SecurityAgent / Client / create_pentest
create_pentest¶
- SecurityAgent.Client.create_pentest(**kwargs)¶
Creates a new pentest configuration
See also: AWS API Documentation
Request Syntax
response = client.create_pentest( title='string', agentSpaceId='string', assets={ 'endpoints': [ { 'uri': 'string' }, ], 'actors': [ { 'identifier': 'string', 'uris': [ 'string', ], 'authentication': { 'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL', 'value': 'string' }, 'description': 'string' }, ], 'documents': [ { 's3Location': 'string', 'artifactId': 'string' }, ], 'sourceCode': [ { 's3Location': 'string' }, ], 'integratedRepositories': [ { 'integrationId': 'string', 'providerResourceId': 'string' }, ] }, excludeRiskTypes=[ 'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN', ], serviceRole='string', logConfig={ 'logGroup': 'string', 'logStream': 'string' }, vpcConfig={ 'vpcArn': 'string', 'securityGroupArns': [ 'string', ], 'subnetArns': [ 'string', ] }, networkTrafficConfig={ 'rules': [ { 'effect': 'ALLOW'|'DENY', 'pattern': 'string', 'networkTrafficRuleType': 'URL' }, ], 'customHeaders': [ { 'name': 'string', 'value': 'string' }, ] }, codeRemediationStrategy='AUTOMATIC'|'DISABLED' )
- Parameters:
title (string) –
[REQUIRED]
Title of the pentest
agentSpaceId (string) –
[REQUIRED]
ID of the agent space where the pentest should be created
assets (dict) –
Assets to be tested during the pentest
endpoints (list) –
List of web application endpoints to test
(dict) –
Represents a web application endpoint to be tested
uri (string) –
URI of the endpoint to test
actors (list) –
List of actors that interact with the system
(dict) –
Represents an entity that interacts with the system during security testing
identifier (string) –
Unique identifier for the actor (case-insensitive)
uris (list) –
List of URIs accessible with the actor’s credentials
(string) –
authentication (dict) –
Authentication information used by the actor to access resources
providerType (string) –
Provider type for the authentication credentials
value (string) –
Authentication credential value or reference
description (string) –
Additional description or details about the actor
documents (list) –
List of documents providing context for testing
(dict) –
Information about a document relevant to security testing
s3Location (string) –
S3 storage location of the document
artifactId (string) –
Artifact ID of the document
sourceCode (list) –
List of source code repositories for static analysis
(dict) –
Information about a source code repository for static analysis
s3Location (string) –
S3 storage location of the repository
integratedRepositories (list) –
List of integrated code repositories
(dict) –
Information about an integrated repository
integrationId (string) – [REQUIRED]
Integration identifier
providerResourceId (string) – [REQUIRED]
External provider resource identifier, e.g., Github repository identifier
excludeRiskTypes (list) –
A list of risk types excluded from the pentest execution
(string) –
Type of security risk
serviceRole (string) – Service role ARN for accessing customer resources
logConfig (dict) –
CloudWatch log group and stream prefix where pentest execution logs are stored
logGroup (string) –
Name of the CloudWatch log group
logStream (string) –
Name of the CloudWatch log stream
vpcConfig (dict) –
VPC configuration that the Security Agent accesses
vpcArn (string) –
ARN or ID of the customer VPC
securityGroupArns (list) –
List of security group ARNs or IDs in the customer VPC
(string) –
ARN or ID of a security group
subnetArns (list) –
List of subnet ARNs or IDs in the customer VPC
(string) –
ARN or ID of a subnet
networkTrafficConfig (dict) –
Configuration for network traffic filtering
rules (list) –
Traffic filtering rules
(dict) –
Network traffic filtering rule
effect (string) –
Action to take when the rule matches
pattern (string) –
Pattern to match against
networkTrafficRuleType (string) –
Type of network traffic rule
customHeaders (list) –
Custom headers for requests
(dict) –
Custom headers to be set for network requests
name (string) –
Name of header to set value for
value (string) –
Value to set for header
codeRemediationStrategy (string) – Strategy for code remediation on findings
- Return type:
dict
- Returns:
Response Syntax
{ 'pentestId': 'string', 'title': 'string', 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1), 'assets': { 'endpoints': [ { 'uri': 'string' }, ], 'actors': [ { 'identifier': 'string', 'uris': [ 'string', ], 'authentication': { 'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL', 'value': 'string' }, 'description': 'string' }, ], 'documents': [ { 's3Location': 'string', 'artifactId': 'string' }, ], 'sourceCode': [ { 's3Location': 'string' }, ], 'integratedRepositories': [ { 'integrationId': 'string', 'providerResourceId': 'string' }, ] }, 'excludeRiskTypes': [ 'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN', ], 'serviceRole': 'string', 'logConfig': { 'logGroup': 'string', 'logStream': 'string' }, 'agentSpaceId': 'string' }
Response Structure
(dict) –
Output for the CreatePentest operation
pentestId (string) –
Unique identifier of the created pentest
title (string) –
Title of the created pentest
createdAt (datetime) –
Timestamp when the pentest was created
updatedAt (datetime) –
Timestamp when the pentest was last updated
assets (dict) –
Assets to be tested in the created pentest
endpoints (list) –
List of web application endpoints to test
(dict) –
Represents a web application endpoint to be tested
uri (string) –
URI of the endpoint to test
actors (list) –
List of actors that interact with the system
(dict) –
Represents an entity that interacts with the system during security testing
identifier (string) –
Unique identifier for the actor (case-insensitive)
uris (list) –
List of URIs accessible with the actor’s credentials
(string) –
authentication (dict) –
Authentication information used by the actor to access resources
providerType (string) –
Provider type for the authentication credentials
value (string) –
Authentication credential value or reference
description (string) –
Additional description or details about the actor
documents (list) –
List of documents providing context for testing
(dict) –
Information about a document relevant to security testing
s3Location (string) –
S3 storage location of the document
artifactId (string) –
Artifact ID of the document
sourceCode (list) –
List of source code repositories for static analysis
(dict) –
Information about a source code repository for static analysis
s3Location (string) –
S3 storage location of the repository
integratedRepositories (list) –
List of integrated code repositories
(dict) –
Information about an integrated repository
integrationId (string) –
Integration identifier
providerResourceId (string) –
External provider resource identifier, e.g., Github repository identifier
excludeRiskTypes (list) –
A list of risk types excluded from the pentest execution
(string) –
Type of security risk
serviceRole (string) –
Service role ARN for accessing customer resources
logConfig (dict) –
CloudWatch log group and stream prefix where pentest execution logs are stored
logGroup (string) –
Name of the CloudWatch log group
logStream (string) –
Name of the CloudWatch log stream
agentSpaceId (string) –
ID of the agent space where the pentest was created