There are more AWS SDK examples available in the AWS Doc SDK Examples
Amazon Inspector examples using AWS CLI
The following code examples show you how to perform actions and implement common scenarios by using the AWS Command Line Interface with Amazon Inspector.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Topics
Actions
The following code example shows how to use add-attributes-to-findings.
- AWS CLI
-
To add attributes to findings
The following
add-attribute-to-findingcommand assigns an attribute with the key ofExampleand value ofexampleto the finding with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU:aws inspector add-attributes-to-findings --finding-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU--attributeskey=Example,value=exampleOutput:
{ "failedItems": {} }For more information, see Amazon Inspector Findings in the Amazon Inspector guide.
-
For API details, see AddAttributesToFindings
in AWS CLI Command Reference.
-
The following code example shows how to use associate-member.
- AWS CLI
-
Example: To associate an AWS account with an Amazon Inspector delegated administrator
The following
associate-memberexample associates an AWS account with an Amazon Inspector delegated administrator.aws inspector2 associate-member \ --account-id123456789012Output:
{ "accountId": "123456789012" }For more information, see Managing multiple accounts in Amazon Inspector with AWS Organizations in the Amazon Inspector User Guide.
-
For API details, see AssociateMember
in AWS CLI Command Reference.
-
The following code example shows how to use create-assessment-target.
- AWS CLI
-
To create an assessment target
The following
create-assessment-targetcommand creates an assessment target namedExampleAssessmentTargetusing the resource group with the ARN ofarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-AB6DMKnv:aws inspector create-assessment-target --assessment-target-nameExampleAssessmentTarget--resource-group-arnarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-AB6DMKnvOutput:
{ "assessmentTargetArn": "arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX" }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see CreateAssessmentTarget
in AWS CLI Command Reference.
-
The following code example shows how to use create-assessment-template.
- AWS CLI
-
To create an assessment template
The following
create-assessment-templatecommand creates an assessment template calledExampleAssessmentTemplatefor the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX:aws inspector create-assessment-template --assessment-target-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX--assessment-template-nameExampleAssessmentTemplate--duration-in-seconds180--rules-package-arnsarn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p--user-attributes-for-findingskey=ExampleTag,value=examplevalueOutput:
{ "assessmentTemplateArn": "arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T" }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see CreateAssessmentTemplate
in AWS CLI Command Reference.
-
The following code example shows how to use create-filter.
- AWS CLI
-
To create a filter
The following
create-filterexample creates a suppression rule that omits ECR instance type findings.aws inspector2 create-filter \ --name"ExampleSuppressionRuleECR"\ --description"This suppression rule omits ECR instance type findings"\ --actionSUPPRESS\ --filter-criteria 'resourceType=[{comparison="EQUALS", value="AWS_ECR_INSTANCE"}]'Output:
{ "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444" }For more information, see Filtering Amazon Inspector findings in the Amazon Inspector User Guide.
-
For API details, see CreateFilter
in AWS CLI Command Reference.
-
The following code example shows how to use create-findings-report.
- AWS CLI
-
To create a findings report
The following
create-findings-reportexample creates a finding report.aws inspector2 create-findings-report \ --report-formatCSV\ --s3-destinationbucketName=inspector-sbom-123456789012,keyPrefix=sbom-key,kmsKeyArn=arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333\ --filter-criteria '{"ecrImageRepositoryName":[{"comparison":"EQUALS","value":"debian"}]}'Output:
{ "reportId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333" }For more information, see Managing findings in Amazon Inspector in the Amazon Inspector User Guide.
-
For API details, see CreateFindingsReport
in AWS CLI Command Reference.
-
The following code example shows how to use create-resource-group.
- AWS CLI
-
To create a resource group
The following
create-resource-groupcommand creates a resource group using the tag key ofNameand value ofexample:aws inspector create-resource-group --resource-group-tagskey=Name,value=exampleOutput:
{ "resourceGroupArn": "arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-AB6DMKnv" }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see CreateResourceGroup
in AWS CLI Command Reference.
-
The following code example shows how to use create-sbom-export.
- AWS CLI
-
To create a software bill of materials (SBOM) report
The following
create-sbom-exportexample creates a software bill of materials (SBOM) report.aws inspector2 create-sbom-export \ --report-formatSPDX_2_3\ --resource-filter-criteria 'ecrRepositoryName=[{comparison="EQUALS",value="debian"}]' \ --s3-destinationbucketName=inspector-sbom-123456789012,keyPrefix=sbom-key,kmsKeyArn=arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333Output:
{ "reportId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333" }For more information, see Exporting SBOMs with Amazon Inspector in the Amazon Inspector User Guide.
-
For API details, see CreateSbomExport
in AWS CLI Command Reference.
-
The following code example shows how to use delete-assessment-run.
- AWS CLI
-
To delete an assessment run
The following
delete-assessment-runcommand deletes the assessment run with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-11LMTAVe:aws inspector delete-assessment-run --assessment-run-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-11LMTAVeFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see DeleteAssessmentRun
in AWS CLI Command Reference.
-
The following code example shows how to use delete-assessment-target.
- AWS CLI
-
To delete an assessment target
The following
delete-assessment-targetcommand deletes the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq:aws inspector delete-assessment-target --assessment-target-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusqFor more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see DeleteAssessmentTarget
in AWS CLI Command Reference.
-
The following code example shows how to use delete-assessment-template.
- AWS CLI
-
To delete an assessment template
The following
delete-assessment-templatecommand deletes the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T:aws inspector delete-assessment-template --assessment-template-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4TFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see DeleteAssessmentTemplate
in AWS CLI Command Reference.
-
The following code example shows how to use delete-filter.
- AWS CLI
-
To delete a filter
The following
delete-filterexample deletes a filter.aws inspector2 delete-filter \ --arn"arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444"Output:
{ "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444" }For more information, see Filtering Amazon Inspector findings in the Amazon Inspector User Guide.
-
For API details, see DeleteFilter
in AWS CLI Command Reference.
-
The following code example shows how to use describe-assessment-runs.
- AWS CLI
-
To describe assessment runs
The following
describe-assessment-runcommand describes an assessment run with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE:aws inspector describe-assessment-runs --assessment-run-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPEOutput:
{ "assessmentRuns": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE", "assessmentTemplateArn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw", "completedAt": 1458680301.4, "createdAt": 1458680170.035, "dataCollected": true, "durationInSeconds": 3600, "name": "Run 1 for ExampleAssessmentTemplate", "notifications": [], "rulesPackageArns": [ "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP" ], "startedAt": 1458680170.161, "state": "COMPLETED", "stateChangedAt": 1458680301.4, "stateChanges": [ { "state": "CREATED", "stateChangedAt": 1458680170.035 }, { "state": "START_DATA_COLLECTION_PENDING", "stateChangedAt": 1458680170.065 }, { "state": "START_DATA_COLLECTION_IN_PROGRESS", "stateChangedAt": 1458680170.096 }, { "state": "COLLECTING_DATA", "stateChangedAt": 1458680170.161 }, { "state": "STOP_DATA_COLLECTION_PENDING", "stateChangedAt": 1458680239.883 }, { "state": "DATA_COLLECTED", "stateChangedAt": 1458680299.847 }, { "state": "EVALUATING_RULES", "stateChangedAt": 1458680300.099 }, { "state": "COMPLETED", "stateChangedAt": 1458680301.4 } ], "userAttributesForFindings": [] } ], "failedItems": {} }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see DescribeAssessmentRuns
in AWS CLI Command Reference.
-
The following code example shows how to use describe-assessment-targets.
- AWS CLI
-
To describe assessment targets
The following
describe-assessment-targetscommand describes the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq:aws inspector describe-assessment-targets --assessment-target-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusqOutput:
{ "assessmentTargets": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq", "createdAt": 1458074191.459, "name": "ExampleAssessmentTarget", "resourceGroupArn": "arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI", "updatedAt": 1458074191.459 } ], "failedItems": {} }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see DescribeAssessmentTargets
in AWS CLI Command Reference.
-
The following code example shows how to use describe-assessment-templates.
- AWS CLI
-
To describe assessment templates
The following
describe-assessment-templatescommand describes the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw:aws inspector describe-assessment-templates --assessment-template-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAwOutput:
{ "assessmentTemplates": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw", "assessmentTargetArn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq", "createdAt": 1458074191.844, "durationInSeconds": 3600, "name": "ExampleAssessmentTemplate", "rulesPackageArns": [ "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP" ], "userAttributesForFindings": [] } ], "failedItems": {} }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see DescribeAssessmentTemplates
in AWS CLI Command Reference.
-
The following code example shows how to use describe-cross-account-access-role.
- AWS CLI
-
To describe the cross account access role
The following
describe-cross-account-access-rolecommand describes the IAM role that enables Amazon Inspector to access your AWS account:aws inspector describe-cross-account-access-roleOutput:
{ "registeredAt": 1458069182.826, "roleArn": "arn:aws:iam::123456789012:role/inspector", "valid": true }For more information, see Setting up Amazon Inspector in the Amazon Inspector guide.
-
For API details, see DescribeCrossAccountAccessRole
in AWS CLI Command Reference.
-
The following code example shows how to use describe-findings.
- AWS CLI
-
To describe findings
The following
describe-findingscommand describes the finding with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4:aws inspector describe-findings --finding-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4Output:
{ "failedItems": {}, "findings": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4", "assetAttributes": { "ipv4Addresses": [], "schemaVersion": 1 }, "assetType": "ec2-instance", "attributes": [], "confidence": 10, "createdAt": 1458680301.37, "description": "Amazon Inspector did not find any potential security issues during this assessment.", "indicatorOfCompromise": false, "numericSeverity": 0, "recommendation": "No remediation needed.", "schemaVersion": 1, "service": "Inspector", "serviceAttributes": { "assessmentRunArn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE", "rulesPackageArn": "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP", "schemaVersion": 1 }, "severity": "Informational", "title": "No potential security issues found", "updatedAt": 1458680301.37, "userAttributes": [] } ] }For more information, see Amazon Inspector Findings in the Amazon Inspector guide.
-
For API details, see DescribeFindings
in AWS CLI Command Reference.
-
The following code example shows how to use describe-resource-groups.
- AWS CLI
-
To describe resource groups
The following
describe-resource-groupscommand describes the resource group with the ARN ofarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI:aws inspector describe-resource-groups --resource-group-arnsarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAIOutput:
{ "failedItems": {}, "resourceGroups": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI", "createdAt": 1458074191.098, "tags": [ { "key": "Name", "value": "example" } ] } ] }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see DescribeResourceGroups
in AWS CLI Command Reference.
-
The following code example shows how to use describe-rules-packages.
- AWS CLI
-
To describe rules packages
The following
describe-rules-packagescommand describes the rules package with the ARN ofarn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p:aws inspector describe-rules-packages --rules-package-arnsarn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516pOutput:
{ "failedItems": {}, "rulesPackages": [ { "arn": "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p", "description": "The rules in this package help verify whether the EC2 instances in your application are exposed to Common Vulnerabilities and Exposures (CVEs). Attacks can exploit unpatched vulnerabilities to compromise the confidentiality, integrity, or availability of your service or data. The CVE system provides a reference for publicly known information security vulnerabilities and exposures. For more information, see [https://cve.mitre.org/](https://cve.mitre.org/). If a particular CVE appears in one of the produced Findings at the end of a completed Inspector assessment, you can search [https://cve.mitre.org/](https://cve.mitre.org/) using the CVE's ID (for example, \"CVE-2009-0021\") to find detailed information about this CVE, its severity, and how to mitigate it. ", "name": "Common Vulnerabilities and Exposures", "provider": "Amazon Web Services, Inc.", "version": "1.1" } ] }For more information, see Amazon Inspector Rules Packages and Rules in the Amazon Inspector guide.
-
For API details, see DescribeRulesPackages
in AWS CLI Command Reference.
-
The following code example shows how to use disassociate-member.
- AWS CLI
-
Example: To disassociate a member account from an Amazon Inspector delegated administrator
The following
disassociate-memberexample disassociates an AWS account from an Amazon Inspector delegated administrator.aws inspector2 disassociate-member \ --account-id123456789012Output:
{ "accountId": "123456789012" }For more information, see Managing multiple accounts in Amazon Inspector with AWS Organizations in the Amazon Inspector User Guide.
-
For API details, see DisassociateMember
in AWS CLI Command Reference.
-
The following code example shows how to use get-configuration.
- AWS CLI
-
To get the setting configuration for Inspector scans
The following
get-configurationexample gets the setting configuration for Inspector scans.aws inspector2 get-configurationOutput:
{ "ec2Configuration": { "scanModeState": { "scanMode": "EC2_HYBRID", "scanModeStatus": "SUCCESS" } }, "ecrConfiguration": { "rescanDurationState": { "pullDateRescanDuration": "DAYS_90", "rescanDuration": "DAYS_30", "status": "SUCCESS", "updatedAt": "2024-05-14T21:16:20.237000+00:00" } } }For more information, see Automated resource scanning with Amazon Inspector in the Amazon Inspector User Guide.
-
For API details, see GetConfiguration
in AWS CLI Command Reference.
-
The following code example shows how to use get-member.
- AWS CLI
-
Example: To get member information for your organization
aws inspector2 get-member --account-id 123456789012
Output:
{ "member": { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.520000-07:00" } }For more information, see Managing multiple accounts in Amazon Inspector with AWS Organizations in the Amazon Inspector User Guide.
-
For API details, see GetMember
in AWS CLI Command Reference.
-
The following code example shows how to use get-telemetry-metadata.
- AWS CLI
-
To get the telemetry metadata
The following
get-telemetry-metadatacommand generates information about the data that is collected for the assessment run with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE:aws inspector get-telemetry-metadata --assessment-run-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPEOutput:
{ "telemetryMetadata": [ { "count": 2, "dataSize": 345, "messageType": "InspectorDuplicateProcess" }, { "count": 3, "dataSize": 255, "messageType": "InspectorTimeEventMsg" }, { "count": 4, "dataSize": 1082, "messageType": "InspectorNetworkInterface" }, { "count": 2, "dataSize": 349, "messageType": "InspectorDnsEntry" }, { "count": 11, "dataSize": 2514, "messageType": "InspectorDirectoryInfoMsg" }, { "count": 1, "dataSize": 179, "messageType": "InspectorTcpV6ListeningPort" }, { "count": 101, "dataSize": 10949, "messageType": "InspectorTerminal" }, { "count": 26, "dataSize": 5916, "messageType": "InspectorUser" }, { "count": 282, "dataSize": 32148, "messageType": "InspectorDynamicallyLoadedCodeModule" }, { "count": 18, "dataSize": 10172, "messageType": "InspectorCreateProcess" }, { "count": 3, "dataSize": 8001, "messageType": "InspectorProcessPerformance" }, { "count": 1, "dataSize": 360, "messageType": "InspectorOperatingSystem" }, { "count": 6, "dataSize": 546, "messageType": "InspectorStopProcess" }, { "count": 1, "dataSize": 1553, "messageType": "InspectorInstanceMetaData" }, { "count": 2, "dataSize": 434, "messageType": "InspectorTcpV4Connection" }, { "count": 474, "dataSize": 2960322, "messageType": "InspectorPackageInfo" }, { "count": 3, "dataSize": 2235, "messageType": "InspectorSystemPerformance" }, { "count": 105, "dataSize": 46048, "messageType": "InspectorCodeModule" }, { "count": 1, "dataSize": 182, "messageType": "InspectorUdpV6ListeningPort" }, { "count": 2, "dataSize": 371, "messageType": "InspectorUdpV4ListeningPort" }, { "count": 18, "dataSize": 8362, "messageType": "InspectorKernelModule" }, { "count": 29, "dataSize": 48788, "messageType": "InspectorConfigurationInfo" }, { "count": 1, "dataSize": 79, "messageType": "InspectorMonitoringStart" }, { "count": 5, "dataSize": 0, "messageType": "InspectorSplitMsgBegin" }, { "count": 51, "dataSize": 4593, "messageType": "InspectorGroup" }, { "count": 1, "dataSize": 184, "messageType": "InspectorTcpV4ListeningPort" }, { "count": 1159, "dataSize": 3146579, "messageType": "Total" }, { "count": 5, "dataSize": 0, "messageType": "InspectorSplitMsgEnd" }, { "count": 1, "dataSize": 612, "messageType": "InspectorLoadImageInProcess" } ] }-
For API details, see GetTelemetryMetadata
in AWS CLI Command Reference.
-
The following code example shows how to use list-account-permissions.
- AWS CLI
-
To list account permissions
The following
list-account-permissionsexample lists your account permissions.aws inspector2 list-account-permissionsOutput:
{ "permissions": [ { "operation": "ENABLE_SCANNING", "service": "ECR" }, { "operation": "DISABLE_SCANNING", "service": "ECR" }, { "operation": "ENABLE_REPOSITORY", "service": "ECR" }, { "operation": "DISABLE_REPOSITORY", "service": "ECR" }, { "operation": "ENABLE_SCANNING", "service": "EC2" }, { "operation": "DISABLE_SCANNING", "service": "EC2" }, { "operation": "ENABLE_SCANNING", "service": "LAMBDA" }, { "operation": "DISABLE_SCANNING", "service": "LAMBDA" } ] }For more information, see Identity and Access Management for Amazon Inspector in the Amazon Inspector User Guide.
-
For API details, see ListAccountPermissions
in AWS CLI Command Reference.
-
The following code example shows how to use list-assessment-run-agents.
- AWS CLI
-
To list assessment run agents
The following
list-assessment-run-agentscommand lists the agents of the assessment run with the specified ARN.aws inspector list-assessment-run-agents \ --assessment-run-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPEOutput:
{ "assessmentRunAgents": [ { "agentHealth": "HEALTHY", "agentHealthCode": "HEALTHY", "agentId": "i-49113b93", "assessmentRunArn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE", "telemetryMetadata": [ { "count": 2, "dataSize": 345, "messageType": "InspectorDuplicateProcess" }, { "count": 3, "dataSize": 255, "messageType": "InspectorTimeEventMsg" }, { "count": 4, "dataSize": 1082, "messageType": "InspectorNetworkInterface" }, { "count": 2, "dataSize": 349, "messageType": "InspectorDnsEntry" }, { "count": 11, "dataSize": 2514, "messageType": "InspectorDirectoryInfoMsg" }, { "count": 1, "dataSize": 179, "messageType": "InspectorTcpV6ListeningPort" }, { "count": 101, "dataSize": 10949, "messageType": "InspectorTerminal" }, { "count": 26, "dataSize": 5916, "messageType": "InspectorUser" }, { "count": 282, "dataSize": 32148, "messageType": "InspectorDynamicallyLoadedCodeModule" }, { "count": 18, "dataSize": 10172, "messageType": "InspectorCreateProcess" }, { "count": 3, "dataSize": 8001, "messageType": "InspectorProcessPerformance" }, { "count": 1, "dataSize": 360, "messageType": "InspectorOperatingSystem" }, { "count": 6, "dataSize": 546, "messageType": "InspectorStopProcess" }, { "count": 1, "dataSize": 1553, "messageType": "InspectorInstanceMetaData" }, { "count": 2, "dataSize": 434, "messageType": "InspectorTcpV4Connection" }, { "count": 474, "dataSize": 2960322, "messageType": "InspectorPackageInfo" }, { "count": 3, "dataSize": 2235, "messageType": "InspectorSystemPerformance" }, { "count": 105, "dataSize": 46048, "messageType": "InspectorCodeModule" }, { "count": 1, "dataSize": 182, "messageType": "InspectorUdpV6ListeningPort" }, { "count": 2, "dataSize": 371, "messageType": "InspectorUdpV4ListeningPort" }, { "count": 18, "dataSize": 8362, "messageType": "InspectorKernelModule" }, { "count": 29, "dataSize": 48788, "messageType": "InspectorConfigurationInfo" }, { "count": 1, "dataSize": 79, "messageType": "InspectorMonitoringStart" }, { "count": 5, "dataSize": 0, "messageType": "InspectorSplitMsgBegin" }, { "count": 51, "dataSize": 4593, "messageType": "InspectorGroup" }, { "count": 1, "dataSize": 184, "messageType": "InspectorTcpV4ListeningPort" }, { "count": 1159, "dataSize": 3146579, "messageType": "Total" }, { "count": 5, "dataSize": 0, "messageType": "InspectorSplitMsgEnd" }, { "count": 1, "dataSize": 612, "messageType": "InspectorLoadImageInProcess" } ] } ] }For more information, see AWS Agents in the Amazon Inspector User Guide.
-
For API details, see ListAssessmentRunAgents
in AWS CLI Command Reference.
-
The following code example shows how to use list-assessment-runs.
- AWS CLI
-
To list assessment runs
The following
list-assessment-runscommand lists all existing assessment runs.aws inspector list-assessment-runsOutput:
{ "assessmentRunArns": [ "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE", "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-v5D6fI3v" ] }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector User Guide.
-
For API details, see ListAssessmentRuns
in AWS CLI Command Reference.
-
The following code example shows how to use list-assessment-targets.
- AWS CLI
-
To list assessment targets
The following
list-assessment-targetscommand lists all existing assessment targets:aws inspector list-assessment-targetsOutput:
{ "assessmentTargetArns": [ "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq" ] }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see ListAssessmentTargets
in AWS CLI Command Reference.
-
The following code example shows how to use list-assessment-templates.
- AWS CLI
-
To list assessment templates
The following
list-assessment-templatescommand lists all existing assessment templates:aws inspector list-assessment-templatesOutput:
{ "assessmentTemplateArns": [ "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw", "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-Uza6ihLh" ] }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see ListAssessmentTemplates
in AWS CLI Command Reference.
-
The following code example shows how to use list-coverage-statistics.
- AWS CLI
-
Example 1: To list coverage statistics by groups
The following
list-coverage-statisticsexample lists the coverage statistics of your AWS environment by groups.aws inspector2 list-coverage-statistics \ --group-byRESOURCE_TYPEOutput:
{ "countsByGroup": [ { "count": 56, "groupKey": "AWS_LAMBDA_FUNCTION" }, { "count": 27, "groupKey": "AWS_ECR_REPOSITORY" }, { "count": 18, "groupKey": "AWS_EC2_INSTANCE" }, { "count": 3, "groupKey": "AWS_ECR_CONTAINER_IMAGE" }, { "count": 1, "groupKey": "AWS_ACCOUNT" } ], "totalCounts": 105 }For more information, see Assessing Amazon Inspector coverage of your AWS environment in the Amazon Inspector User Guide.
Example 2: To list coverage statistics by resource type
The following
list-coverage-statisticsexample lists the coverage statistics of your AWS environment by resource type.aws inspector2 list-coverage-statistics --filter-criteria '{"resourceType":[{"comparison":"EQUALS","value":"AWS_ECR_REPOSITORY"}]}' --group-bySCAN_STATUS_REASONOutput:
{ "countsByGroup": [ { "count": 27, "groupKey": "SUCCESSFUL" } ], "totalCounts": 27 }For more information, see Assessing Amazon Inspector coverage of your AWS environment in the Amazon Inspector User Guide.
Example 3: To list coverage statistics by ECR repository name
The following
list-coverage-statisticsexample lists the coverage statistics of your AWS environment by ECR repository name.aws inspector2 list-coverage-statistics --filter-criteria '{"ecrRepositoryName":[{"comparison":"EQUALS","value":"debian"}]}' --group-bySCAN_STATUS_REASONOutput:
{ "countsByGroup": [ { "count": 3, "groupKey": "SUCCESSFUL" } ], "totalCounts": 3 }For more information, see Assessing Amazon Inspector coverage of your AWS environment in the Amazon Inspector User Guide.
-
For API details, see ListCoverageStatistics
in AWS CLI Command Reference.
-
The following code example shows how to use list-coverage.
- AWS CLI
-
Example 1: To list coverage details about your environment
The following
list-coverageexample lists your environment's coverage details.aws inspector2 list-coverageOutput:
{ "coveredResources": [ { "accountId": "123456789012", "lastScannedAt": "2024-05-20T16:23:20-07:00", "resourceId": "i-EXAMPLE55555555555", "resourceMetadata": { "ec2": { "amiId": "ami-EXAMPLE6666666666", "platform": "LINUX" } }, "resourceType": "AWS_EC2_INSTANCE", "scanStatus": { "reason": "SUCCESSFUL", "statusCode": "ACTIVE" }, "scanType": "PACKAGE" } ] }Example 2: To list coverage details about the Lambda function resource type
The following
list-coverageexample lists your Lamda function resource type details.aws inspector2 list-coverage --filter-criteria '{"resourceType":[{"comparison":"EQUALS","value":"AWS_LAMBDA_FUNCTION"}]}'Output:
{ "coveredResources": [ { "accountId": "123456789012", "resourceId": "arn:aws:lambda:us-west-2:123456789012:function:Eval-container-scan-results:$LATEST", "resourceMetadata": { "lambdaFunction": { "functionName": "Eval-container-scan-results", "functionTags": {}, "layers": [], "runtime": "PYTHON_3_7" } }, "resourceType": "AWS_LAMBDA_FUNCTION", "scanStatus": { "reason": "SUCCESSFUL", "statusCode": "ACTIVE" }, "scanType": "CODE" } ] }-
For API details, see ListCoverage
in AWS CLI Command Reference.
-
The following code example shows how to use list-delegated-admin-accounts.
- AWS CLI
-
To list information about the delegated administrator account of your organization
The following
list-delegated-admin-accountsexample lists information about the delegated administrator account of your organization.aws inspector2 list-delegated-admin-accountsOutput:
{ "delegatedAdminAccounts": [ { "accountId": "123456789012", "status": "ENABLED" } ] }For more information, see Designating a delegated administrator for Amazon Inspector in the Amazon Inspector User Guide.
-
For API details, see ListDelegatedAdminAccounts
in AWS CLI Command Reference.
-
The following code example shows how to use list-event-subscriptions.
- AWS CLI
-
To list event subscriptions
The following
list-event-subscriptionscommand lists all the event subscriptions for the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0:aws inspector list-event-subscriptions --resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0Output:
{ "subscriptions": [ { "eventSubscriptions": [ { "event": "ASSESSMENT_RUN_COMPLETED", "subscribedAt": 1459455440.867 } ], "resourceArn": "arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0", "topicArn": "arn:aws:sns:us-west-2:123456789012:exampletopic" } ] }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see ListEventSubscriptions
in AWS CLI Command Reference.
-
The following code example shows how to use list-filters.
- AWS CLI
-
To list filters associated with the account that you used to activated Amazon Inspector
The following
list-filtersexamples lists filters associated with the account that you used to activated Amazon Inspector.aws inspector2 list-filtersOutput:
{ "filters": [ { "action": "SUPPRESS", "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444", "createdAt": "2024-05-15T21:11:08.602000+00:00", "criteria": { "resourceType": [ { "comparison": "EQUALS", "value": "AWS_EC2_INSTANCE" }, ] }, "description": "This suppression rule omits EC2 instance type findings", "name": "ExampleSuppressionRuleEC2", "ownerId": "o-EXAMPLE222", "tags": {}, "updatedAt": "2024-05-15T21:11:08.602000+00:00" }, { "action": "SUPPRESS", "arn": "arn:aws:inspector2:us-east-1:813737243517:owner/o-EXAMPLE222/filter/EXAMPLE444444444", "createdAt": "2024-05-15T21:28:27.054000+00:00", "criteria": { "resourceType": [ { "comparison": "EQUALS", "value": "AWS_ECR_INSTANCE" } ] }, "description": "This suppression rule omits ECR instance type findings", "name": "ExampleSuppressionRuleECR", "ownerId": "o-EXAMPLE222", "tags": {}, "updatedAt": "2024-05-15T21:28:27.054000+00:00" } ] }For more information, see Filtering Amazon Inspector findings in the Amazon Inspector User Guide.
-
For API details, see ListFilters
in AWS CLI Command Reference.
-
The following code example shows how to use list-findings.
- AWS CLI
-
To list findings
The following
list-findingscommand lists all of the generated findings:aws inspector list-findingsOutput:
{ "findingArns": [ "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4", "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-v5D6fI3v/finding/0-tyvmqBLy" ] }For more information, see Amazon Inspector Findings in the Amazon Inspector guide.
-
For API details, see ListFindings
in AWS CLI Command Reference.
-
The following code example shows how to use list-members.
- AWS CLI
-
Example 1: To list all member accounts associated with the Amazon Inspector delegated administrator for your organization
aws inspector2 list-members --only-associated
Output:
{ { "members": [ { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.520000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2024-08-12T10:13:01.472000-07:00" }, { "accountId": "625032911453", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.438000-07:00" }, { "accountId": "715411239211", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2024-04-24T09:14:57.471000-07:00" } ] }For more information, see Managing multiple accounts in Amazon Inspector with AWS Organizations in the Amazon Inspector User Guide.
Example 2: To list all member accounts associated with and disassociated from the Amazon Inspector delegated administrator for your organization
aws inspector2 list-members --no-only-associated
Output:
{ { "members": [ { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "REMOVED", "updatedAt": "2024-05-15T11:34:53.326000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.520000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2024-08-12T10:13:01.472000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.438000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2024-04-24T09:14:57.471000-07:00" } ] }For more information, see Managing multiple accounts in Amazon Inspector with AWS Organizations in the Amazon Inspector User Guide.
-
For API details, see ListMembers
in AWS CLI Command Reference.
-
The following code example shows how to use list-rules-packages.
- AWS CLI
-
To list rules packages
The following
list-rules-packagescommand lists all available Inspector rules packages:aws inspector list-rules-packagesOutput:
{ "rulesPackageArns": [ "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p", "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc", "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ", "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD" ] }For more information, see Amazon Inspector Rules Packages and Rules in the Amazon Inspector guide.
-
For API details, see ListRulesPackages
in AWS CLI Command Reference.
-
The following code example shows how to use list-tags-for-resource.
- AWS CLI
-
To list tags for resource
The following
list-tags-for-resourcecommand lists all tags associated with the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-gcwFliYu:aws inspector list-tags-for-resource --resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-gcwFliYuOutput:
{ "tags": [ { "key": "Name", "value": "Example" } ] }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see ListTagsForResource
in AWS CLI Command Reference.
-
The following code example shows how to use list-usage-totals.
- AWS CLI
-
To list usage totals over the last 30 days
The following
list-usage-totalsexamples lists usage totals over the last 30 days.aws inspector2 list-usage-totalsOutput:
{ "totals": [ { "accountId": "123456789012", "usage": [ { "currency": "USD", "estimatedMonthlyCost": 4.6022044647, "total": 1893.4784083333334, "type": "EC2_AGENTLESS_INSTANCE_HOURS" }, { "currency": "USD", "estimatedMonthlyCost": 18.892449279, "total": 10882.050784722222, "type": "EC2_INSTANCE_HOURS" }, { "currency": "USD", "estimatedMonthlyCost": 5.4525363736, "total": 6543.043648333333, "type": "LAMBDA_FUNCTION_CODE_HOURS" }, { "currency": "USD", "estimatedMonthlyCost": 3.9064080309, "total": 9375.379274166668, "type": "LAMBDA_FUNCTION_HOURS" }, { "currency": "USD", "estimatedMonthlyCost": 0.06, "total": 6.0, "type": "ECR_RESCAN" }, { "currency": "USD", "estimatedMonthlyCost": 0.09, "total": 1.0, "type": "ECR_INITIAL_SCAN" } ] } ] }For more information, see Monitoring usage and cost in Amazon Inspector in the Amazon Inspector User Guide.
-
For API details, see ListUsageTotals
in AWS CLI Command Reference.
-
The following code example shows how to use preview-agents.
- AWS CLI
-
To preview agents
The following
preview-agentscommand previews the agents installed on the EC2 instances that are part of the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq:aws inspector preview-agents --preview-agents-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusqOutput:
{ "agentPreviews": [ { "agentId": "i-49113b93" } ] }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see PreviewAgents
in AWS CLI Command Reference.
-
The following code example shows how to use register-cross-account-access-role.
- AWS CLI
-
To register the cross account access role
The following
register-cross-account-access-rolecommand registers the IAM role with the ARN ofarn:aws:iam::123456789012:role/inspectorthat Amazon Inspector uses to list your EC2 instances at the start of the assessment run of when you call the preview-agents command:aws inspector register-cross-account-access-role --role-arnarn:aws:iam::123456789012:role/inspectorFor more information, see Setting up Amazon Inspector in the Amazon Inspector guide.
-
For API details, see RegisterCrossAccountAccessRole
in AWS CLI Command Reference.
-
The following code example shows how to use remove-attributes-from-findings.
- AWS CLI
-
To remove attributes from findings
The following
remove-attributes-from-findingcommand removes the attribute with the key ofExampleand value ofexamplefrom the finding with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU:aws inspector remove-attributes-from-findings --finding-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU--attribute-keyskey=Example,value=exampleOutput:
{ "failedItems": {} }For more information, see Amazon Inspector Findings in the Amazon Inspector guide.
-
For API details, see RemoveAttributesFromFindings
in AWS CLI Command Reference.
-
The following code example shows how to use set-tags-for-resource.
- AWS CLI
-
To set tags for a resource
The following
set-tags-for-resourcecommand sets the tag with the key ofExampleand value ofexampleto the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0:aws inspector set-tags-for-resource --resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0--tagskey=Example,value=exampleFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see SetTagsForResource
in AWS CLI Command Reference.
-
The following code example shows how to use start-assessment-run.
- AWS CLI
-
To start an assessment run
The following
start-assessment-runcommand starts the assessment run namedexamplerunusing the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T:aws inspector start-assessment-run --assessment-run-nameexamplerun--assessment-template-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4TOutput:
{ "assessmentRunArn": "arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-jOoroxyY" }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see StartAssessmentRun
in AWS CLI Command Reference.
-
The following code example shows how to use stop-assessment-run.
- AWS CLI
-
To stop an assessment run
The following
stop-assessment-runcommand stops the assessment run with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-jOoroxyY:aws inspector stop-assessment-run --assessment-run-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-jOoroxyYFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see StopAssessmentRun
in AWS CLI Command Reference.
-
The following code example shows how to use subscribe-to-event.
- AWS CLI
-
To subscribe to an event
The following example enables the process of sending Amazon SNS notifications about the
ASSESSMENT_RUN_COMPLETEDevent to the topic with the ARN ofarn:aws:sns:us-west-2:123456789012:exampletopicaws inspector subscribe-to-event \ --eventASSESSMENT_RUN_COMPLETED\ --resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0\ --topic-arnarn:aws:sns:us-west-2:123456789012:exampletopicThis command produces no output.
For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see SubscribeToEvent
in AWS CLI Command Reference.
-
The following code example shows how to use unsubscribe-from-event.
- AWS CLI
-
To unsubscribe from an event
The following
unsubscribe-from-eventcommand disables the process of sending Amazon SNS notifications about theASSESSMENT_RUN_COMPLETEDevent to the topic with the ARN ofarn:aws:sns:us-west-2:123456789012:exampletopic:aws inspector unsubscribe-from-event --eventASSESSMENT_RUN_COMPLETED--resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0--topicarn:aws:sns:us-west-2:123456789012:exampletopicFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see UnsubscribeFromEvent
in AWS CLI Command Reference.
-
The following code example shows how to use update-assessment-target.
- AWS CLI
-
To update an assessment target
The following
update-assessment-targetcommand updates the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxXand the name ofExample, and the resource group with the ARN ofarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-yNbgL5Pt:aws inspector update-assessment-target --assessment-target-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX--assessment-target-nameExample--resource-group-arnarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-yNbgL5PtFor more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see UpdateAssessmentTarget
in AWS CLI Command Reference.
-
The following code example shows how to use update-filter.
- AWS CLI
-
To update a filter
The following
update-filterexample updates a filter to omit Lambda findings instead of ECR instance findings.aws inspector2 update-filter \ --filter-arn"arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444"\ --name"ExampleSuppressionRuleLambda"\ --description"This suppression rule omits Lambda instance findings"\ --reason"Updating filter to omit Lambda instance findings instead of ECR instance findings"Output:
{ "filters": [ { "action": "SUPPRESS", "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444", "createdAt": "2024-05-15T21:28:27.054000+00:00", "criteria": { "resourceType": [ { "comparison": "EQUALS", "value": "AWS_ECR_INSTANCE" } ] }, "description": "This suppression rule omits Lambda instance findings", "name": "ExampleSuppressionRuleLambda", "ownerId": "o-EXAMPLE222", "reason": "Updating filter to omit Lambda instance findings instead of ECR instance findings", "tags": {}, "updatedAt": "2024-05-15T22:23:13.665000+00:00" } ] }For more information, see Managing findings in Amazon Inspector in the Amazon Inspector User Guide.
-
For API details, see UpdateFilter
in AWS CLI Command Reference.
-
