Inspector2 / Client / create_findings_report

create_findings_report#

Inspector2.Client.create_findings_report(**kwargs)#

Creates a finding report. By default only ACTIVE findings are returned in the report. To see SUPRESSED or CLOSED findings you must specify a value for the findingStatus filter criteria.

See also: AWS API Documentation

Request Syntax

response = client.create_findings_report(
    filterCriteria={
        'awsAccountId': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'componentId': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'componentType': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ec2InstanceImageId': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ec2InstanceSubnetId': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ec2InstanceVpcId': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ecrImageArchitecture': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ecrImageHash': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ecrImagePushedAt': [
            {
                'endInclusive': datetime(2015, 1, 1),
                'startInclusive': datetime(2015, 1, 1)
            },
        ],
        'ecrImageRegistry': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ecrImageRepositoryName': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'ecrImageTags': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'exploitAvailable': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'findingArn': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'findingStatus': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'findingType': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'firstObservedAt': [
            {
                'endInclusive': datetime(2015, 1, 1),
                'startInclusive': datetime(2015, 1, 1)
            },
        ],
        'fixAvailable': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'inspectorScore': [
            {
                'lowerInclusive': 123.0,
                'upperInclusive': 123.0
            },
        ],
        'lambdaFunctionExecutionRoleArn': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'lambdaFunctionLastModifiedAt': [
            {
                'endInclusive': datetime(2015, 1, 1),
                'startInclusive': datetime(2015, 1, 1)
            },
        ],
        'lambdaFunctionLayers': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'lambdaFunctionName': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'lambdaFunctionRuntime': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'lastObservedAt': [
            {
                'endInclusive': datetime(2015, 1, 1),
                'startInclusive': datetime(2015, 1, 1)
            },
        ],
        'networkProtocol': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'portRange': [
            {
                'beginInclusive': 123,
                'endInclusive': 123
            },
        ],
        'relatedVulnerabilities': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'resourceId': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'resourceTags': [
            {
                'comparison': 'EQUALS',
                'key': 'string',
                'value': 'string'
            },
        ],
        'resourceType': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'severity': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'title': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'updatedAt': [
            {
                'endInclusive': datetime(2015, 1, 1),
                'startInclusive': datetime(2015, 1, 1)
            },
        ],
        'vendorSeverity': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'vulnerabilityId': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'vulnerabilitySource': [
            {
                'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                'value': 'string'
            },
        ],
        'vulnerablePackages': [
            {
                'architecture': {
                    'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                    'value': 'string'
                },
                'epoch': {
                    'lowerInclusive': 123.0,
                    'upperInclusive': 123.0
                },
                'name': {
                    'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                    'value': 'string'
                },
                'release': {
                    'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                    'value': 'string'
                },
                'sourceLambdaLayerArn': {
                    'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                    'value': 'string'
                },
                'sourceLayerHash': {
                    'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                    'value': 'string'
                },
                'version': {
                    'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
                    'value': 'string'
                }
            },
        ]
    },
    reportFormat='CSV'|'JSON',
    s3Destination={
        'bucketName': 'string',
        'keyPrefix': 'string',
        'kmsKeyArn': 'string'
    }
)
Parameters:
  • filterCriteria (dict) –

    The filter criteria to apply to the results of the finding report.

    • awsAccountId (list) –

      Details of the Amazon Web Services account IDs used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • componentId (list) –

      Details of the component IDs used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • componentType (list) –

      Details of the component types used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • ec2InstanceImageId (list) –

      Details of the Amazon EC2 instance image IDs used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • ec2InstanceSubnetId (list) –

      Details of the Amazon EC2 instance subnet IDs used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • ec2InstanceVpcId (list) –

      Details of the Amazon EC2 instance VPC IDs used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • ecrImageArchitecture (list) –

      Details of the Amazon ECR image architecture types used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • ecrImageHash (list) –

      Details of the Amazon ECR image hashes used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • ecrImagePushedAt (list) –

      Details on the Amazon ECR image push date and time used to filter findings.

      • (dict) –

        Contains details on the time range used to filter findings.

        • endInclusive (datetime) –

          A timestamp representing the end of the time period filtered on.

        • startInclusive (datetime) –

          A timestamp representing the start of the time period filtered on.

    • ecrImageRegistry (list) –

      Details on the Amazon ECR registry used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • ecrImageRepositoryName (list) –

      Details on the name of the Amazon ECR repository used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • ecrImageTags (list) –

      The tags attached to the Amazon ECR container image.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • exploitAvailable (list) –

      Filters the list of AWS Lambda findings by the availability of exploits.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • findingArn (list) –

      Details on the finding ARNs used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • findingStatus (list) –

      Details on the finding status types used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • findingType (list) –

      Details on the finding types used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • firstObservedAt (list) –

      Details on the date and time a finding was first seen used to filter findings.

      • (dict) –

        Contains details on the time range used to filter findings.

        • endInclusive (datetime) –

          A timestamp representing the end of the time period filtered on.

        • startInclusive (datetime) –

          A timestamp representing the start of the time period filtered on.

    • fixAvailable (list) –

      Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • inspectorScore (list) –

      The Amazon Inspector score to filter on.

      • (dict) –

        An object that describes the details of a number filter.

        • lowerInclusive (float) –

          The lowest number to be included in the filter.

        • upperInclusive (float) –

          The highest number to be included in the filter.

    • lambdaFunctionExecutionRoleArn (list) –

      Filters the list of AWS Lambda functions by execution role.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • lambdaFunctionLastModifiedAt (list) –

      Filters the list of AWS Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format

      • (dict) –

        Contains details on the time range used to filter findings.

        • endInclusive (datetime) –

          A timestamp representing the end of the time period filtered on.

        • startInclusive (datetime) –

          A timestamp representing the start of the time period filtered on.

    • lambdaFunctionLayers (list) –

      Filters the list of AWS Lambda functions by the function’s layers. A Lambda function can have up to five layers.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • lambdaFunctionName (list) –

      Filters the list of AWS Lambda functions by the name of the function.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • lambdaFunctionRuntime (list) –

      Filters the list of AWS Lambda functions by the runtime environment for the Lambda function.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • lastObservedAt (list) –

      Details on the date and time a finding was last seen used to filter findings.

      • (dict) –

        Contains details on the time range used to filter findings.

        • endInclusive (datetime) –

          A timestamp representing the end of the time period filtered on.

        • startInclusive (datetime) –

          A timestamp representing the start of the time period filtered on.

    • networkProtocol (list) –

      Details on the ingress source addresses used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • portRange (list) –

      Details on the port ranges used to filter findings.

      • (dict) –

        An object that describes the details of a port range filter.

        • beginInclusive (integer) –

          The port number the port range begins at.

        • endInclusive (integer) –

          The port number the port range ends at.

    • relatedVulnerabilities (list) –

      Details on the related vulnerabilities used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • resourceId (list) –

      Details on the resource IDs used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • resourceTags (list) –

      Details on the resource tags used to filter findings.

      • (dict) –

        An object that describes details of a map filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • key (string) – [REQUIRED]

          The tag key used in the filter.

        • value (string) –

          The tag value used in the filter.

    • resourceType (list) –

      Details on the resource types used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • severity (list) –

      Details on the severity used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • title (list) –

      Details on the finding title used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • updatedAt (list) –

      Details on the date and time a finding was last updated at used to filter findings.

      • (dict) –

        Contains details on the time range used to filter findings.

        • endInclusive (datetime) –

          A timestamp representing the end of the time period filtered on.

        • startInclusive (datetime) –

          A timestamp representing the start of the time period filtered on.

    • vendorSeverity (list) –

      Details on the vendor severity used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • vulnerabilityId (list) –

      Details on the vulnerability ID used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • vulnerabilitySource (list) –

      Details on the vulnerability type used to filter findings.

      • (dict) –

        An object that describes the details of a string filter.

        • comparison (string) – [REQUIRED]

          The operator to use when comparing values in the filter.

        • value (string) – [REQUIRED]

          The value to filter on.

    • vulnerablePackages (list) –

      Details on the vulnerable packages used to filter findings.

      • (dict) –

        Contains information on the details of a package filter.

        • architecture (dict) –

          An object that contains details on the package architecture type to filter on.

          • comparison (string) – [REQUIRED]

            The operator to use when comparing values in the filter.

          • value (string) – [REQUIRED]

            The value to filter on.

        • epoch (dict) –

          An object that contains details on the package epoch to filter on.

          • lowerInclusive (float) –

            The lowest number to be included in the filter.

          • upperInclusive (float) –

            The highest number to be included in the filter.

        • name (dict) –

          An object that contains details on the name of the package to filter on.

          • comparison (string) – [REQUIRED]

            The operator to use when comparing values in the filter.

          • value (string) – [REQUIRED]

            The value to filter on.

        • release (dict) –

          An object that contains details on the package release to filter on.

          • comparison (string) – [REQUIRED]

            The operator to use when comparing values in the filter.

          • value (string) – [REQUIRED]

            The value to filter on.

        • sourceLambdaLayerArn (dict) –

          An object that describes the details of a string filter.

          • comparison (string) – [REQUIRED]

            The operator to use when comparing values in the filter.

          • value (string) – [REQUIRED]

            The value to filter on.

        • sourceLayerHash (dict) –

          An object that contains details on the source layer hash to filter on.

          • comparison (string) – [REQUIRED]

            The operator to use when comparing values in the filter.

          • value (string) – [REQUIRED]

            The value to filter on.

        • version (dict) –

          The package version to filter on.

          • comparison (string) – [REQUIRED]

            The operator to use when comparing values in the filter.

          • value (string) – [REQUIRED]

            The value to filter on.

  • reportFormat (string) –

    [REQUIRED]

    The format to generate the report in.

  • s3Destination (dict) –

    [REQUIRED]

    The Amazon S3 export destination for the report.

    • bucketName (string) – [REQUIRED]

      The name of the Amazon S3 bucket to export findings to.

    • keyPrefix (string) –

      The prefix of the Amazon S3 bucket used to export findings.

    • kmsKeyArn (string) – [REQUIRED]

      The ARN of the KMS key used to encrypt data when exporting findings.

Return type:

dict

Returns:

Response Syntax

{
    'reportId': 'string'
}

Response Structure

  • (dict) –

    • reportId (string) –

      The ID of the report.

Exceptions

  • Inspector2.Client.exceptions.ValidationException

  • Inspector2.Client.exceptions.AccessDeniedException

  • Inspector2.Client.exceptions.ResourceNotFoundException

  • Inspector2.Client.exceptions.ThrottlingException

  • Inspector2.Client.exceptions.InternalServerException