2024/01/23 - Inspector2 - 13 new api methods
Changes This release adds support for CIS scans on EC2 instances.
Lists scan results aggregated by a target resource.
See also: AWS API Documentation
Request Syntax
client.list_cis_scan_results_aggregated_by_target_resource(
filterCriteria={
'accountIdFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'checkIdFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'failedChecksFilters': [
{
'lowerInclusive': 123,
'upperInclusive': 123
},
],
'platformFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'statusFilters': [
{
'comparison': 'EQUALS',
'value': 'PASSED'|'FAILED'|'SKIPPED'
},
],
'targetResourceIdFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'targetResourceTagFilters': [
{
'comparison': 'EQUALS',
'key': 'string',
'value': 'string'
},
],
'targetStatusFilters': [
{
'comparison': 'EQUALS',
'value': 'TIMED_OUT'|'CANCELLED'|'COMPLETED'
},
],
'targetStatusReasonFilters': [
{
'comparison': 'EQUALS',
'value': 'SCAN_IN_PROGRESS'|'UNSUPPORTED_OS'|'SSM_UNMANAGED'
},
]
},
maxResults=123,
nextToken='string',
scanArn='string',
sortBy='RESOURCE_ID'|'FAILED_COUNTS'|'ACCOUNT_ID'|'PLATFORM'|'TARGET_STATUS'|'TARGET_STATUS_REASON',
sortOrder='ASC'|'DESC'
)
dict
The filter criteria.
accountIdFilters (list) --
The criteria's account ID filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
checkIdFilters (list) --
The criteria's check ID filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
failedChecksFilters (list) --
The criteria's failed checks filters.
(dict) --
The CIS number filter.
lowerInclusive (integer) --
The CIS number filter's lower inclusive.
upperInclusive (integer) --
The CIS number filter's upper inclusive.
platformFilters (list) --
The criteria's platform filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
statusFilters (list) --
The criteria's status filter.
(dict) --
The CIS result status filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS result status filter.
value (string) -- [REQUIRED]
The value of the CIS result status filter.
targetResourceIdFilters (list) --
The criteria's target resource ID filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
targetResourceTagFilters (list) --
The criteria's target resource tag filters.
(dict) --
The tag filter.
comparison (string) -- [REQUIRED]
The tag filter comparison value.
key (string) -- [REQUIRED]
The tag filter key.
value (string) -- [REQUIRED]
The tag filter value.
targetStatusFilters (list) --
The criteria's target status filters.
(dict) --
The CIS target status filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS target status filter.
value (string) -- [REQUIRED]
The value of the CIS target status filter.
targetStatusReasonFilters (list) --
The criteria's target status reason filters.
(dict) --
The CIS target status reason filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS target status reason filter.
value (string) -- [REQUIRED]
The value of the CIS target status reason filter.
integer
The maximum number of scan results aggregated by a target resource to be returned in a single page of results.
string
The pagination token from a previous request that's used to retrieve the next page of results.
string
[REQUIRED]
The scan ARN.
string
The sort by order.
string
The sort order.
dict
Response Syntax
{
'nextToken': 'string',
'targetResourceAggregations': [
{
'accountId': 'string',
'platform': 'string',
'scanArn': 'string',
'statusCounts': {
'failed': 123,
'passed': 123,
'skipped': 123
},
'targetResourceId': 'string',
'targetResourceTags': {
'string': [
'string',
]
},
'targetStatus': 'TIMED_OUT'|'CANCELLED'|'COMPLETED',
'targetStatusReason': 'SCAN_IN_PROGRESS'|'UNSUPPORTED_OS'|'SSM_UNMANAGED'
},
]
}
Response Structure
(dict) --
nextToken (string) --
The pagination token from a previous request that's used to retrieve the next page of results.
targetResourceAggregations (list) --
The resource aggregations.
(dict) --
The CIS target resource aggregation.
accountId (string) --
The account ID for the CIS target resource.
platform (string) --
The platform for the CIS target resource.
scanArn (string) --
The scan ARN for the CIS target resource.
statusCounts (dict) --
The target resource status counts.
failed (integer) --
The number of checks that failed.
passed (integer) --
The number of checks that passed.
skipped (integer) --
The number of checks that were skipped.
targetResourceId (string) --
The ID of the target resource.
targetResourceTags (dict) --
The tag for the target resource.
(string) --
(list) --
(string) --
targetStatus (string) --
The status of the target resource.
targetStatusReason (string) --
The reason for the target resource.
Returns a CIS scan list.
See also: AWS API Documentation
Request Syntax
client.list_cis_scans(
detailLevel='ORGANIZATION'|'MEMBER',
filterCriteria={
'failedChecksFilters': [
{
'lowerInclusive': 123,
'upperInclusive': 123
},
],
'scanArnFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'scanAtFilters': [
{
'earliestScanStartTime': datetime(2015, 1, 1),
'latestScanStartTime': datetime(2015, 1, 1)
},
],
'scanConfigurationArnFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'scanNameFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'scanStatusFilters': [
{
'comparison': 'EQUALS',
'value': 'FAILED'|'COMPLETED'|'CANCELLED'|'IN_PROGRESS'
},
],
'scheduledByFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'targetAccountIdFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'targetResourceIdFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'targetResourceTagFilters': [
{
'comparison': 'EQUALS',
'key': 'string',
'value': 'string'
},
]
},
maxResults=123,
nextToken='string',
sortBy='STATUS'|'SCHEDULED_BY'|'SCAN_START_DATE'|'FAILED_CHECKS',
sortOrder='ASC'|'DESC'
)
string
The detail applied to the CIS scan.
dict
The CIS scan filter criteria.
failedChecksFilters (list) --
The list of failed checks filters.
(dict) --
The CIS number filter.
lowerInclusive (integer) --
The CIS number filter's lower inclusive.
upperInclusive (integer) --
The CIS number filter's upper inclusive.
scanArnFilters (list) --
The list of scan ARN filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
scanAtFilters (list) --
The list of scan at filters.
(dict) --
The CIS date filter.
earliestScanStartTime (datetime) --
The CIS date filter's earliest scan start time.
latestScanStartTime (datetime) --
The CIS date filter's latest scan start time.
scanConfigurationArnFilters (list) --
The list of scan configuration ARN filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
scanNameFilters (list) --
The list of scan name filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
scanStatusFilters (list) --
The list of scan status filters.
(dict) --
The CIS scan status filter.
comparison (string) -- [REQUIRED]
The filter comparison value.
value (string) -- [REQUIRED]
The filter value.
scheduledByFilters (list) --
The list of scheduled by filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
targetAccountIdFilters (list) --
The list of target account ID filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
targetResourceIdFilters (list) --
The list of target resource ID filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
targetResourceTagFilters (list) --
The list of target resource tag filters.
(dict) --
The tag filter.
comparison (string) -- [REQUIRED]
The tag filter comparison value.
key (string) -- [REQUIRED]
The tag filter key.
value (string) -- [REQUIRED]
The tag filter value.
integer
The maximum number of results to be returned.
string
The pagination token from a previous request that's used to retrieve the next page of results.
string
The CIS scans sort by order.
string
The CIS scans sort order.
dict
Response Syntax
{
'nextToken': 'string',
'scans': [
{
'failedChecks': 123,
'scanArn': 'string',
'scanConfigurationArn': 'string',
'scanDate': datetime(2015, 1, 1),
'scanName': 'string',
'scheduledBy': 'string',
'securityLevel': 'LEVEL_1'|'LEVEL_2',
'status': 'FAILED'|'COMPLETED'|'CANCELLED'|'IN_PROGRESS',
'targets': {
'accountIds': [
'string',
],
'targetResourceTags': {
'string': [
'string',
]
}
},
'totalChecks': 123
},
]
}
Response Structure
(dict) --
nextToken (string) --
The pagination token from a previous request that's used to retrieve the next page of results.
scans (list) --
The CIS scans.
(dict) --
The CIS scan.
failedChecks (integer) --
The CIS scan's failed checks.
scanArn (string) --
The CIS scan's ARN.
scanConfigurationArn (string) --
The CIS scan's configuration ARN.
scanDate (datetime) --
The CIS scan's date.
scanName (string) --
The the name of the scan configuration that's associated with this scan.
scheduledBy (string) --
The account or organization that schedules the CIS scan.
securityLevel (string) --
The security level for the CIS scan. Security level refers to the Benchmark levels that CIS assigns to a profile.
status (string) --
The CIS scan's status.
targets (dict) --
The CIS scan's targets.
accountIds (list) --
The CIS target account ids.
(string) --
targetResourceTags (dict) --
The CIS target resource tags.
(string) --
(list) --
(string) --
totalChecks (integer) --
The CIS scan's total checks.
Lists CIS scan configurations.
See also: AWS API Documentation
Request Syntax
client.list_cis_scan_configurations(
filterCriteria={
'scanConfigurationArnFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'scanNameFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'targetResourceTagFilters': [
{
'comparison': 'EQUALS',
'key': 'string',
'value': 'string'
},
]
},
maxResults=123,
nextToken='string',
sortBy='SCAN_NAME'|'SCAN_CONFIGURATION_ARN',
sortOrder='ASC'|'DESC'
)
dict
The CIS scan configuration filter criteria.
scanConfigurationArnFilters (list) --
The list of scan configuration ARN filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
scanNameFilters (list) --
The list of scan name filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
targetResourceTagFilters (list) --
The list of target resource tag filters.
(dict) --
The tag filter.
comparison (string) -- [REQUIRED]
The tag filter comparison value.
key (string) -- [REQUIRED]
The tag filter key.
value (string) -- [REQUIRED]
The tag filter value.
integer
The maximum number of CIS scan configurations to be returned in a single page of results.
string
The pagination token from a previous request that's used to retrieve the next page of results.
string
The CIS scan configuration sort by order.
string
The CIS scan configuration sort order order.
dict
Response Syntax
{
'nextToken': 'string',
'scanConfigurations': [
{
'ownerId': 'string',
'scanConfigurationArn': 'string',
'scanName': 'string',
'schedule': {
'daily': {
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
},
'monthly': {
'day': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
},
'oneTime': {},
'weekly': {
'days': [
'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
],
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
}
},
'securityLevel': 'LEVEL_1'|'LEVEL_2',
'tags': {
'string': 'string'
},
'targets': {
'accountIds': [
'string',
],
'targetResourceTags': {
'string': [
'string',
]
}
}
},
]
}
Response Structure
(dict) --
nextToken (string) --
The pagination token from a previous request that's used to retrieve the next page of results.
scanConfigurations (list) --
The CIS scan configuration scan configurations.
(dict) --
The CIS scan configuration.
ownerId (string) --
The CIS scan configuration's owner ID.
scanConfigurationArn (string) --
The CIS scan configuration's scan configuration ARN.
scanName (string) --
The name of the CIS scan configuration.
schedule (dict) --
The CIS scan configuration's schedule.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: daily, monthly, oneTime, weekly. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
daily (dict) --
The schedule's daily.
startTime (dict) --
The schedule start time.
timeOfDay (string) --
The time of day in 24-hour format (00:00).
timezone (string) --
The timezone.
monthly (dict) --
The schedule's monthly.
day (string) --
The monthly schedule's day.
startTime (dict) --
The monthly schedule's start time.
timeOfDay (string) --
The time of day in 24-hour format (00:00).
timezone (string) --
The timezone.
oneTime (dict) --
The schedule's one time.
weekly (dict) --
The schedule's weekly.
days (list) --
The weekly schedule's days.
(string) --
startTime (dict) --
The weekly schedule's start time.
timeOfDay (string) --
The time of day in 24-hour format (00:00).
timezone (string) --
The timezone.
securityLevel (string) --
The CIS scan configuration's security level.
tags (dict) --
The CIS scan configuration's tags.
(string) --
(string) --
targets (dict) --
The CIS scan configuration's targets.
accountIds (list) --
The CIS target account ids.
(string) --
targetResourceTags (dict) --
The CIS target resource tags.
(string) --
(list) --
(string) --
Retrieves a CIS scan report.
See also: AWS API Documentation
Request Syntax
client.get_cis_scan_report(
scanArn='string',
targetAccounts=[
'string',
]
)
string
[REQUIRED]
The scan ARN.
list
The target accounts.
(string) --
dict
Response Syntax
{
'status': 'SUCCEEDED'|'FAILED'|'IN_PROGRESS',
'url': 'string'
}
Response Structure
(dict) --
status (string) --
The status.
url (string) --
The URL where the CIS scan report PDF can be downloaded.
Sends a CIS session health. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
See also: AWS API Documentation
Request Syntax
client.send_cis_session_health(
scanJobId='string',
sessionToken='string'
)
string
[REQUIRED]
A unique identifier for the scan job.
string
[REQUIRED]
The unique token that identifies the CIS session.
dict
Response Syntax
{}
Response Structure
(dict) --
Updates a CIS scan configuration.
See also: AWS API Documentation
Request Syntax
client.update_cis_scan_configuration(
scanConfigurationArn='string',
scanName='string',
schedule={
'daily': {
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
},
'monthly': {
'day': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
},
'oneTime': {}
,
'weekly': {
'days': [
'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
],
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
}
},
securityLevel='LEVEL_1'|'LEVEL_2',
targets={
'accountIds': [
'string',
],
'targetResourceTags': {
'string': [
'string',
]
}
}
)
string
[REQUIRED]
The CIS scan configuration ARN.
string
The scan name for the CIS scan configuration.
dict
The schedule for the CIS scan configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: daily, monthly, oneTime, weekly.
daily (dict) --
The schedule's daily.
startTime (dict) -- [REQUIRED]
The schedule start time.
timeOfDay (string) -- [REQUIRED]
The time of day in 24-hour format (00:00).
timezone (string) -- [REQUIRED]
The timezone.
monthly (dict) --
The schedule's monthly.
day (string) -- [REQUIRED]
The monthly schedule's day.
startTime (dict) -- [REQUIRED]
The monthly schedule's start time.
timeOfDay (string) -- [REQUIRED]
The time of day in 24-hour format (00:00).
timezone (string) -- [REQUIRED]
The timezone.
oneTime (dict) --
The schedule's one time.
weekly (dict) --
The schedule's weekly.
days (list) -- [REQUIRED]
The weekly schedule's days.
(string) --
startTime (dict) -- [REQUIRED]
The weekly schedule's start time.
timeOfDay (string) -- [REQUIRED]
The time of day in 24-hour format (00:00).
timezone (string) -- [REQUIRED]
The timezone.
string
The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile.
dict
The targets for the CIS scan configuration.
accountIds (list) --
The target account ids.
(string) --
targetResourceTags (dict) --
The target resource tags.
(string) --
(list) --
(string) --
dict
Response Syntax
{
'scanConfigurationArn': 'string'
}
Response Structure
(dict) --
scanConfigurationArn (string) --
The CIS scan configuration ARN.
Retrieves CIS scan result details.
See also: AWS API Documentation
Request Syntax
client.get_cis_scan_result_details(
accountId='string',
filterCriteria={
'checkIdFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'findingArnFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'findingStatusFilters': [
{
'comparison': 'EQUALS',
'value': 'PASSED'|'FAILED'|'SKIPPED'
},
],
'securityLevelFilters': [
{
'comparison': 'EQUALS',
'value': 'LEVEL_1'|'LEVEL_2'
},
],
'titleFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
]
},
maxResults=123,
nextToken='string',
scanArn='string',
sortBy='CHECK_ID'|'STATUS',
sortOrder='ASC'|'DESC',
targetResourceId='string'
)
string
[REQUIRED]
The account ID.
dict
The filter criteria.
checkIdFilters (list) --
The criteria's check ID filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
findingArnFilters (list) --
The criteria's finding ARN filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
findingStatusFilters (list) --
The criteria's finding status filters.
(dict) --
The CIS finding status filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS finding status filter.
value (string) -- [REQUIRED]
The value of the CIS finding status filter.
securityLevelFilters (list) --
The criteria's security level filters. . Security level refers to the Benchmark levels that CIS assigns to a profile.
(dict) --
The CIS security level filter. Security level refers to the Benchmark levels that CIS assigns to a profile.
comparison (string) -- [REQUIRED]
The CIS security filter comparison value.
value (string) -- [REQUIRED]
The CIS security filter value.
titleFilters (list) --
The criteria's title filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
integer
The maximum number of CIS scan result details to be returned in a single page of results.
string
The pagination token from a previous request that's used to retrieve the next page of results.
string
[REQUIRED]
The scan ARN.
string
The sort by order.
string
The sort order.
string
[REQUIRED]
The target resource ID.
dict
Response Syntax
{
'nextToken': 'string',
'scanResultDetails': [
{
'accountId': 'string',
'checkDescription': 'string',
'checkId': 'string',
'findingArn': 'string',
'level': 'LEVEL_1'|'LEVEL_2',
'platform': 'string',
'remediation': 'string',
'scanArn': 'string',
'status': 'PASSED'|'FAILED'|'SKIPPED',
'statusReason': 'string',
'targetResourceId': 'string',
'title': 'string'
},
]
}
Response Structure
(dict) --
nextToken (string) --
The pagination token from a previous request that's used to retrieve the next page of results.
scanResultDetails (list) --
The scan result details.
(dict) --
The CIS scan result details.
accountId (string) --
The CIS scan result details' account ID.
checkDescription (string) --
The account ID that's associated with the CIS scan result details.
checkId (string) --
The CIS scan result details' check ID.
findingArn (string) --
The CIS scan result details' finding ARN.
level (string) --
The CIS scan result details' level.
platform (string) --
The CIS scan result details' platform.
remediation (string) --
The CIS scan result details' remediation.
scanArn (string) --
The CIS scan result details' scan ARN.
status (string) --
The CIS scan result details' status.
statusReason (string) --
The CIS scan result details' status reason.
targetResourceId (string) --
The CIS scan result details' target resource ID.
title (string) --
The CIS scan result details' title.
Creates a CIS scan configuration.
See also: AWS API Documentation
Request Syntax
client.create_cis_scan_configuration(
scanName='string',
schedule={
'daily': {
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
},
'monthly': {
'day': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
},
'oneTime': {}
,
'weekly': {
'days': [
'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
],
'startTime': {
'timeOfDay': 'string',
'timezone': 'string'
}
}
},
securityLevel='LEVEL_1'|'LEVEL_2',
tags={
'string': 'string'
},
targets={
'accountIds': [
'string',
],
'targetResourceTags': {
'string': [
'string',
]
}
}
)
string
[REQUIRED]
The scan name for the CIS scan configuration.
dict
[REQUIRED]
The schedule for the CIS scan configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: daily, monthly, oneTime, weekly.
daily (dict) --
The schedule's daily.
startTime (dict) -- [REQUIRED]
The schedule start time.
timeOfDay (string) -- [REQUIRED]
The time of day in 24-hour format (00:00).
timezone (string) -- [REQUIRED]
The timezone.
monthly (dict) --
The schedule's monthly.
day (string) -- [REQUIRED]
The monthly schedule's day.
startTime (dict) -- [REQUIRED]
The monthly schedule's start time.
timeOfDay (string) -- [REQUIRED]
The time of day in 24-hour format (00:00).
timezone (string) -- [REQUIRED]
The timezone.
oneTime (dict) --
The schedule's one time.
weekly (dict) --
The schedule's weekly.
days (list) -- [REQUIRED]
The weekly schedule's days.
(string) --
startTime (dict) -- [REQUIRED]
The weekly schedule's start time.
timeOfDay (string) -- [REQUIRED]
The time of day in 24-hour format (00:00).
timezone (string) -- [REQUIRED]
The timezone.
string
[REQUIRED]
The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile.
dict
The tags for the CIS scan configuration.
(string) --
(string) --
dict
[REQUIRED]
The targets for the CIS scan configuration.
accountIds (list) -- [REQUIRED]
The CIS target account ids.
(string) --
targetResourceTags (dict) -- [REQUIRED]
The CIS target resource tags.
(string) --
(list) --
(string) --
dict
Response Syntax
{
'scanConfigurationArn': 'string'
}
Response Structure
(dict) --
scanConfigurationArn (string) --
The scan configuration ARN for the CIS scan configuration.
Sends a CIS session telemetry. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
See also: AWS API Documentation
Request Syntax
client.send_cis_session_telemetry(
messages=[
{
'cisRuleDetails': b'bytes',
'ruleId': 'string',
'status': 'FAILED'|'PASSED'|'NOT_EVALUATED'|'INFORMATIONAL'|'UNKNOWN'|'NOT_APPLICABLE'|'ERROR'
},
],
scanJobId='string',
sessionToken='string'
)
list
[REQUIRED]
The CIS session telemetry messages.
(dict) --
The CIS session message.
cisRuleDetails (bytes) -- [REQUIRED]
The CIS rule details for the CIS session message.
ruleId (string) -- [REQUIRED]
The rule ID for the CIS session message.
status (string) -- [REQUIRED]
The status of the CIS session message.
string
[REQUIRED]
A unique identifier for the scan job.
string
[REQUIRED]
The unique token that identifies the CIS session.
dict
Response Syntax
{}
Response Structure
(dict) --
Lists scan results aggregated by checks.
See also: AWS API Documentation
Request Syntax
client.list_cis_scan_results_aggregated_by_checks(
filterCriteria={
'accountIdFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'checkIdFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'failedResourcesFilters': [
{
'lowerInclusive': 123,
'upperInclusive': 123
},
],
'platformFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'securityLevelFilters': [
{
'comparison': 'EQUALS',
'value': 'LEVEL_1'|'LEVEL_2'
},
],
'titleFilters': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
]
},
maxResults=123,
nextToken='string',
scanArn='string',
sortBy='CHECK_ID'|'TITLE'|'PLATFORM'|'FAILED_COUNTS'|'SECURITY_LEVEL',
sortOrder='ASC'|'DESC'
)
dict
The filter criteria.
accountIdFilters (list) --
The criteria's account ID filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
checkIdFilters (list) --
The criteria's check ID filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
failedResourcesFilters (list) --
The criteria's failed resources filters.
(dict) --
The CIS number filter.
lowerInclusive (integer) --
The CIS number filter's lower inclusive.
upperInclusive (integer) --
The CIS number filter's upper inclusive.
platformFilters (list) --
The criteria's platform filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
securityLevelFilters (list) --
The criteria's security level filters.
(dict) --
The CIS security level filter. Security level refers to the Benchmark levels that CIS assigns to a profile.
comparison (string) -- [REQUIRED]
The CIS security filter comparison value.
value (string) -- [REQUIRED]
The CIS security filter value.
titleFilters (list) --
The criteria's title filters.
(dict) --
The CIS string filter.
comparison (string) -- [REQUIRED]
The comparison value of the CIS string filter.
value (string) -- [REQUIRED]
The value of the CIS string filter.
integer
The maximum number of scan results aggregated by checks to be returned in a single page of results.
string
The pagination token from a previous request that's used to retrieve the next page of results.
string
[REQUIRED]
The scan ARN.
string
The sort by order.
string
The sort order.
dict
Response Syntax
{
'checkAggregations': [
{
'accountId': 'string',
'checkDescription': 'string',
'checkId': 'string',
'level': 'LEVEL_1'|'LEVEL_2',
'platform': 'string',
'scanArn': 'string',
'statusCounts': {
'failed': 123,
'passed': 123,
'skipped': 123
},
'title': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
checkAggregations (list) --
The check aggregations.
(dict) --
A CIS check.
accountId (string) --
The account ID for the CIS check.
checkDescription (string) --
The description for the CIS check.
checkId (string) --
The check ID for the CIS check.
level (string) --
The CIS check level.
platform (string) --
The CIS check platform.
scanArn (string) --
The scan ARN for the CIS check scan ARN.
statusCounts (dict) --
The CIS check status counts.
failed (integer) --
The number of checks that failed.
passed (integer) --
The number of checks that passed.
skipped (integer) --
The number of checks that were skipped.
title (string) --
The CIS check title.
nextToken (string) --
The pagination token from a previous request that's used to retrieve the next page of results.
Starts a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
See also: AWS API Documentation
Request Syntax
client.start_cis_session(
message={
'sessionToken': 'string'
},
scanJobId='string'
)
dict
[REQUIRED]
The start CIS session message.
sessionToken (string) -- [REQUIRED]
The unique token that identifies the CIS session.
string
[REQUIRED]
A unique identifier for the scan job.
dict
Response Syntax
{}
Response Structure
(dict) --
Deletes a CIS scan configuration.
See also: AWS API Documentation
Request Syntax
client.delete_cis_scan_configuration(
scanConfigurationArn='string'
)
string
[REQUIRED]
The ARN of the CIS scan configuration.
dict
Response Syntax
{
'scanConfigurationArn': 'string'
}
Response Structure
(dict) --
scanConfigurationArn (string) --
The ARN of the CIS scan configuration.
Stops a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
See also: AWS API Documentation
Request Syntax
client.stop_cis_session(
message={
'benchmarkProfile': 'string',
'benchmarkVersion': 'string',
'computePlatform': {
'product': 'string',
'vendor': 'string',
'version': 'string'
},
'progress': {
'errorChecks': 123,
'failedChecks': 123,
'informationalChecks': 123,
'notApplicableChecks': 123,
'notEvaluatedChecks': 123,
'successfulChecks': 123,
'totalChecks': 123,
'unknownChecks': 123
},
'reason': 'string',
'status': 'SUCCESS'|'FAILED'|'INTERRUPTED'|'UNSUPPORTED_OS'
},
scanJobId='string',
sessionToken='string'
)
dict
[REQUIRED]
The stop CIS session message.
benchmarkProfile (string) --
The message benchmark profile.
benchmarkVersion (string) --
The message benchmark version.
computePlatform (dict) --
The message compute platform.
product (string) --
The compute platform product.
vendor (string) --
The compute platform vendor.
version (string) --
The compute platform version.
progress (dict) -- [REQUIRED]
The progress of the message.
errorChecks (integer) --
The progress' error checks.
failedChecks (integer) --
The progress' failed checks.
informationalChecks (integer) --
The progress' informational checks.
notApplicableChecks (integer) --
The progress' not applicable checks.
notEvaluatedChecks (integer) --
The progress' not evaluated checks.
successfulChecks (integer) --
The progress' successful checks.
totalChecks (integer) --
The progress' total checks.
unknownChecks (integer) --
The progress' unknown checks.
reason (string) --
The reason for the message.
status (string) -- [REQUIRED]
The status of the message.
string
[REQUIRED]
A unique identifier for the scan job.
string
[REQUIRED]
The unique token that identifies the CIS session.
dict
Response Syntax
{}
Response Structure
(dict) --