list_finding_aggregations
(**kwargs)¶Lists aggregated finding data for your environment based on specific criteria.
See also: AWS API Documentation
Request Syntax
response = client.list_finding_aggregations(
accountIds=[
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
aggregationRequest={
'accountAggregation': {
'findingType': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY',
'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION',
'sortBy': 'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC'
},
'amiAggregation': {
'amis': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'sortBy': 'CRITICAL'|'HIGH'|'ALL'|'AFFECTED_INSTANCES',
'sortOrder': 'ASC'|'DESC'
},
'awsEcrContainerAggregation': {
'architectures': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'imageShas': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'imageTags': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'repositories': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'resourceIds': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'sortBy': 'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC'
},
'ec2InstanceAggregation': {
'amis': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'instanceIds': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'instanceTags': [
{
'comparison': 'EQUALS',
'key': 'string',
'value': 'string'
},
],
'operatingSystems': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'sortBy': 'NETWORK_FINDINGS'|'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC'
},
'findingTypeAggregation': {
'findingType': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY',
'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION',
'sortBy': 'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC'
},
'imageLayerAggregation': {
'layerHashes': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'repositories': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'resourceIds': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'sortBy': 'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC'
},
'lambdaFunctionAggregation': {
'functionNames': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'functionTags': [
{
'comparison': 'EQUALS',
'key': 'string',
'value': 'string'
},
],
'resourceIds': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'runtimes': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'sortBy': 'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC'
},
'lambdaLayerAggregation': {
'functionNames': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'layerArns': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'resourceIds': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'sortBy': 'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC'
},
'packageAggregation': {
'packageNames': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'sortBy': 'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC'
},
'repositoryAggregation': {
'repositories': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'sortBy': 'CRITICAL'|'HIGH'|'ALL'|'AFFECTED_IMAGES',
'sortOrder': 'ASC'|'DESC'
},
'titleAggregation': {
'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION',
'sortBy': 'CRITICAL'|'HIGH'|'ALL',
'sortOrder': 'ASC'|'DESC',
'titles': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
],
'vulnerabilityIds': [
{
'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS',
'value': 'string'
},
]
}
},
aggregationType='FINDING_TYPE'|'PACKAGE'|'TITLE'|'REPOSITORY'|'AMI'|'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER'|'IMAGE_LAYER'|'ACCOUNT'|'AWS_LAMBDA_FUNCTION'|'LAMBDA_LAYER',
maxResults=123,
nextToken='string'
)
The Amazon Web Services account IDs to retrieve finding aggregation data for.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
Details of the aggregation request that is used to filter your aggregation results.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: accountAggregation
, amiAggregation
, awsEcrContainerAggregation
, ec2InstanceAggregation
, findingTypeAggregation
, imageLayerAggregation
, lambdaFunctionAggregation
, lambdaLayerAggregation
, packageAggregation
, repositoryAggregation
, titleAggregation
.
An object that contains details about an aggregation request based on Amazon Web Services account IDs.
The type of finding.
The type of resource.
The value to sort by.
The sort order (ascending or descending).
An object that contains details about an aggregation request based on Amazon Machine Images (AMIs).
The IDs of AMIs to aggregate findings for.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The value to sort results by.
The order to sort results by.
An object that contains details about an aggregation request based on Amazon ECR container images.
The architecture of the containers.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The image SHA values.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The image tags.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The container repositories.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The container resource IDs.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The value to sort by.
The sort order (ascending or descending).
An object that contains details about an aggregation request based on Amazon EC2 instances.
The AMI IDs associated with the Amazon EC2 instances to aggregate findings for.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The Amazon EC2 instance IDs to aggregate findings for.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The Amazon EC2 instance tags to aggregate findings for.
An object that describes details of a map filter.
The operator to use when comparing values in the filter.
The tag key used in the filter.
The tag value used in the filter.
The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are ORACLE_LINUX_7
and ALPINE_LINUX_3_8
.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The value to sort results by.
The order to sort results by.
An object that contains details about an aggregation request based on finding types.
The finding type to aggregate.
The resource type to aggregate.
The value to sort results by.
The order to sort results by.
An object that contains details about an aggregation request based on container image layers.
The hashes associated with the layers.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The repository associated with the container image hosting the layers.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The ID of the container image layer.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The value to sort results by.
The order to sort results by.
Returns an object with findings aggregated by AWS Lambda function.
The AWS Lambda function names to include in the aggregation results.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The tags to include in the aggregation results.
An object that describes details of a map filter.
The operator to use when comparing values in the filter.
The tag key used in the filter.
The tag value used in the filter.
The resource IDs to include in the aggregation results.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
Returns findings aggregated by AWS Lambda function runtime environments.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The finding severity to use for sorting the results.
The order to use for sorting the results.
Returns an object with findings aggregated by AWS Lambda layer.
The names of the AWS Lambda functions associated with the layers.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The Amazon Resource Name (ARN) of the AWS Lambda function layer.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The resource IDs for the AWS Lambda function layers.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The finding severity to use for sorting the results.
The order to use for sorting the results.
An object that contains details about an aggregation request based on operating system package type.
The names of packages to aggregate findings on.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The value to sort results by.
The order to sort results by.
An object that contains details about an aggregation request based on Amazon ECR repositories.
The names of repositories to aggregate findings on.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The value to sort results by.
The order to sort results by.
An object that contains details about an aggregation request based on finding title.
The resource type to aggregate on.
The value to sort results by.
The order to sort results by.
The finding titles to aggregate on.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
The vulnerability IDs of the findings.
An object that describes the details of a string filter.
The operator to use when comparing values in the filter.
The value to filter on.
[REQUIRED]
The type of the aggregation request.
NextToken
value returned from the previous request to continue listing results after the first page.dict
Response Syntax
{
'aggregationType': 'FINDING_TYPE'|'PACKAGE'|'TITLE'|'REPOSITORY'|'AMI'|'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER'|'IMAGE_LAYER'|'ACCOUNT'|'AWS_LAMBDA_FUNCTION'|'LAMBDA_LAYER',
'nextToken': 'string',
'responses': [
{
'accountAggregation': {
'accountId': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'amiAggregation': {
'accountId': 'string',
'affectedInstances': 123,
'ami': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'awsEcrContainerAggregation': {
'accountId': 'string',
'architecture': 'string',
'imageSha': 'string',
'imageTags': [
'string',
],
'repository': 'string',
'resourceId': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'ec2InstanceAggregation': {
'accountId': 'string',
'ami': 'string',
'instanceId': 'string',
'instanceTags': {
'string': 'string'
},
'networkFindings': 123,
'operatingSystem': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'findingTypeAggregation': {
'accountId': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'imageLayerAggregation': {
'accountId': 'string',
'layerHash': 'string',
'repository': 'string',
'resourceId': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'lambdaFunctionAggregation': {
'accountId': 'string',
'functionName': 'string',
'lambdaTags': {
'string': 'string'
},
'lastModifiedAt': datetime(2015, 1, 1),
'resourceId': 'string',
'runtime': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'lambdaLayerAggregation': {
'accountId': 'string',
'functionName': 'string',
'layerArn': 'string',
'resourceId': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'packageAggregation': {
'accountId': 'string',
'packageName': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'repositoryAggregation': {
'accountId': 'string',
'affectedImages': 123,
'repository': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
}
},
'titleAggregation': {
'accountId': 'string',
'severityCounts': {
'all': 123,
'critical': 123,
'high': 123,
'medium': 123
},
'title': 'string',
'vulnerabilityId': 'string'
}
},
]
}
Response Structure
(dict) --
aggregationType (string) --
The type of aggregation to perform.
nextToken (string) --
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken
value returned from the previous request to continue listing results after the first page.
responses (list) --
Objects that contain the results of an aggregation operation.
(dict) --
A structure that contains details about the results of an aggregation type.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: accountAggregation
, amiAggregation
, awsEcrContainerAggregation
, ec2InstanceAggregation
, findingTypeAggregation
, imageLayerAggregation
, lambdaFunctionAggregation
, lambdaLayerAggregation
, packageAggregation
, repositoryAggregation
, titleAggregation
. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER
as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER
is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
accountAggregation (dict) --
An object that contains details about an aggregation response based on Amazon Web Services account IDs.
accountId (string) --
The Amazon Web Services account ID.
severityCounts (dict) --
The number of findings by severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
amiAggregation (dict) --
An object that contains details about an aggregation response based on Amazon Machine Images (AMIs).
accountId (string) --
The Amazon Web Services account ID for the AMI.
affectedInstances (integer) --
The IDs of Amazon EC2 instances using this AMI.
ami (string) --
The ID of the AMI that findings were aggregated for.
severityCounts (dict) --
An object that contains the count of matched findings per severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
awsEcrContainerAggregation (dict) --
An object that contains details about an aggregation response based on Amazon ECR container images.
accountId (string) --
The Amazon Web Services account ID of the account that owns the container.
architecture (string) --
The architecture of the container.
imageSha (string) --
The SHA value of the container image.
imageTags (list) --
The container image stags.
repository (string) --
The container repository.
resourceId (string) --
The resource ID of the container.
severityCounts (dict) --
The number of finding by severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
ec2InstanceAggregation (dict) --
An object that contains details about an aggregation response based on Amazon EC2 instances.
accountId (string) --
The Amazon Web Services account for the Amazon EC2 instance.
ami (string) --
The Amazon Machine Image (AMI) of the Amazon EC2 instance.
instanceId (string) --
The Amazon EC2 instance ID.
instanceTags (dict) --
The tags attached to the instance.
networkFindings (integer) --
The number of network findings for the Amazon EC2 instance.
operatingSystem (string) --
The operating system of the Amazon EC2 instance.
severityCounts (dict) --
An object that contains the count of matched findings per severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
findingTypeAggregation (dict) --
An object that contains details about an aggregation response based on finding types.
accountId (string) --
The ID of the Amazon Web Services account associated with the findings.
severityCounts (dict) --
The value to sort results by.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
imageLayerAggregation (dict) --
An object that contains details about an aggregation response based on container image layers.
accountId (string) --
The ID of the Amazon Web Services account that owns the container image hosting the layer image.
layerHash (string) --
The layer hash.
repository (string) --
The repository the layer resides in.
resourceId (string) --
The resource ID of the container image layer.
severityCounts (dict) --
An object that represents the count of matched findings per severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
lambdaFunctionAggregation (dict) --
An aggregation of findings by AWS Lambda function.
accountId (string) --
The ID of the AWS account that owns the AWS Lambda function.
functionName (string) --
The AWS Lambda function names included in the aggregation results.
lambdaTags (dict) --
The tags included in the aggregation results.
lastModifiedAt (datetime) --
The date that the AWS Lambda function included in the aggregation results was last changed.
resourceId (string) --
The resource IDs included in the aggregation results.
runtime (string) --
The runtimes included in the aggregation results.
severityCounts (dict) --
An object that contains the counts of aggregated finding per severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
lambdaLayerAggregation (dict) --
An aggregation of findings by AWS Lambda layer.
accountId (string) --
The account ID of the AWS Lambda function layer.
functionName (string) --
The names of the AWS Lambda functions associated with the layers.
layerArn (string) --
The Amazon Resource Name (ARN) of the AWS Lambda function layer.
resourceId (string) --
The Resource ID of the AWS Lambda function layer.
severityCounts (dict) --
An object that contains the counts of aggregated finding per severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
packageAggregation (dict) --
An object that contains details about an aggregation response based on operating system package type.
accountId (string) --
The ID of the Amazon Web Services account associated with the findings.
packageName (string) --
The name of the operating system package.
severityCounts (dict) --
An object that contains the count of matched findings per severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
repositoryAggregation (dict) --
An object that contains details about an aggregation response based on Amazon ECR repositories.
accountId (string) --
The ID of the Amazon Web Services account associated with the findings.
affectedImages (integer) --
The number of container images impacted by the findings.
repository (string) --
The name of the repository associated with the findings.
severityCounts (dict) --
An object that represent the count of matched findings per severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
titleAggregation (dict) --
An object that contains details about an aggregation response based on finding title.
accountId (string) --
The ID of the Amazon Web Services account associated with the findings.
severityCounts (dict) --
An object that represent the count of matched findings per severity.
all (integer) --
The total count of findings from all severities.
critical (integer) --
The total count of critical severity findings.
high (integer) --
The total count of high severity findings.
medium (integer) --
The total count of medium severity findings.
title (string) --
The title that the findings were aggregated on.
vulnerabilityId (string) --
The vulnerability ID of the finding.
Exceptions
Inspector2.Client.exceptions.ValidationException
Inspector2.Client.exceptions.ThrottlingException
Inspector2.Client.exceptions.InternalServerException