Amazon Inspector

(1)

Amazon Inspector

API Reference

API Version 2016-02-16

(2)

Amazon Inspector: API Reference

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be aﬃliated with, connected to, or sponsored by Amazon.

(3)

Welcome

Amazon Inspector Classic enables you to analyze the behavior of your AWS resources and to identify potential security issues. For more information, see Amazon Inspector Classic User Guide.

This document was last published on March 6, 2022.

(11)

Actions

The following actions are supported:

• AddAttributesToFindings (p. 3)

• CreateAssessmentTarget (p. 6)

• CreateAssessmentTemplate (p. 9)

• CreateExclusionsPreview (p. 13)

• CreateResourceGroup (p. 15)

• DeleteAssessmentRun (p. 18)

• DeleteAssessmentTarget (p. 21)

• DeleteAssessmentTemplate (p. 24)

• DescribeAssessmentRuns (p. 27)

• DescribeAssessmentTargets (p. 31)

• DescribeAssessmentTemplates (p. 34)

• DescribeCrossAccountAccessRole (p. 37)

• DescribeExclusions (p. 39)

• DescribeFindings (p. 42)

• DescribeResourceGroups (p. 47)

• DescribeRulesPackages (p. 50)

• GetAssessmentReport (p. 54)

• GetExclusionsPreview (p. 57)

• GetTelemetryMetadata (p. 60)

• ListAssessmentRunAgents (p. 65)

• ListAssessmentRuns (p. 71)

• ListAssessmentTargets (p. 75)

• ListAssessmentTemplates (p. 78)

• ListEventSubscriptions (p. 82)

• ListExclusions (p. 86)

• ListFindings (p. 89)

• ListRulesPackages (p. 93)

• ListTagsForResource (p. 96)

• PreviewAgents (p. 99)

• RegisterCrossAccountAccessRole (p. 103)

• RemoveAttributesFromFindings (p. 106)

• SetTagsForResource (p. 109)

• StartAssessmentRun (p. 112)

• StopAssessmentRun (p. 115)

• SubscribeToEvent (p. 118)

• UnsubscribeFromEvent (p. 121)

• UpdateAssessmentTarget (p. 124)

(12)

AddAttributesToFindings

Assigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings.

Request Syntax

{ "attributes": [ {

"key": "string", "value": "string"

} ],

"findingArns": [ "string" ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 177).

The request accepts the following data in JSON format.

attributes (p. 3)

The array of attributes that you want to assign to speciﬁed ﬁndings.

Type: Array of Attribute (p. 150) objects

Array Members: Minimum number of 0 items. Maximum number of 10 items.

Required: Yes ﬁndingArns (p. 3)

The ARNs that specify the ﬁndings that you want to assign attributes to.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 10 items.

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

Response Syntax

{ "failedItems": { "string" : {

"failureCode": "string", "retryable": boolean }

}}

(13)

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

failedItems (p. 3)

Attribute details that cannot be described. An error code is provided for each failed item.

Type: String to FailedItemDetails (p. 157) object map

Key Length Constraints: Minimum length of 1. Maximum length of 300.

Errors

For information about the errors that are common to all actions, see Common Errors (p. 179).

InternalException Internal server error.

HTTP Status Code: 500 InvalidInputException

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

HTTP Status Code: 400 NoSuchEntityException

The request was rejected because it referenced an entity that does not exist. The error code describes the entity.

HTTP Status Code: 400

ServiceTemporarilyUnavailableException The serice is temporary unavailable.

Examples

Example

This example illustrates one usage of AddAttributesToFindings.

Sample Request

POST / HTTP/1.1

Host: inspector.us-west-2.amazonaws.com Accept-Encoding: identity

Content-Length: 189

(14)

See Also

X-Amz-Target: InspectorService.AddAttributesToFindings X-Amz-Date: 20160329T233810Z

User-Agent: aws-cli/1.10.12 Python/2.7.9 Windows/7 botocore/1.4.3 Content-Type: application/x-amz-json-1.1

Authorization: AUTHPARAMS {

"attributes": [ {

"key": "Example", "value": "example"

} ],

"findingArns": [

"arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/

template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU"

] }

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: 4c8b9c50-f607-11e5-9380-d76f0924b6d7 Content-Type: application/x-amz-json-1.1

Content-Length: 18

Date: Tue, 29 Mar 2016 23:38:11 GMT {

"failedItems": {}

}

CreateAssessmentTarget

Creates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup (p. 15). If resourceGroupArn is not speciﬁed, all EC2 instances in the current AWS account and region are included in the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service-linked role to grant Amazon Inspector Classic access to AWS Services needed to perform security assessments. You can create up to 50 assessment targets per AWS account. You can run up to 500 concurrent agents per AWS account. For more information, see Amazon Inspector Classic Assessment Targets.

Request Syntax

{

"assessmentTargetName": "string", "resourceGroupArn": "string"

}

Request Parameters

assessmentTargetName (p. 6)

The user-deﬁned name that identiﬁes the assessment target that you want to create. The name must be unique within the AWS account.

Type: String

Required: Yes resourceGroupArn (p. 6)

The ARN that speciﬁes the resource group that is used to create the assessment target. If resourceGroupArn is not speciﬁed, all EC2 instances in the current AWS account and region are included in the assessment target.

Type: String

Required: No

Response Syntax

{ "assessmentTargetArn": "string"

}

Response Elements

(16)

Errors

assessmentTargetArn (p. 6)

The ARN that speciﬁes the assessment target that is created.

Type: String

Errors

InvalidCrossAccountRoleException

Amazon Inspector Classic cannot assume the cross-account role that it needs to list your EC2 instances during the assessment run.

HTTP Status Code: 400 LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

ServiceTemporarilyUnavailableException

The serice is temporary unavailable.

Examples

Example

This example illustrates one usage of CreateAssessmentTarget.

(17)

See Also

Sample Request

POST / HTTP/1.1

Content-Length: 129

X-Amz-Target: InspectorService.CreateAssessmentTarget X-Amz-Date: 20160331T174054Z

"assessmentTargetName": "ExampleAssessmentTarget", "resourceGroupArn": "arn:aws:inspector:us-

west-2:123456789012:resourcegroup/0-AB6DMKnv"

}

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: b87f981e-f767-11e5-82d7-bb83264505be Content-Type: application/x-amz-json-1.1

Content-Length: 84

Date: Thu, 31 Mar 2016 17:40:55 GMT {

"assessmentTargetArn": "arn:aws:inspector:us- west-2:123456789012:target/0-nvgVhaxX"

}

CreateAssessmentTemplate

Creates an assessment template for the assessment target that is speciﬁed by the ARN of the assessment target. If the service-linked role isn’t already registered, this action also creates and registers a service- linked role to grant Amazon Inspector Classic access to AWS Services needed to perform security assessments.

Request Syntax

{

"assessmentTargetArn": "string", "assessmentTemplateName": "string", "durationInSeconds": number, "rulesPackageArns": [ "string" ], "userAttributesForFindings": [ {

} ] }

Request Parameters

The ARN that speciﬁes the assessment target for which you want to create the assessment template.

Type: String

Required: Yes

assessmentTemplateName (p. 9)

The user-deﬁned name that identiﬁes the assessment template that you want to create. You can create several assessment templates for an assessment target. The names of the assessment templates that correspond to a particular assessment target must be unique.

Type: String

Required: Yes durationInSeconds (p. 9)

The duration of the assessment run in seconds.

Type: Integer

Valid Range: Minimum value of 180. Maximum value of 86400.

Required: Yes

(19)

Response Syntax

rulesPackageArns (p. 9)

The ARNs that specify the rules packages that you want to attach to the assessment template.

Required: Yes

userAttributesForFindings (p. 9)

The user-deﬁned attributes that are assigned to every ﬁnding that is generated by the assessment run that uses this assessment template. An attribute is a key and value pair (an Attribute (p. 150) object). Within an assessment template, each key must be unique.

Type: Array of Attribute (p. 150) objects

Required: No

Response Syntax

{ "assessmentTemplateArn": "string"

}

Response Elements

assessmentTemplateArn (p. 10)

The ARN that speciﬁes the assessment template that is created.

Type: String

Errors

(20)

Examples

Example

This example illustrates one usage of CreateAssessmentTemplate.

Sample Request

POST / HTTP/1.1

Content-Length: 335

X-Amz-Target: InspectorService.CreateAssessmentTemplate X-Amz-Date: 20160331T175559Z

"assessmentTargetArn": "arn:aws:inspector:us- west-2:123456789012:target/0-nvgVhaxX",

"assessmentTemplateName": "ExampleAssessmentTemplate", "userAttributesForFindings": [

{

"key": "Example", "value": "example"

} ],

"durationInSeconds": 180, "rulesPackageArns": [

"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-11B9DBXp"

] }

Sample Response

(21)

See Also

HTTP/1.1 200 OK

x-amzn-RequestId: d3d3d58e-f769-11e5-9da0-9bde5220d15c Content-Type: application/x-amz-json-1.1

Content-Length: 106

Date: Thu, 31 Mar 2016 17:56:00 GMT {

"assessmentTemplateArn": "arn:aws:inspector:us- west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T"

}

CreateExclusionsPreview

Starts the generation of an exclusions preview for the speciﬁed assessment template. The exclusions preview lists the potential exclusions (ExclusionPreview) that Inspector Classic can detect before it runs the assessment.

Request Syntax

}

Request Parameters

The ARN that speciﬁes the assessment template for which you want to create an exclusions preview.

Type: String

Required: Yes

Response Syntax

{ "previewToken": "string"

}

Response Elements

previewToken (p. 13)

Specifies the unique identifier of the requested exclusions preview. You can use the unique identifier to retrieve the exclusions preview when running the GetExclusionsPreview API.

Type: String

Pattern: [0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}

Errors

(23)

See Also

PreviewGenerationInProgressException

The request is rejected. The speciﬁed assessment template is currently generating an exclusions preview.

CreateResourceGroup

Creates a resource group using the speciﬁed set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector Classic assessment target. The created resource group is then used to create an Amazon Inspector Classic assessment target. For more information, see CreateAssessmentTarget (p. 6).

Request Syntax

{

"resourceGroupTags": [ {

} ]}

Request Parameters

resourceGroupTags (p. 15)

A collection of keys and an array of possible values, '[{"key":"key1","values":["Value1","Value2"]}, {"key":"Key2","values":["Value3"]}]'.

For example,'[{"key":"Name","values":["TestEC2Instance"]}]'.

Type: Array of ResourceGroupTag (p. 168) objects

Required: Yes

Response Syntax

{

"resourceGroupArn": "string"

}

Response Elements

resourceGroupArn (p. 15)

The ARN that speciﬁes the resource group that is created.

Type: String

(25)

Errors

Examples

Example

This example illustrates one usage of CreateResourceGroup.

Sample Request

POST / HTTP/1.1

Content-Length: 67

X-Amz-Target: InspectorService.CreateResourceGroup X-Amz-Date: 20160331T171757Z

"resourceGroupTags": [ {

"key": "Name", "value": "example"

} ] }

(26)

See Also

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: 8416dfb4-f764-11e5-872a-fde3682789d5 Content-Type: application/x-amz-json-1.1

Content-Length: 88

Date: Thu, 31 Mar 2016 17:17:58 GMT {

"resourceGroupArn": "arn:aws:inspector:us- west-2:123456789012:resourcegroup/0-AB6DMKnv"

}

DeleteAssessmentRun

Deletes the assessment run that is speciﬁed by the ARN of the assessment run.

Request Syntax

{ "assessmentRunArn": "string"

}

Request Parameters

assessmentRunArn (p. 18)

The ARN that speciﬁes the assessment run that you want to delete.

Type: String

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

AssessmentRunInProgressException

You cannot perform a speciﬁed action if an assessment run is currently in progress.

HTTP Status Code: 400 InternalException

Internal server error.

(28)

Examples

Example

This example illustrates one usage of DeleteAssessmentRun.

Sample Request

POST / HTTP/1.1

Content-Length: 117

X-Amz-Target: InspectorService.DeleteAssessmentRun X-Amz-Date: 20160331T183810Z

"assessmentRunArn": "arn:aws:inspector:us-west-2:123456789012:target/0- nvgVhaxX/template/0-it5r2S4T/run/0-11LMTAVe"

}

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: b8494bff-f76f-11e5-9d49-6dd670a2a95d Content-Type: application/x-amz-json-1.1

Content-Length: 0

Date: Thu, 31 Mar 2016 18:38:11 GMT

DeleteAssessmentTarget

Deletes the assessment target that is speciﬁed by the ARN of the assessment target.

Request Syntax

{ "assessmentTargetArn": "string"

}

Request Parameters

The ARN that speciﬁes the assessment target that you want to delete.

Type: String

Required: Yes

Response Elements

Errors

(31)

Examples

Example

This example illustrates one usage of DeleteAssessmentTarget.

Sample Request

POST / HTTP/1.1

Content-Length: 85

X-Amz-Target: InspectorService.DeleteAssessmentTarget X-Amz-Date: 20160331T184144Z

"assessmentTargetArn": "arn:aws:inspector:us- west-2:123456789012:target/0-0kFIPusq"

}

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: 37dee3da-f770-11e5-b61e-e163adb0c30c Content-Type: application/x-amz-json-1.1

Content-Length: 0

Date: Thu, 31 Mar 2016 18:41:45 GMT

DeleteAssessmentTemplate

Deletes the assessment template that is speciﬁed by the ARN of the assessment template.

Request Syntax

}

Request Parameters

The ARN that speciﬁes the assessment template that you want to delete.

Type: String

Required: Yes

Response Elements

Errors

(34)

Examples

Example

This example illustrates one usage of DeleteAssessmentTemplate.

Sample Request

POST / HTTP/1.1

Content-Length: 107

X-Amz-Target: InspectorService.DeleteAssessmentTemplate X-Amz-Date: 20160331T184505Z

"assessmentTemplateArn": "arn:aws:inspector:us- west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T"

}

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: afcc2e7e-f770-11e5-8f9c-054cd1296cf6 Content-Type: application/x-amz-json-1.1

Content-Length: 0

Date: Thu, 31 Mar 2016 18:45:06 GMT

DescribeAssessmentRuns

Describes the assessment runs that are speciﬁed by the ARNs of the assessment runs.

Request Syntax

{

"assessmentRunArns": [ "string" ] }

Request Parameters

assessmentRunArns (p. 27)

The ARN that speciﬁes the assessment run that you want to describe.

Required: Yes

Response Syntax

{

"assessmentRuns": [ {

"arn": "string",

"assessmentTemplateArn": "string", "completedAt": number,

"createdAt": number, "dataCollected": boolean, "durationInSeconds": number, "findingCounts": {

"string" : number },

"name": "string", "notifications": [ {

"date": number, "error": boolean, "event": "string", "message": "string",

"snsPublishStatusCode": "string", "snsTopicArn": "string"

} ],

"rulesPackageArns": [ "string" ], "startedAt": number,

"state": "string",

(37)

Response Elements

"stateChangedAt": number, "stateChanges": [

{

"state": "string", "stateChangedAt": number }

],

"userAttributesForFindings": [ {

} ] } ],

"failedItems": { "string" : {

} }

Response Elements

assessmentRuns (p. 27)

Information about the assessment run.

Type: Array of AssessmentRun (p. 132) objects

Assessment run details that cannot be described. An error code is provided for each failed item.

Errors

(38)

Examples

Example

This example illustrates one usage of DescribeAssessmentRuns.

Sample Request

Content-Length: 120

X-Amz-Target: InspectorService.DescribeAssessmentRuns X-Amz-Date: 20160323T213431Z

"assessmentRunArns": [

template/0-4r1V2mAw/run/0-MKkpXXPE"

] }

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: 0834f495-f13f-11e5-8a9a-395a36305628 Content-Type: application/x-amz-json-1.1

Content-Length: 1156

Date: Wed, 23 Mar 2016 21:34:32 GMT {

"assessmentRuns": [ {

"arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/

template/0-4r1V2mAw/run/0-MKkpXXPE",

"assessmentTemplateArn": "arn:aws:inspector:us- west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw",

"completedAt": 1458680301.4, "createdAt": 1458680170.035, "dataCollected": true, "durationInSeconds": 3600,

"name": "Run 1 for ExampleAssessmentTemplate", "notifications": [],

"rulesPackageArns": [

"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP"

],

"startedAt": 1458680170.161, "state": "COMPLETED",

"stateChangedAt": 1458680301.4, "stateChanges": [

{

"state": "CREATED",

"stateChangedAt": 1458680170.035 },

{

(39)

See Also

"state": "START_DATA_COLLECTION_PENDING", "stateChangedAt": 1458680170.065

}, {

"state": "START_DATA_COLLECTION_IN_PROGRESS", "stateChangedAt": 1458680170.096

}, {

"state": "COLLECTING_DATA", "stateChangedAt": 1458680170.161 },

{

"state": "STOP_DATA_COLLECTION_PENDING", "stateChangedAt": 1458680239.883

}, {

"state": "DATA_COLLECTED", "stateChangedAt": 1458680299.847 },

{

"state": "EVALUATING_RULES", "stateChangedAt": 1458680300.099 },

{

"state": "COMPLETED",

"stateChangedAt": 1458680301.4 }

],

"userAttributesForFindings": []

} ],

"failedItems": {}

}

DescribeAssessmentTargets

Describes the assessment targets that are speciﬁed by the ARNs of the assessment targets.

Request Syntax

{ "assessmentTargetArns": [ "string" ] }

Request Parameters

assessmentTargetArns (p. 31)

The ARNs that speciﬁes the assessment targets that you want to describe.

Required: Yes

Response Syntax

{ "assessmentTargets": [ {

"arn": "string", "createdAt": number, "name": "string",

"resourceGroupArn": "string", "updatedAt": number

} ],

}}

Response Elements

(41)

Errors

assessmentTargets (p. 31)

Information about the assessment targets.

Type: Array of AssessmentTarget (p. 142) objects

Assessment target details that cannot be described. An error code is provided for each failed item.

Errors

Examples

Example

This example illustrates one usage of DescribeAssessmentTargets.

Sample Request

POST / HTTP/1.1

Content-Length: 88

X-Amz-Target: InspectorService.DescribeAssessmentTargets X-Amz-Date: 20160323T214315Z

"assessmentTargetArns": [

"arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq"

] }

(42)

See Also

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: 407ddf01-f140-11e5-823c-bd257ba1495d Content-Type: application/x-amz-json-1.1

Content-Length: 287

Date: Wed, 23 Mar 2016 21:43:16 GMT {

"assessmentTargets": [ {

"arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq", "createdAt": 1458074191.459,

"name": "ExampleAssessmentTarget",

"resourceGroupArn": "arn:aws:inspector:us- west-2:123456789012:resourcegroup/0-PyGXopAI",

"updatedAt": 1458074191.459 }

],

"failedItems": {}

}

DescribeAssessmentTemplates

Describes the assessment templates that are speciﬁed by the ARNs of the assessment templates.

Request Syntax

{ "assessmentTemplateArns": [ "string" ] }

Request Parameters

assessmentTemplateArns (p. 34)

Required: Yes

Response Syntax

{

"assessmentTemplates": [ {

"arn": "string",

"assessmentRunCount": number, "assessmentTargetArn": "string", "createdAt": number,

"durationInSeconds": number, "lastAssessmentRunArn": "string", "name": "string",

"rulesPackageArns": [ "string" ], "userAttributesForFindings": [ {

} ] } ],

}}

(44)

Response Elements

assessmentTemplates (p. 34)

Information about the assessment templates.

Type: Array of AssessmentTemplate (p. 145) objects

Assessment template details that cannot be described. An error code is provided for each failed item.

Errors

Examples

Example

This example illustrates one usage of DescribeAssessmentTemplates.

Sample Request

POST / HTTP/1.1

Content-Length: 110

X-Amz-Target: InspectorService.DescribeAssessmentTemplates X-Amz-Date: 20160323T214822Z

Authorization: AUTHPARAMS

(45)

See Also

{

"assessmentTemplateArns": [

template/0-4r1V2mAw"

] }

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: f73a449b-f140-11e5-b473-ed8493878c40 Content-Type: application/x-amz-json-1.1

Content-Length: 422

Date: Wed, 23 Mar 2016 21:48:23 GMT {

"assessmentTemplates": [ {

"arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/

template/0-4r1V2mAw",

"assessmentTargetArn": "arn:aws:inspector:us- west-2:123456789012:target/0-0kFIPusq",

"createdAt": 1458074191.844, "durationInSeconds": 3600,

"name": "ExampleAssessmentTemplate", "rulesPackageArns": [

"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP"

],

"userAttributesForFindings": []

} ],

"failedItems": {}

}

DescribeCrossAccountAccessRole

Describes the IAM role that enables Amazon Inspector Classic to access your AWS account.

Response Syntax

{ "registeredAt": number, "roleArn": "string", "valid": boolean }

Response Elements

registeredAt (p. 37)

The date when the cross-account access role was registered.

Type: Timestamp roleArn (p. 37)

The ARN that speciﬁes the IAM role that Amazon Inspector Classic uses to access your AWS account.

Type: String

valid (p. 37)

A Boolean value that speciﬁes whether the IAM role has the necessary policies attached to enable Amazon Inspector Classic to access your AWS account.

Type: Boolean

Errors

Examples

Example

This example illustrates one usage of DescribeCrossAccountAccessRole.

(47)

See Also

Sample Request

POST / HTTP/1.1

Content-Length: 2

X-Amz-Target: InspectorService.DescribeCrossAccountAccessRole X-Amz-Date: 20160323T215330Z

Authorization: AUTHPARAMS {}

Sample Response

HTTP/1.1 200 OK

x-amzn-RequestId: aef491a7-f141-11e5-bf1e-bbcaffe8bf2e Content-Type: application/x-amz-json-1.1

Content-Length: 99

Date: Wed, 23 Mar 2016 21:53:32 GMT {

"registeredAt": 1458069182.826,

"roleArn": "arn:aws:iam::123456789012:role/inspector", "valid": true

}

DescribeExclusions

Describes the exclusions that are speciﬁed by the exclusions' ARNs.

Request Syntax

{ "exclusionArns": [ "string" ], "locale": "string"

}

Request Parameters

exclusionArns (p. 39)

The list of ARNs that specify the exclusions that you want to describe.

Required: Yes locale (p. 39)

The locale into which you want to translate the exclusion's title, description, and recommendation.

Type: String

Valid Values: EN_US Required: No

Response Syntax

{ "exclusions": { "string" : { "arn": "string", "attributes": [ {

} ],

"description": "string", "recommendation": "string", "scopes": [

{

"key": "string",

(49)

Response Elements

"value": "string"

} ],

"title": "string"

} },

}}

Response Elements

exclusions (p. 39)

Information about the exclusions.

Type: String to Exclusion (p. 153) object map Map Entries: Maximum number of 100 items.

Exclusion details that cannot be described. An error code is provided for each failed item.

Errors

DescribeFindings

Describes the findings that are specified by the ARNs of the findings.

Request Syntax

{

"findingArns": [ "string" ], "locale": "string"

}

Request Parameters

ﬁndingArns (p. 42)

The ARN that speciﬁes the ﬁnding that you want to describe.

Required: Yes locale (p. 42)

The locale into which you want to translate a finding description, recommendation, and the short description that identifies the finding.

Type: String

Valid Values: EN_US Required: No

Response Syntax

{ "failedItems": { "string" : {

},

"findings": [ {

"arn": "string", "assetAttributes": { "agentId": "string", "amiId": "string",

"autoScalingGroup": "string",

(52)

Response Syntax

"hostname": "string",

"ipv4Addresses": [ "string" ], "networkInterfaces": [ {

"ipv6Addresses": [ "string" ], "networkInterfaceId": "string", "privateDnsName": "string", "privateIpAddress": "string", "privateIpAddresses": [ {

"privateDnsName": "string", "privateIpAddress": "string"

} ],

"publicDnsName": "string", "publicIp": "string", "securityGroups": [ {

"groupId": "string", "groupName": "string"

} ],

"subnetId": "string", "vpcId": "string"

} ],

"schemaVersion": number, "tags": [

{

} ] },

"assetType": "string", "attributes": [ {

} ],

"confidence": number, "createdAt": number, "description": "string", "id": "string",

"indicatorOfCompromise": boolean, "numericSeverity": number, "recommendation": "string", "schemaVersion": number, "service": "string", "serviceAttributes": {

"assessmentRunArn": "string", "rulesPackageArn": "string", "schemaVersion": number },

"severity": "string", "title": "string", "updatedAt": number, "userAttributes": [ {

} ] } ]

Amazon Inspector

Amazon Inspector

API Reference

API Version 2016-02-16

Amazon Inspector: API Reference

Table of Contents

Welcome

Actions

AddAttributesToFindings

Request Syntax

Request Parameters

Response Syntax

Response Elements

Errors

Examples

Example

Sample Request

Sample Response

See Also

CreateAssessmentTarget

Request Syntax

Request Parameters

Response Syntax

Response Elements

Errors

Examples

Example

Sample Request

Sample Response

See Also

CreateAssessmentTemplate

Request Syntax

Request Parameters

Response Syntax

Response Elements

Errors

Examples

Example

Sample Request

Sample Response

See Also

CreateExclusionsPreview

Request Syntax

Request Parameters

Response Syntax

Response Elements

Errors

See Also

CreateResourceGroup

Request Syntax

Request Parameters

Response Syntax

Response Elements

Errors

Examples

Example

Sample Request

Sample Response

See Also

DeleteAssessmentRun

Request Syntax

Request Parameters

Response Elements

Errors

Examples

Example

Sample Request

Sample Response

See Also

DeleteAssessmentTarget

Request Syntax

Request Parameters

Response Elements

Errors

Examples

Example

Sample Request

Sample Response

See Also

DeleteAssessmentTemplate