Inspector2

2023/07/31 - Inspector2 - 1 new api methods

Changes  This release adds 1 new API: BatchGetFindingDetails to retrieve enhanced vulnerability intelligence details for findings.

BatchGetFindingDetails (new) Link ΒΆ

Gets vulnerability details for findings.

See also: AWS API Documentation

Request Syntax

client.batch_get_finding_details(
    findingArns=[
        'string',
    ]
)
type findingArns

list

param findingArns

[REQUIRED]

A list of finding ARNs.

  • (string) --

rtype

dict

returns

Response Syntax

{
    'errors': [
        {
            'errorCode': 'INTERNAL_ERROR'|'ACCESS_DENIED'|'FINDING_DETAILS_NOT_FOUND'|'INVALID_INPUT',
            'errorMessage': 'string',
            'findingArn': 'string'
        },
    ],
    'findingDetails': [
        {
            'cisaData': {
                'action': 'string',
                'dateAdded': datetime(2015, 1, 1),
                'dateDue': datetime(2015, 1, 1)
            },
            'cwes': [
                'string',
            ],
            'epssScore': 123.0,
            'evidences': [
                {
                    'evidenceDetail': 'string',
                    'evidenceRule': 'string',
                    'severity': 'string'
                },
            ],
            'exploitObserved': {
                'firstSeen': datetime(2015, 1, 1),
                'lastSeen': datetime(2015, 1, 1)
            },
            'findingArn': 'string',
            'referenceUrls': [
                'string',
            ],
            'riskScore': 123,
            'tools': [
                'string',
            ],
            'ttps': [
                'string',
            ]
        },
    ]
}

Response Structure

  • (dict) --

    • errors (list) --

      Error information for findings that details could not be returned for.

      • (dict) --

        Details about an error encountered when trying to return vulnerability data for a finding.

        • errorCode (string) --

          The error code.

        • errorMessage (string) --

          The error message.

        • findingArn (string) --

          The finding ARN that returned an error.

    • findingDetails (list) --

      A finding's vulnerability details.

      • (dict) --

        Details of the vulnerability identified in a finding.

        • cisaData (dict) --

          The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.

          • action (string) --

            The remediation action recommended by CISA for this vulnerability.

          • dateAdded (datetime) --

            The date and time CISA added this vulnerability to their catalogue.

          • dateDue (datetime) --

            The date and time CISA expects a fix to have been provided vulnerability.

        • cwes (list) --

          The Common Weakness Enumerations (CWEs) associated with the vulnerability.

          • (string) --

        • epssScore (float) --

          The Exploit Prediction Scoring System (EPSS) score of the vulnerability.

        • evidences (list) --

          Information on the evidence of the vulnerability.

          • (dict) --

            Details of the evidence for a vulnerability identified in a finding.

            • evidenceDetail (string) --

              The evidence details.

            • evidenceRule (string) --

              The evidence rule.

            • severity (string) --

              The evidence severity.

        • exploitObserved (dict) --

          Contains information on when this exploit was observed.

          • firstSeen (datetime) --

            The date an time when the exploit was first seen.

          • lastSeen (datetime) --

            The date an time when the exploit was last seen.

        • findingArn (string) --

          The finding ARN that the vulnerability details are associated with.

        • referenceUrls (list) --

          The reference URLs for the vulnerability data.

          • (string) --

        • riskScore (integer) --

          The risk score of the vulnerability.

        • tools (list) --

          The known malware tools or kits that can exploit the vulnerability.

          • (string) --

        • ttps (list) --

          The MITRE adversary tactics, techniques, or procedures (TTPs) associated with the vulnerability.

          • (string) --