2023/05/05 - Inspector2 - 1 new api methods
Changes Amazon Inspector now allows customers to search its vulnerability intelligence database if any of the Inspector scanning types are activated.
Lists Amazon Inspector coverage details for a specific vulnerability.
See also: AWS API Documentation
Request Syntax
client.search_vulnerabilities(
filterCriteria={
'vulnerabilityIds': [
'string',
]
},
nextToken='string'
)
dict
[REQUIRED]
The criteria used to filter the results of a vulnerability search.
vulnerabilityIds (list) -- [REQUIRED]
The IDs for specific vulnerabilities.
(string) --
string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
dict
Response Syntax
{
'nextToken': 'string',
'vulnerabilities': [
{
'atigData': {
'firstSeen': datetime(2015, 1, 1),
'lastSeen': datetime(2015, 1, 1),
'targets': [
'string',
],
'ttps': [
'string',
]
},
'cisaData': {
'action': 'string',
'dateAdded': datetime(2015, 1, 1),
'dateDue': datetime(2015, 1, 1)
},
'cvss2': {
'baseScore': 123.0,
'scoringVector': 'string'
},
'cvss3': {
'baseScore': 123.0,
'scoringVector': 'string'
},
'cwes': [
'string',
],
'description': 'string',
'detectionPlatforms': [
'string',
],
'epss': {
'score': 123.0
},
'exploitObserved': {
'firstSeen': datetime(2015, 1, 1),
'lastSeen': datetime(2015, 1, 1)
},
'id': 'string',
'referenceUrls': [
'string',
],
'relatedVulnerabilities': [
'string',
],
'source': 'NVD',
'sourceUrl': 'string',
'vendorCreatedAt': datetime(2015, 1, 1),
'vendorSeverity': 'string',
'vendorUpdatedAt': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
nextToken (string) --
The pagination parameter to be used on the next list operation to retrieve more items.
vulnerabilities (list) --
Details about the listed vulnerability.
(dict) --
Contains details about a specific vulnerability Amazon Inspector can detect.
atigData (dict) --
An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability.
firstSeen (datetime) --
The date and time this vulnerability was first observed.
lastSeen (datetime) --
The date and time this vulnerability was last observed.
targets (list) --
The commercial sectors this vulnerability targets.
(string) --
ttps (list) --
The MITRE ATT&CK tactics, techniques, and procedures (TTPs) associated with vulnerability.
(string) --
cisaData (dict) --
An object that contains the Cybersecurity and Infrastructure Security Agency (CISA) details for the vulnerability.
action (string) --
The remediation action recommended by CISA for this vulnerability.
dateAdded (datetime) --
The date and time CISA added this vulnerability to their catalogue.
dateDue (datetime) --
The date and time CISA expects a fix to have been provided vulnerability.
cvss2 (dict) --
An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability.
baseScore (float) --
The CVSS v2 base score for the vulnerability.
scoringVector (string) --
The scoring vector associated with the CVSS v2 score.
cvss3 (dict) --
An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability.
baseScore (float) --
The CVSS v3 base score for the vulnerability.
scoringVector (string) --
The scoring vector associated with the CVSS v3 score.
cwes (list) --
The Common Weakness Enumeration (CWE) associated with the vulnerability.
(string) --
description (string) --
A description of the vulnerability.
detectionPlatforms (list) --
Platforms that the vulnerability can be detected on.
(string) --
epss (dict) --
An object that contains the Exploit Prediction Scoring System (EPSS) score.
score (float) --
The Exploit Prediction Scoring System (EPSS) score.
exploitObserved (dict) --
An object that contains details on when the exploit was observed.
firstSeen (datetime) --
The date an time when the exploit was first seen.
lastSeen (datetime) --
The date an time when the exploit was last seen.
id (string) --
The ID for the specific vulnerability.
referenceUrls (list) --
Links to various resources with more information on this vulnerability.
(string) --
relatedVulnerabilities (list) --
A list of related vulnerabilities.
(string) --
source (string) --
The source of the vulnerability information.
sourceUrl (string) --
A link to the official source material for this vulnerability.
vendorCreatedAt (datetime) --
The date and time when the vendor created this vulnerability.
vendorSeverity (string) --
The severity assigned by the vendor.
vendorUpdatedAt (datetime) --
The date and time when the vendor last updated this vulnerability.