Details of the vulnerability identified in a finding.
Contents
- cisaData
-
The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.
Type: CisaData object
Required: No
- cwes
-
The Common Weakness Enumerations (CWEs) associated with the vulnerability.
Type: Array of strings
Array Members: Minimum number of 0 items.
Length Constraints: Minimum length of 0.
Required: No
- epssScore
-
The Exploit Prediction Scoring System (EPSS) score of the vulnerability.
Type: Double
Required: No
- evidences
-
Information on the evidence of the vulnerability.
Type: Array of Evidence objects
Required: No
- exploitObserved
-
Contains information on when this exploit was observed.
Type: ExploitObserved object
Required: No
- findingArn
-
The finding ARN that the vulnerability details are associated with.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 100.
Pattern:
^arn:(aws[a-zA-Z-]*)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:finding/[a-f0-9]{32}$Required: No
- referenceUrls
-
The reference URLs for the vulnerability data.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 100 items.
Length Constraints: Minimum length of 0.
Required: No
- riskScore
-
The risk score of the vulnerability.
Type: Integer
Required: No
- tools
-
The known malware tools or kits that can exploit the vulnerability.
Type: Array of strings
Length Constraints: Minimum length of 0.
Required: No
- ttps
-
The MITRE adversary tactics, techniques, or procedures (TTPs) associated with the vulnerability.
Type: Array of strings
Array Members: Minimum number of 0 items.
Length Constraints: Minimum length of 0. Maximum length of 30.
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
