type: Array of StringFilter structures
Details on the resource types used to filter findings.
- severity
-
- Type: Array of StringFilter structures
Details on the severity used to filter findings.
- title
-
- Type: Array of StringFilter structures
Details on the finding title used to filter findings.
- updatedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was last updated at used to filter findings.
- vendorSeverity
-
- Type: Array of StringFilter structures
Details on the vendor severity used to filter findings.
- vulnerabilityId
-
- Type: Array of StringFilter structures
Details on the vulnerability ID used to filter findings.
- vulnerabilitySource
-
- Type: Array of StringFilter structures
Details on the vulnerability type used to filter findings.
- vulnerablePackages
-
- Type: Array of PackageFilter structures
Details on the vulnerable packages used to filter findings.
Finding
Description
Details about an Amazon Inspector finding.
Members
- awsAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the finding.
- codeVulnerabilityDetails
-
- Type: CodeVulnerabilityDetails structure
Details about the code vulnerability identified in a Lambda function used to filter findings.
- description
-
- Required: Yes
- Type: string
The description of the finding.
- epss
-
- Type: EpssDetails structure
The finding's EPSS score.
- exploitAvailable
-
- Type: string
If a finding discovered in your environment has an exploit available.
- exploitabilityDetails
-
- Type: ExploitabilityDetails structure
The details of an exploit available for a finding discovered in your environment.
- findingArn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the finding.
- firstObservedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the finding was first observed.
- fixAvailable
-
- Type: string
Details on whether a fix is available through a version update. This value can be
YES
,NO
, orPARTIAL
. APARTIAL
fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. - inspectorScore
-
- Type: double
The Amazon Inspector score given to the finding.
- inspectorScoreDetails
-
- Type: InspectorScoreDetails structure
An object that contains details of the Amazon Inspector score.
- lastObservedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was last observed. This timestamp for this field remains unchanged until a finding is updated.
- networkReachabilityDetails
-
- Type: NetworkReachabilityDetails structure
An object that contains the details of a network reachability finding.
- packageVulnerabilityDetails
-
- Type: PackageVulnerabilityDetails structure
An object that contains the details of a package vulnerability finding.
- remediation
-
- Required: Yes
- Type: Remediation structure
An object that contains the details about how to remediate a finding.
- resources
-
- Required: Yes
- Type: Array of Resource structures
Contains information on the resources involved in a finding. The
resource
value determines the valid values fortype
in your request. For more information, see Finding types in the Amazon Inspector user guide. - severity
-
- Required: Yes
- Type: string
The severity of the finding.
UNTRIAGED
applies toPACKAGE_VULNERABILITY
type findings that the vendor has not assigned a severity yet. For more information, see Severity levels for findings in the Amazon Inspector user guide. - status
-
- Required: Yes
- Type: string
The status of the finding.
- title
-
- Type: string
The title of the finding.
- type
-
- Required: Yes
- Type: string
The type of the finding. The
type
value determines the valid values forresource
in your request. For more information, see Finding types in the Amazon Inspector user guide. - updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was last updated at.
FindingDetail
Description
Details of the vulnerability identified in a finding.
Members
- cisaData
-
- Type: CisaData structure
The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.
- cwes
-
- Type: Array of strings
The Common Weakness Enumerations (CWEs) associated with the vulnerability.
- epssScore
-
- Type: double
The Exploit Prediction Scoring System (EPSS) score of the vulnerability.
- evidences
-
- Type: Array of Evidence structures
Information on the evidence of the vulnerability.
- exploitObserved
-
- Type: ExploitObserved structure
Contains information on when this exploit was observed.
- findingArn
-
- Type: string
The finding ARN that the vulnerability details are associated with.
- referenceUrls
-
- Type: Array of strings
The reference URLs for the vulnerability data.
- riskScore
-
- Type: int
The risk score of the vulnerability.
- tools
-
- Type: Array of strings
The known malware tools or kits that can exploit the vulnerability.
- ttps
-
- Type: Array of strings
The MITRE adversary tactics, techniques, or procedures (TTPs) associated with the vulnerability.
FindingDetailsError
Description
Details about an error encountered when trying to return vulnerability data for a finding.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code.
- errorMessage
-
- Required: Yes
- Type: string
The error message.
- findingArn
-
- Required: Yes
- Type: string
The finding ARN that returned an error.
FindingTypeAggregation
Description
The details that define an aggregation based on finding type.
Members
- findingType
-
- Type: string
The finding type to aggregate.
- resourceType
-
- Type: string
The resource type to aggregate.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
FindingTypeAggregationResponse
Description
A response that contains the results of a finding type aggregation.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- exploitAvailableCount
-
- Type: long (int|float)
The number of findings that have an exploit available.
- fixAvailableCount
-
- Type: long (int|float)
Details about the number of fixes.
- severityCounts
-
- Type: SeverityCounts structure
The value to sort results by.
FreeTrialAccountInfo
Description
Information about the Amazon Inspector free trial for an account.
Members
- accountId
-
- Required: Yes
- Type: string
The account associated with the Amazon Inspector free trial information.
- freeTrialInfo
-
- Required: Yes
- Type: Array of FreeTrialInfo structures
Contains information about the Amazon Inspector free trial for an account.
FreeTrialInfo
Description
An object that contains information about the Amazon Inspector free trial for an account.
Members
- end
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the Amazon Inspector free trail ends for a given account.
- start
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the Amazon Inspector free trail started for a given account.
- status
-
- Required: Yes
- Type: string
The order to sort results by.
- type
-
- Required: Yes
- Type: string
The type of scan covered by the Amazon Inspector free trail.
FreeTrialInfoError
Description
Information about an error received while accessing free trail data for an account.
Members
- accountId
-
- Required: Yes
- Type: string
The account associated with the Amazon Inspector free trial information.
- code
-
- Required: Yes
- Type: string
The error code.
- message
-
- Required: Yes
- Type: string
The error message returned.
ImageLayerAggregation
Description
The details that define an aggregation based on container image layers.
Members
- layerHashes
-
- Type: Array of StringFilter structures
The hashes associated with the layers.
- repositories
-
- Type: Array of StringFilter structures
The repository associated with the container image hosting the layers.
- resourceIds
-
- Type: Array of StringFilter structures
The ID of the container image layer.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
ImageLayerAggregationResponse
Description
A response that contains the results of a finding aggregation by image layer.
Members
- accountId
-
- Required: Yes
- Type: string
The ID of the Amazon Web Services account that owns the container image hosting the layer image.
- layerHash
-
- Required: Yes
- Type: string
The layer hash.
- repository
-
- Required: Yes
- Type: string
The repository the layer resides in.
- resourceId
-
- Required: Yes
- Type: string
The resource ID of the container image layer.
- severityCounts
-
- Type: SeverityCounts structure
An object that represents the count of matched findings per severity.
InspectorScoreDetails
Description
Information about the Amazon Inspector score given to a finding.
Members
- adjustedCvss
-
- Type: CvssScoreDetails structure
An object that contains details about the CVSS score given to a finding.
InternalServerException
Description
The request has failed due to an internal failure of the Amazon Inspector service.
Members
- message
-
- Required: Yes
- Type: string
- retryAfterSeconds
-
- Type: int
The number of seconds to wait before retrying the request.
LambdaFunctionAggregation
Description
The details that define a findings aggregation based on Amazon Web Services Lambda functions.
Members
- functionNames
-
- Type: Array of StringFilter structures
The Amazon Web Services Lambda function names to include in the aggregation results.
- functionTags
-
- Type: Array of MapFilter structures
The tags to include in the aggregation results.
- resourceIds
-
- Type: Array of StringFilter structures
The resource IDs to include in the aggregation results.
- runtimes
-
- Type: Array of StringFilter structures
Returns findings aggregated by Amazon Web Services Lambda function runtime environments.
- sortBy
-
- Type: string
The finding severity to use for sorting the results.
- sortOrder
-
- Type: string
The order to use for sorting the results.
LambdaFunctionAggregationResponse
Description
A response that contains the results of an Amazon Web Services Lambda function finding aggregation.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account that owns the Amazon Web Services Lambda function.
- functionName
-
- Type: string
The Amazon Web Services Lambda function names included in the aggregation results.
- lambdaTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags included in the aggregation results.
- lastModifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date that the Amazon Web Services Lambda function included in the aggregation results was last changed.
- resourceId
-
- Required: Yes
- Type: string
The resource IDs included in the aggregation results.
- runtime
-
- Type: string
The runtimes included in the aggregation results.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the counts of aggregated finding per severity.
LambdaFunctionMetadata
Description
The Amazon Web Services Lambda function metadata.
Members
- functionName
-
- Type: string
The name of a function.
- functionTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The resource tags on an Amazon Web Services Lambda function.
- layers
-
- Type: Array of strings
The layers for an Amazon Web Services Lambda function. A Lambda function can have up to five layers.
- runtime
-
- Type: string
An Amazon Web Services Lambda function's runtime.
LambdaLayerAggregation
Description
The details that define a findings aggregation based on an Amazon Web Services Lambda function's layers.
Members
- functionNames
-
- Type: Array of StringFilter structures
The names of the Amazon Web Services Lambda functions associated with the layers.
- layerArns
-
- Type: Array of StringFilter structures
The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer.
- resourceIds
-
- Type: Array of StringFilter structures
The resource IDs for the Amazon Web Services Lambda function layers.
- sortBy
-
- Type: string
The finding severity to use for sorting the results.
- sortOrder
-
- Type: string
The order to use for sorting the results.
LambdaLayerAggregationResponse
Description
A response that contains the results of an Amazon Web Services Lambda function layer finding aggregation.
Members
- accountId
-
- Required: Yes
- Type: string
The account ID of the Amazon Web Services Lambda function layer.
- functionName
-
- Required: Yes
- Type: string
The names of the Amazon Web Services Lambda functions associated with the layers.
- layerArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer.
- resourceId
-
- Required: Yes
- Type: string
The Resource ID of the Amazon Web Services Lambda function layer.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the counts of aggregated finding per severity.
LambdaVpcConfig
Description
The VPC security groups and subnets that are attached to an Amazon Web Services Lambda function. For more information, see VPC Settings.
Members
- securityGroupIds
-
- Type: Array of strings
The VPC security groups and subnets that are attached to an Amazon Web Services Lambda function. For more information, see VPC Settings.
- subnetIds
-
- Type: Array of strings
A list of VPC subnet IDs.
- vpcId
-
- Type: string
The ID of the VPC.
ListCisScanConfigurationsFilterCriteria
Description
A list of CIS scan configurations filter criteria.
Members
- scanConfigurationArnFilters
-
- Type: Array of CisStringFilter structures
The list of scan configuration ARN filters.
- scanNameFilters
-
- Type: Array of CisStringFilter structures
The list of scan name filters.
- targetResourceTagFilters
-
- Type: Array of TagFilter structures
The list of target resource tag filters.
ListCisScansFilterCriteria
Description
A list of CIS scans filter criteria.
Members
- failedChecksFilters
-
- Type: Array of CisNumberFilter structures
The list of failed checks filters.
- scanArnFilters
-
- Type: Array of CisStringFilter structures
The list of scan ARN filters.
- scanAtFilters
-
- Type: Array of CisDateFilter structures
The list of scan at filters.
- scanConfigurationArnFilters
-
- Type: Array of CisStringFilter structures
The list of scan configuration ARN filters.
- scanNameFilters
-
- Type: Array of CisStringFilter structures
The list of scan name filters.
- scanStatusFilters
-
- Type: Array of CisScanStatusFilter structures
The list of scan status filters.
- scheduledByFilters
-
- Type: Array of CisStringFilter structures
The list of scheduled by filters.
- targetAccountIdFilters
-
- Type: Array of CisStringFilter structures
The list of target account ID filters.
- targetResourceIdFilters
-
- Type: Array of CisStringFilter structures
The list of target resource ID filters.
- targetResourceTagFilters
-
- Type: Array of TagFilter structures
The list of target resource tag filters.
MapFilter
Description
An object that describes details of a map filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to use when comparing values in the filter.
- key
-
- Required: Yes
- Type: string
The tag key used in the filter.
- value
-
- Type: string
The tag value used in the filter.
Member
Description
Details on a member account in your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the member account.
- delegatedAdminAccountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account.
- relationshipStatus
-
- Type: string
The status of the member account.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp showing when the status of this member was last updated.
MemberAccountEc2DeepInspectionStatus
Description
An object that contains details about the status of Amazon Inspector deep inspection for a member account in your organization.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member.
- activateDeepInspection
-
- Required: Yes
- Type: boolean
Whether Amazon Inspector deep inspection is active in the account. If
TRUE
Amazon Inspector deep inspection is active, ifFALSE
it is not active.
MemberAccountEc2DeepInspectionStatusState
Description
An object that contains details about the state of Amazon Inspector deep inspection for a member account.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member
- errorMessage
-
- Type: string
The error message explaining why the account failed to activate Amazon Inspector deep inspection.
- status
-
- Type: string
The state of Amazon Inspector deep inspection in the member account.
MonthlySchedule
Description
A monthly schedule.
Members
- day
-
- Required: Yes
- Type: string
The monthly schedule's day.
- startTime
-
- Required: Yes
- Type: Time structure
The monthly schedule's start time.
NetworkPath
Description
Information on the network path associated with a finding.
Members
- steps
-
- Type: Array of Step structures
The details on the steps in the network path.
NetworkReachabilityDetails
Description
Contains the details of a network reachability finding.
Members
- networkPath
-
- Required: Yes
- Type: NetworkPath structure
An object that contains details about a network path associated with a finding.
- openPortRange
-
- Required: Yes
- Type: PortRange structure
An object that contains details about the open port range associated with a finding.
- protocol
-
- Required: Yes
- Type: string
The protocol associated with a finding.
NumberFilter
Description
An object that describes the details of a number filter.
Members
- lowerInclusive
-
- Type: double
The lowest number to be included in the filter.
- upperInclusive
-
- Type: double
The highest number to be included in the filter.
OneTimeSchedule
Description
A one time schedule.
Members
PackageAggregation
Description
The details that define an aggregation based on operating system package type.
Members
- packageNames
-
- Type: Array of StringFilter structures
The names of packages to aggregate findings on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
PackageAggregationResponse
Description
A response that contains the results of a finding aggregation by image layer.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- packageName
-
- Required: Yes
- Type: string
The name of the operating system package.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
PackageFilter
Description
Contains information on the details of a package filter.
Members
- architecture
-
- Type: StringFilter structure
An object that contains details on the package architecture type to filter on.
- epoch
-
- Type: NumberFilter structure
An object that contains details on the package epoch to filter on.
- name
-
- Type: StringFilter structure
An object that contains details on the name of the package to filter on.
- release
-
- Type: StringFilter structure
An object that contains details on the package release to filter on.
- sourceLambdaLayerArn
-
- Type: StringFilter structure
An object that describes the details of a string filter.
- sourceLayerHash
-
- Type: StringFilter structure
An object that contains details on the source layer hash to filter on.
- version
-
- Type: StringFilter structure
The package version to filter on.
PackageVulnerabilityDetails
Description
Information about a package vulnerability finding.
Members
- cvss
-
- Type: Array of CvssScore structures
An object that contains details about the CVSS score of a finding.
- referenceUrls
-
- Type: Array of strings
One or more URLs that contain details about this vulnerability type.
- relatedVulnerabilities
-
- Type: Array of strings
One or more vulnerabilities related to the one identified in this finding.
- source
-
- Required: Yes
- Type: string
The source of the vulnerability information.
- sourceUrl
-
- Type: string
A URL to the source of the vulnerability information.
- vendorCreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that this vulnerability was first added to the vendor's database.
- vendorSeverity
-
- Type: string
The severity the vendor has given to this vulnerability type.
- vendorUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the vendor last updated this vulnerability in their database.
- vulnerabilityId
-
- Required: Yes
- Type: string
The ID given to this vulnerability.
- vulnerablePackages
-
- Type: Array of VulnerablePackage structures
The packages impacted by this vulnerability.
Permission
Description
Contains information on the permissions an account has within Amazon Inspector.
Members
- operation
-
- Required: Yes
- Type: string
The operations that can be performed with the given permissions.
- service
-
- Required: Yes
- Type: string
The services that the permissions allow an account to perform the given operations for.
PortRange
Description
Details about the port range associated with a finding.
Members
- begin
-
- Required: Yes
- Type: int
The beginning port in a port range.
- end
-
- Required: Yes
- Type: int
The ending port in a port range.
PortRangeFilter
Description
An object that describes the details of a port range filter.
Members
- beginInclusive
-
- Type: int
The port number the port range begins at.
- endInclusive
-
- Type: int
The port number the port range ends at.
Recommendation
Description
Details about the recommended course of action to remediate the finding.
Members
- Url
-
- Type: string
The URL address to the CVE remediation recommendations.
- text
-
- Type: string
The recommended course of action to remediate the finding.
Remediation
Description
Information on how to remediate a finding.
Members
- recommendation
-
- Type: Recommendation structure
An object that contains information about the recommended course of action to remediate the finding.
RepositoryAggregation
Description
The details that define an aggregation based on repository.
Members
- repositories
-
- Type: Array of StringFilter structures
The names of repositories to aggregate findings on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
RepositoryAggregationResponse
Description
A response that contains details on the results of a finding aggregation by repository.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- affectedImages
-
- Type: long (int|float)
The number of container images impacted by the findings.
- repository
-
- Required: Yes
- Type: string
The name of the repository associated with the findings.
- severityCounts
-
- Type: SeverityCounts structure
An object that represent the count of matched findings per severity.
Resource
Description
Details about the resource involved in a finding.
Members
- details
-
- Type: ResourceDetails structure
An object that contains details about the resource involved in a finding.
- id
-
- Required: Yes
- Type: string
The ID of the resource.
- partition
-
- Type: string
The partition of the resource.
- region
-
- Type: string
The Amazon Web Services Region the impacted resource is located in.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the resource.
- type
-
- Required: Yes
- Type: string
The type of resource.
ResourceDetails
Description
Contains details about the resource involved in the finding.
Members
- awsEc2Instance
-
- Type: AwsEc2InstanceDetails structure
An object that contains details about the Amazon EC2 instance involved in the finding.
- awsEcrContainerImage
-
- Type: AwsEcrContainerImageDetails structure
An object that contains details about the Amazon ECR container image involved in the finding.
- awsLambdaFunction
-
- Type: AwsLambdaFunctionDetails structure
A summary of the information about an Amazon Web Services Lambda function affected by a finding.
ResourceFilterCriteria
Description
The resource filter criteria for a Software bill of materials (SBOM) report.
Members
- accountId
-
- Type: Array of ResourceStringFilter structures
The account IDs used as resource filter criteria.
- ec2InstanceTags
-
- Type: Array of ResourceMapFilter structures
The EC2 instance tags used as resource filter criteria.
- ecrImageTags
-
- Type: Array of ResourceStringFilter structures
The ECR image tags used as resource filter criteria.
- ecrRepositoryName
-
- Type: Array of ResourceStringFilter structures
The ECR repository names used as resource filter criteria.
- lambdaFunctionName
-
- Type: Array of ResourceStringFilter structures
The Amazon Web Services Lambda function name used as resource filter criteria.
- lambdaFunctionTags
-
- Type: Array of ResourceMapFilter structures
The Amazon Web Services Lambda function tags used as resource filter criteria.
- resourceId
-
- Type: Array of ResourceStringFilter structures
The resource IDs used as resource filter criteria.
- resourceType
-
- Type: Array of ResourceStringFilter structures
The resource types used as resource filter criteria.
ResourceMapFilter
Description
A resource map filter for a software bill of material report.
Members
- comparison
-
- Required: Yes
- Type: string
The filter's comparison.
- key
-
- Required: Yes
- Type: string
The filter's key.
- value
-
- Type: string
The filter's value.
ResourceNotFoundException
Description
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
Members
- message
-
- Required: Yes
- Type: string
ResourceScanMetadata
Description
An object that contains details about the metadata for an Amazon ECR resource.
Members
- ec2
-
- Type: Ec2Metadata structure
An object that contains metadata details for an Amazon EC2 instance.
- ecrImage
-
- Type: EcrContainerImageMetadata structure
An object that contains details about the container metadata for an Amazon ECR image.
- ecrRepository
-
- Type: EcrRepositoryMetadata structure
An object that contains details about the repository an Amazon ECR image resides in.
- lambdaFunction
-
- Type: LambdaFunctionMetadata structure
An object that contains metadata details for an Amazon Web Services Lambda function.
ResourceState
Description
Details the state of Amazon Inspector for each resource type Amazon Inspector scans.
Members
- ec2
-
- Required: Yes
- Type: State structure
An object detailing the state of Amazon Inspector scanning for Amazon EC2 resources.
- ecr
-
- Required: Yes
- Type: State structure
An object detailing the state of Amazon Inspector scanning for Amazon ECR resources.
- lambda
-
- Type: State structure
An object that described the state of Amazon Inspector scans for an account.
- lambdaCode
-
- Type: State structure
An object that described the state of Amazon Inspector scans for an account.
ResourceStatus
Description
Details the status of Amazon Inspector for each resource type Amazon Inspector scans.
Members
- ec2
-
- Required: Yes
- Type: string
The status of Amazon Inspector scanning for Amazon EC2 resources.
- ecr
-
- Required: Yes
- Type: string
The status of Amazon Inspector scanning for Amazon ECR resources.
- lambda
-
- Type: string
The status of Amazon Inspector scanning for Amazon Web Services Lambda function.
- lambdaCode
-
- Type: string
The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions.
ResourceStringFilter
Description
A resource string filter for a software bill of materials report.
Members
- comparison
-
- Required: Yes
- Type: string
The filter's comparison.
- value
-
- Required: Yes
- Type: string
The filter's value.
ScanStatus
Description
The status of the scan.
Members
- reason
-
- Required: Yes
- Type: string
The scan status. Possible return values and descriptions are:
PENDING_INITIAL_SCAN
- This resource has been identified for scanning, results will be available soon.ACCESS_DENIED
- Resource access policy restricting Amazon Inspector access. Please update the IAM policy.INTERNAL_ERROR
- Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user.UNMANAGED_EC2_INSTANCE
- The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance.UNSUPPORTED_OS
- Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.SCAN_ELIGIBILITY_EXPIRED
- The configured scan duration has lapsed for this image.RESOURCE_TERMINATED
- This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up.SUCCESSFUL
- The scan was successful.NO_RESOURCES_FOUND
- Reserved for future use.IMAGE_SIZE_EXCEEDED
- Reserved for future use.SCAN_FREQUENCY_MANUAL
- This image will not be covered by Amazon Inspector due to the repository scan frequency configuration.SCAN_FREQUENCY_SCAN_ON_PUSH
- This image will be scanned one time and will not new findings because of the scan frequency configuration.EC2_INSTANCE_STOPPED
- This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it’s in a stopped state.PENDING_DISABLE
- This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status.NO INVENTORY
- Amazon Inspector couldn’t find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status ofInspectorInventoryCollection-do-not-delete
association in the SSM console for the resource. Additionally, you can verify the instance’s inventory in the SSM Fleet Manager console.STALE_INVENTORY
- Amazon Inspector wasn’t able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console.EXCLUDED_BY_TAG
- This resource was not scanned because it has been excluded by a tag.UNSUPPORTED_RUNTIME
- The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.UNSUPPORTED_MEDIA_TYPE
- The ECR image has an unsupported media type.UNSUPPORTED_CONFIG_FILE
- Reserved for future use.DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED
- The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account.DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED
- The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance.DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED
- Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes.DEEP_INSPECTION_NO_INVENTORY
The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance. - statusCode
-
- Required: Yes
- Type: string
The status code of the scan.
Schedule
Description
A schedule.
Members
- daily
-
- Type: DailySchedule structure
The schedule's daily.
- monthly
-
- Type: MonthlySchedule structure
The schedule's monthly.
- oneTime
-
- Type: OneTimeSchedule structure
The schedule's one time.
- weekly
-
- Type: WeeklySchedule structure
The schedule's weekly.
SearchVulnerabilitiesFilterCriteria
Description
Details on the criteria used to define the filter for a vulnerability search.
Members
- vulnerabilityIds
-
- Required: Yes
- Type: Array of strings
The IDs for specific vulnerabilities.
ServiceQuotaExceededException
Description
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
Members
- message
-
- Required: Yes
- Type: string
- resourceId
-
- Required: Yes
- Type: string
The ID of the resource that exceeds a service quota.
SeverityCounts
Description
An object that contains the counts of aggregated finding per severity.
Members
- all
-
- Type: long (int|float)
The total count of findings from all severities.
- critical
-
- Type: long (int|float)
The total count of critical severity findings.
- high
-
- Type: long (int|float)
The total count of high severity findings.
- medium
-
- Type: long (int|float)
The total count of medium severity findings.
SortCriteria
Description
Details about the criteria used to sort finding results.
Members
- field
-
- Required: Yes
- Type: string
The finding detail field by which results are sorted.
- sortOrder
-
- Required: Yes
- Type: string
The order by which findings are sorted.
StartCisSessionMessage
Description
The start CIS session message.
Members
- sessionToken
-
- Required: Yes
- Type: string
The unique token that identifies the CIS session.
State
Description
An object that described the state of Amazon Inspector scans for an account.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code explaining why the account failed to enable Amazon Inspector.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when the account failed to enable Amazon Inspector.
- status
-
- Required: Yes
- Type: string
The status of Amazon Inspector for the account.
StatusCounts
Description
The status counts.
Members
- failed
-
- Type: int
The number of checks that failed.
- passed
-
- Type: int
The number of checks that passed.
- skipped
-
- Type: int
The number of checks that were skipped.
Step
Description
Details about the step associated with a finding.
Members
- componentId
-
- Required: Yes
- Type: string
The component ID.
- componentType
-
- Required: Yes
- Type: string
The component type.
StopCisMessageProgress
Description
The stop CIS message progress.
Members
- errorChecks
-
- Type: int
The progress' error checks.
- failedChecks
-
- Type: int
The progress' failed checks.
- informationalChecks
-
- Type: int
The progress' informational checks.
- notApplicableChecks
-
- Type: int
The progress' not applicable checks.
- notEvaluatedChecks
-
- Type: int
The progress' not evaluated checks.
- successfulChecks
-
- Type: int
The progress' successful checks.
- totalChecks
-
- Type: int
The progress' total checks.
- unknownChecks
-
- Type: int
The progress' unknown checks.
StopCisSessionMessage
Description
The stop CIS session message.
Members
- benchmarkProfile
-
- Type: string
The message benchmark profile.
- benchmarkVersion
-
- Type: string
The message benchmark version.
- computePlatform
-
- Type: ComputePlatform structure
The message compute platform.
- progress
-
- Required: Yes
- Type: StopCisMessageProgress structure
The progress of the message.
- reason
-
- Type: string
The reason for the message.
- status
-
- Required: Yes
- Type: string
The status of the message.
StringFilter
Description
An object that describes the details of a string filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to use when comparing values in the filter.
- value
-
- Required: Yes
- Type: string
The value to filter on.
SuggestedFix
Description
A suggested fix for a vulnerability in your Lambda function code.
Members
- code
-
- Type: string
The fix's code.
- description
-
- Type: string
The fix's description.
TagFilter
Description
The tag filter.
Members
- comparison
-
- Required: Yes
- Type: string
The tag filter comparison value.
- key
-
- Required: Yes
- Type: string
The tag filter key.
- value
-
- Required: Yes
- Type: string
The tag filter value.
ThrottlingException
Description
The limit on the number of requests per second was exceeded.
Members
- message
-
- Required: Yes
- Type: string
- retryAfterSeconds
-
- Type: int
The number of seconds to wait before retrying the request.
Time
Description
The time.
Members
- timeOfDay
-
- Required: Yes
- Type: string
The time of day in 24-hour format (00:00).
- timezone
-
- Required: Yes
- Type: string
The timezone.
TitleAggregation
Description
The details that define an aggregation based on finding title.
Members
- findingType
-
- Type: string
The type of finding to aggregate on.
- resourceType
-
- Type: string
The resource type to aggregate on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
- titles
-
- Type: Array of StringFilter structures
The finding titles to aggregate on.
- vulnerabilityIds
-
- Type: Array of StringFilter structures
The vulnerability IDs of the findings.
TitleAggregationResponse
Description
A response that contains details on the results of a finding aggregation by title.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- severityCounts
-
- Type: SeverityCounts structure
An object that represent the count of matched findings per severity.
- title
-
- Required: Yes
- Type: string
The title that the findings were aggregated on.
- vulnerabilityId
-
- Type: string
The vulnerability ID of the finding.
UpdateCisTargets
Description
Updates CIS targets.
Members
- accountIds
-
- Type: Array of strings
The target account ids.
- targetResourceTags
-
- Type: Associative array of custom strings keys (TargetResourceTagsKey) to stringss
The target resource tags.
Usage
Description
Contains usage information about the cost of Amazon Inspector operation.
Members
- currency
-
- Type: string
The currency type used when calculating usage data.
- estimatedMonthlyCost
-
- Type: double
The estimated monthly cost of Amazon Inspector.
- total
-
- Type: double
The total of usage.
- type
-
- Type: string
The type scan.
UsageTotal
Description
The total of usage for an account ID.
Members
- accountId
-
- Type: string
The account ID of the account that usage data was retrieved for.
- usage
-
- Type: Array of Usage structures
An object representing the total usage for an account.
ValidationException
Description
The request has failed validation due to missing required fields or having invalid inputs.
Members
- fields
-
- Type: Array of ValidationExceptionField structures
The fields that failed validation.
- message
-
- Required: Yes
- Type: string
- reason
-
- Required: Yes
- Type: string
The reason for the validation failure.
ValidationExceptionField
Description
An object that describes a validation exception.
Members
- message
-
- Required: Yes
- Type: string
The validation exception message.
- name
-
- Required: Yes
- Type: string
The name of the validation exception.
Vulnerability
Description
Contains details about a specific vulnerability Amazon Inspector can detect.
Members
- atigData
-
- Type: AtigData structure
An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability.
- cisaData
-
- Type: CisaData structure
An object that contains the Cybersecurity and Infrastructure Security Agency (CISA) details for the vulnerability.
- cvss2
-
- Type: Cvss2 structure
An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability.
- cvss3
-
- Type: Cvss3 structure
An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability.
- cwes
-
- Type: Array of strings
The Common Weakness Enumeration (CWE) associated with the vulnerability.
- description
-
- Type: string
A description of the vulnerability.
- detectionPlatforms
-
- Type: Array of strings
Platforms that the vulnerability can be detected on.
- epss
-
- Type: Epss structure
An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability.
- exploitObserved
-
- Type: ExploitObserved structure
An object that contains details on when the exploit was observed.
- id
-
- Required: Yes
- Type: string
The ID for the specific vulnerability.
- referenceUrls
-
- Type: Array of strings
Links to various resources with more information on this vulnerability.
- relatedVulnerabilities
-
- Type: Array of strings
A list of related vulnerabilities.
- source
-
- Type: string
The source of the vulnerability information. Possible results are
RHEL
,AMAZON_CVE
,DEBIAN
orNVD
. - sourceUrl
-
- Type: string
A link to the official source material for this vulnerability.
- vendorCreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the vendor created this vulnerability.
- vendorSeverity
-
- Type: string
The severity assigned by the vendor.
- vendorUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the vendor last updated this vulnerability.
VulnerablePackage
Description
Information on the vulnerable package identified by a finding.
Members
- arch
-
- Type: string
The architecture of the vulnerable package.
- epoch
-
- Type: int
The epoch of the vulnerable package.
- filePath
-
- Type: string
The file path of the vulnerable package.
- fixedInVersion
-
- Type: string
The version of the package that contains the vulnerability fix.
- name
-
- Required: Yes
- Type: string
The name of the vulnerable package.
- packageManager
-
- Type: string
The package manager of the vulnerable package.
- release
-
- Type: string
The release of the vulnerable package.
- remediation
-
- Type: string
The code to run in your environment to update packages with a fix available.
- sourceLambdaLayerArn
-
- Type: string
The Amazon Resource Number (ARN) of the Amazon Web Services Lambda function affected by a finding.
- sourceLayerHash
-
- Type: string
The source layer hash of the vulnerable package.
- version
-
- Required: Yes
- Type: string
The version of the vulnerable package.
WeeklySchedule
Description
A weekly schedule.
Members
- days
-
- Required: Yes
- Type: Array of strings
The weekly schedule's days.
- startTime
-
- Required: Yes
- Type: Time structure
The weekly schedule's start time.