Inspector2

2023/05/05 - Inspector2 - 1 new api methods

Changes  Amazon Inspector now allows customers to search its vulnerability intelligence database if any of the Inspector scanning types are activated.

SearchVulnerabilities (new) Link ΒΆ

Lists Amazon Inspector coverage details for a specific vulnerability.

See also: AWS API Documentation

Request Syntax

client.search_vulnerabilities(
    filterCriteria={
        'vulnerabilityIds': [
            'string',
        ]
    },
    nextToken='string'
)
type filterCriteria

dict

param filterCriteria

[REQUIRED]

The criteria used to filter the results of a vulnerability search.

  • vulnerabilityIds (list) -- [REQUIRED]

    The IDs for specific vulnerabilities.

    • (string) --

type nextToken

string

param nextToken

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

rtype

dict

returns

Response Syntax

{
    'nextToken': 'string',
    'vulnerabilities': [
        {
            'atigData': {
                'firstSeen': datetime(2015, 1, 1),
                'lastSeen': datetime(2015, 1, 1),
                'targets': [
                    'string',
                ],
                'ttps': [
                    'string',
                ]
            },
            'cisaData': {
                'action': 'string',
                'dateAdded': datetime(2015, 1, 1),
                'dateDue': datetime(2015, 1, 1)
            },
            'cvss2': {
                'baseScore': 123.0,
                'scoringVector': 'string'
            },
            'cvss3': {
                'baseScore': 123.0,
                'scoringVector': 'string'
            },
            'cwes': [
                'string',
            ],
            'description': 'string',
            'detectionPlatforms': [
                'string',
            ],
            'epss': {
                'score': 123.0
            },
            'exploitObserved': {
                'firstSeen': datetime(2015, 1, 1),
                'lastSeen': datetime(2015, 1, 1)
            },
            'id': 'string',
            'referenceUrls': [
                'string',
            ],
            'relatedVulnerabilities': [
                'string',
            ],
            'source': 'NVD',
            'sourceUrl': 'string',
            'vendorCreatedAt': datetime(2015, 1, 1),
            'vendorSeverity': 'string',
            'vendorUpdatedAt': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

  • (dict) --

    • nextToken (string) --

      The pagination parameter to be used on the next list operation to retrieve more items.

    • vulnerabilities (list) --

      Details about the listed vulnerability.

      • (dict) --

        Contains details about a specific vulnerability Amazon Inspector can detect.

        • atigData (dict) --

          An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability.

          • firstSeen (datetime) --

            The date and time this vulnerability was first observed.

          • lastSeen (datetime) --

            The date and time this vulnerability was last observed.

          • targets (list) --

            The commercial sectors this vulnerability targets.

            • (string) --

          • ttps (list) --

            The MITRE ATT&CK tactics, techniques, and procedures (TTPs) associated with vulnerability.

            • (string) --

        • cisaData (dict) --

          An object that contains the Cybersecurity and Infrastructure Security Agency (CISA) details for the vulnerability.

          • action (string) --

            The remediation action recommended by CISA for this vulnerability.

          • dateAdded (datetime) --

            The date and time CISA added this vulnerability to their catalogue.

          • dateDue (datetime) --

            The date and time CISA expects a fix to have been provided vulnerability.

        • cvss2 (dict) --

          An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability.

          • baseScore (float) --

            The CVSS v2 base score for the vulnerability.

          • scoringVector (string) --

            The scoring vector associated with the CVSS v2 score.

        • cvss3 (dict) --

          An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability.

          • baseScore (float) --

            The CVSS v3 base score for the vulnerability.

          • scoringVector (string) --

            The scoring vector associated with the CVSS v3 score.

        • cwes (list) --

          The Common Weakness Enumeration (CWE) associated with the vulnerability.

          • (string) --

        • description (string) --

          A description of the vulnerability.

        • detectionPlatforms (list) --

          Platforms that the vulnerability can be detected on.

          • (string) --

        • epss (dict) --

          An object that contains the Exploit Prediction Scoring System (EPSS) score.

          • score (float) --

            The Exploit Prediction Scoring System (EPSS) score.

        • exploitObserved (dict) --

          An object that contains details on when the exploit was observed.

          • firstSeen (datetime) --

            The date an time when the exploit was first seen.

          • lastSeen (datetime) --

            The date an time when the exploit was last seen.

        • id (string) --

          The ID for the specific vulnerability.

        • referenceUrls (list) --

          Links to various resources with more information on this vulnerability.

          • (string) --

        • relatedVulnerabilities (list) --

          A list of related vulnerabilities.

          • (string) --

        • source (string) --

          The source of the vulnerability information.

        • sourceUrl (string) --

          A link to the official source material for this vulnerability.

        • vendorCreatedAt (datetime) --

          The date and time when the vendor created this vulnerability.

        • vendorSeverity (string) --

          The severity assigned by the vendor.

        • vendorUpdatedAt (datetime) --

          The date and time when the vendor last updated this vulnerability.