Amazon Inspector examples using Amazon CLI
The following code examples show you how to perform actions and implement common scenarios by using the Amazon Command Line Interface with Amazon Inspector.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Topics
Actions
The following code example shows how to use add-attributes-to-findings.
- Amazon CLI
-
To add attributes to findings
The following
add-attribute-to-findingcommand assigns an attribute with the key ofExampleand value ofexampleto the finding with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU:aws inspector add-attributes-to-findings --finding-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU--attributeskey=Example,value=exampleOutput:
{ "failedItems": {} }For more information, see Amazon Inspector Findings in the Amazon Inspector guide.
-
For API details, see AddAttributesToFindings
in Amazon CLI Command Reference.
-
The following code example shows how to use associate-member.
- Amazon CLI
-
Example: To associate an Amazon account with an Amazon Inspector delegated administrator
The following
associate-memberexample associates an Amazon account with an Amazon Inspector delegated administrator.aws inspector2 associate-member \ --account-id123456789012Output:
{ "accountId": "123456789012" }For more information, see Managing multiple accounts in Amazon Inspector with Amazon Organizations
in the Amazon Inspector User Guide. -
For API details, see AssociateMember
in Amazon CLI Command Reference.
-
The following code example shows how to use create-assessment-target.
- Amazon CLI
-
To create an assessment target
The following
create-assessment-targetcommand creates an assessment target namedExampleAssessmentTargetusing the resource group with the ARN ofarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-AB6DMKnv:aws inspector create-assessment-target --assessment-target-nameExampleAssessmentTarget--resource-group-arnarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-AB6DMKnvOutput:
{ "assessmentTargetArn": "arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX" }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see CreateAssessmentTarget
in Amazon CLI Command Reference.
-
The following code example shows how to use create-assessment-template.
- Amazon CLI
-
To create an assessment template
The following
create-assessment-templatecommand creates an assessment template calledExampleAssessmentTemplatefor the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX:aws inspector create-assessment-template --assessment-target-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX--assessment-template-nameExampleAssessmentTemplate--duration-in-seconds180--rules-package-arnsarn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p--user-attributes-for-findingskey=ExampleTag,value=examplevalueOutput:
{ "assessmentTemplateArn": "arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T" }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see CreateAssessmentTemplate
in Amazon CLI Command Reference.
-
The following code example shows how to use create-filter.
- Amazon CLI
-
To create a filter
The following
create-filterexample creates a suppression rule that omits ECR instance type findings.aws inspector2 create-filter \ --name"ExampleSuppressionRuleECR"\ --description"This suppression rule omits ECR instance type findings"\ --actionSUPPRESS\ --filter-criteria 'resourceType=[{comparison="EQUALS", value="AWS_ECR_INSTANCE"}]'Output:
{ "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444" }For more information, see Filtering Amazon Inspector findings
in the Amazon Inspector User Guide. -
For API details, see CreateFilter
in Amazon CLI Command Reference.
-
The following code example shows how to use create-findings-report.
- Amazon CLI
-
To create a findings report
The following
create-findings-reportexample creates a finding report.aws inspector2 create-findings-report \ --report-formatCSV\ --s3-destinationbucketName=inspector-sbom-123456789012,keyPrefix=sbom-key,kmsKeyArn=arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333\ --filter-criteria '{"ecrImageRepositoryName":[{"comparison":"EQUALS","value":"debian"}]}'Output:
{ "reportId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333" }For more information, see Managing findings in Amazon Inspector
in the Amazon Inspector User Guide. -
For API details, see CreateFindingsReport
in Amazon CLI Command Reference.
-
The following code example shows how to use create-resource-group.
- Amazon CLI
-
To create a resource group
The following
create-resource-groupcommand creates a resource group using the tag key ofNameand value ofexample:aws inspector create-resource-group --resource-group-tagskey=Name,value=exampleOutput:
{ "resourceGroupArn": "arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-AB6DMKnv" }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see CreateResourceGroup
in Amazon CLI Command Reference.
-
The following code example shows how to use create-sbom-export.
- Amazon CLI
-
To create a software bill of materials (SBOM) report
The following
create-sbom-exportexample creates a software bill of materials (SBOM) report.aws inspector2 create-sbom-export \ --report-formatSPDX_2_3\ --resource-filter-criteria 'ecrRepositoryName=[{comparison="EQUALS",value="debian"}]' \ --s3-destinationbucketName=inspector-sbom-123456789012,keyPrefix=sbom-key,kmsKeyArn=arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333Output:
{ "reportId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333" }For more information, see Exporting SBOMs with Amazon Inspector
in the Amazon Inspector User Guide. -
For API details, see CreateSbomExport
in Amazon CLI Command Reference.
-
The following code example shows how to use delete-assessment-run.
- Amazon CLI
-
To delete an assessment run
The following
delete-assessment-runcommand deletes the assessment run with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-11LMTAVe:aws inspector delete-assessment-run --assessment-run-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-11LMTAVeFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see DeleteAssessmentRun
in Amazon CLI Command Reference.
-
The following code example shows how to use delete-assessment-target.
- Amazon CLI
-
To delete an assessment target
The following
delete-assessment-targetcommand deletes the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq:aws inspector delete-assessment-target --assessment-target-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusqFor more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see DeleteAssessmentTarget
in Amazon CLI Command Reference.
-
The following code example shows how to use delete-assessment-template.
- Amazon CLI
-
To delete an assessment template
The following
delete-assessment-templatecommand deletes the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T:aws inspector delete-assessment-template --assessment-template-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4TFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see DeleteAssessmentTemplate
in Amazon CLI Command Reference.
-
The following code example shows how to use delete-filter.
- Amazon CLI
-
To delete a filter
The following
delete-filterexample deletes a filter.aws inspector2 delete-filter \ --arn"arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444"Output:
{ "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444" }For more information, see Filtering Amazon Inspector findings
in the Amazon Inspector User Guide. -
For API details, see DeleteFilter
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-assessment-runs.
- Amazon CLI
-
To describe assessment runs
The following
describe-assessment-runcommand describes an assessment run with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE:aws inspector describe-assessment-runs --assessment-run-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPEOutput:
{ "assessmentRuns": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE", "assessmentTemplateArn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw", "completedAt": 1458680301.4, "createdAt": 1458680170.035, "dataCollected": true, "durationInSeconds": 3600, "name": "Run 1 for ExampleAssessmentTemplate", "notifications": [], "rulesPackageArns": [ "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP" ], "startedAt": 1458680170.161, "state": "COMPLETED", "stateChangedAt": 1458680301.4, "stateChanges": [ { "state": "CREATED", "stateChangedAt": 1458680170.035 }, { "state": "START_DATA_COLLECTION_PENDING", "stateChangedAt": 1458680170.065 }, { "state": "START_DATA_COLLECTION_IN_PROGRESS", "stateChangedAt": 1458680170.096 }, { "state": "COLLECTING_DATA", "stateChangedAt": 1458680170.161 }, { "state": "STOP_DATA_COLLECTION_PENDING", "stateChangedAt": 1458680239.883 }, { "state": "DATA_COLLECTED", "stateChangedAt": 1458680299.847 }, { "state": "EVALUATING_RULES", "stateChangedAt": 1458680300.099 }, { "state": "COMPLETED", "stateChangedAt": 1458680301.4 } ], "userAttributesForFindings": [] } ], "failedItems": {} }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see DescribeAssessmentRuns
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-assessment-targets.
- Amazon CLI
-
To describe assessment targets
The following
describe-assessment-targetscommand describes the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq:aws inspector describe-assessment-targets --assessment-target-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusqOutput:
{ "assessmentTargets": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq", "createdAt": 1458074191.459, "name": "ExampleAssessmentTarget", "resourceGroupArn": "arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI", "updatedAt": 1458074191.459 } ], "failedItems": {} }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see DescribeAssessmentTargets
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-assessment-templates.
- Amazon CLI
-
To describe assessment templates
The following
describe-assessment-templatescommand describes the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw:aws inspector describe-assessment-templates --assessment-template-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAwOutput:
{ "assessmentTemplates": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw", "assessmentTargetArn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq", "createdAt": 1458074191.844, "durationInSeconds": 3600, "name": "ExampleAssessmentTemplate", "rulesPackageArns": [ "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP" ], "userAttributesForFindings": [] } ], "failedItems": {} }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see DescribeAssessmentTemplates
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-cross-account-access-role.
- Amazon CLI
-
To describe the cross account access role
The following
describe-cross-account-access-rolecommand describes the IAM role that enables Amazon Inspector to access your Amazon account:aws inspector describe-cross-account-access-roleOutput:
{ "registeredAt": 1458069182.826, "roleArn": "arn:aws:iam::123456789012:role/inspector", "valid": true }For more information, see Setting up Amazon Inspector in the Amazon Inspector guide.
-
For API details, see DescribeCrossAccountAccessRole
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-findings.
- Amazon CLI
-
To describe findings
The following
describe-findingscommand describes the finding with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4:aws inspector describe-findings --finding-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4Output:
{ "failedItems": {}, "findings": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4", "assetAttributes": { "ipv4Addresses": [], "schemaVersion": 1 }, "assetType": "ec2-instance", "attributes": [], "confidence": 10, "createdAt": 1458680301.37, "description": "Amazon Inspector did not find any potential security issues during this assessment.", "indicatorOfCompromise": false, "numericSeverity": 0, "recommendation": "No remediation needed.", "schemaVersion": 1, "service": "Inspector", "serviceAttributes": { "assessmentRunArn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE", "rulesPackageArn": "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-X1KXtawP", "schemaVersion": 1 }, "severity": "Informational", "title": "No potential security issues found", "updatedAt": 1458680301.37, "userAttributes": [] } ] }For more information, see Amazon Inspector Findings in the Amazon Inspector guide.
-
For API details, see DescribeFindings
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-resource-groups.
- Amazon CLI
-
To describe resource groups
The following
describe-resource-groupscommand describes the resource group with the ARN ofarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI:aws inspector describe-resource-groups --resource-group-arnsarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAIOutput:
{ "failedItems": {}, "resourceGroups": [ { "arn": "arn:aws:inspector:us-west-2:123456789012:resourcegroup/0-PyGXopAI", "createdAt": 1458074191.098, "tags": [ { "key": "Name", "value": "example" } ] } ] }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see DescribeResourceGroups
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-rules-packages.
- Amazon CLI
-
To describe rules packages
The following
describe-rules-packagescommand describes the rules package with the ARN ofarn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p:aws inspector describe-rules-packages --rules-package-arnsarn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516pOutput:
{ "failedItems": {}, "rulesPackages": [ { "arn": "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p", "description": "The rules in this package help verify whether the EC2 instances in your application are exposed to Common Vulnerabilities and Exposures (CVEs). Attacks can exploit unpatched vulnerabilities to compromise the confidentiality, integrity, or availability of your service or data. The CVE system provides a reference for publicly known information security vulnerabilities and exposures. For more information, see [https://cve.mitre.org/](https://cve.mitre.org/). If a particular CVE appears in one of the produced Findings at the end of a completed Inspector assessment, you can search [https://cve.mitre.org/](https://cve.mitre.org/) using the CVE's ID (for example, \"CVE-2009-0021\") to find detailed information about this CVE, its severity, and how to mitigate it. ", "name": "Common Vulnerabilities and Exposures", "provider": "Amazon Web Services, Inc.", "version": "1.1" } ] }For more information, see Amazon Inspector Rules Packages and Rules in the Amazon Inspector guide.
-
For API details, see DescribeRulesPackages
in Amazon CLI Command Reference.
-
The following code example shows how to use disassociate-member.
- Amazon CLI
-
Example: To disassociate a member account from an Amazon Inspector delegated administrator
The following
disassociate-memberexample disassociates an Amazon account from an Amazon Inspector delegated administrator.aws inspector2 disassociate-member \ --account-id123456789012Output:
{ "accountId": "123456789012" }For more information, see Managing multiple accounts in Amazon Inspector with Amazon Organizations
in the Amazon Inspector User Guide. -
For API details, see DisassociateMember
in Amazon CLI Command Reference.
-
The following code example shows how to use get-configuration.
- Amazon CLI
-
To get the setting configuration for Inspector scans
The following
get-configurationexample gets the setting configuration for Inspector scans.aws inspector2 get-configurationOutput:
{ "ec2Configuration": { "scanModeState": { "scanMode": "EC2_HYBRID", "scanModeStatus": "SUCCESS" } }, "ecrConfiguration": { "rescanDurationState": { "pullDateRescanDuration": "DAYS_90", "rescanDuration": "DAYS_30", "status": "SUCCESS", "updatedAt": "2024-05-14T21:16:20.237000+00:00" } } }For more information, see Automated resource scanning with Amazon Inspector
in the Amazon Inspector User Guide. -
For API details, see GetConfiguration
in Amazon CLI Command Reference.
-
The following code example shows how to use get-member.
- Amazon CLI
-
Example: To get member information for your organization
aws inspector2 get-member --account-id 123456789012
Output:
{ "member": { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.520000-07:00" } }For more information, see Managing multiple accounts in Amazon Inspector with Amazon Organizations
in the Amazon Inspector User Guide. -
For API details, see GetMember
in Amazon CLI Command Reference.
-
The following code example shows how to use get-telemetry-metadata.
- Amazon CLI
-
To get the telemetry metadata
The following
get-telemetry-metadatacommand generates information about the data that is collected for the assessment run with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE:aws inspector get-telemetry-metadata --assessment-run-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPEOutput:
{ "telemetryMetadata": [ { "count": 2, "dataSize": 345, "messageType": "InspectorDuplicateProcess" }, { "count": 3, "dataSize": 255, "messageType": "InspectorTimeEventMsg" }, { "count": 4, "dataSize": 1082, "messageType": "InspectorNetworkInterface" }, { "count": 2, "dataSize": 349, "messageType": "InspectorDnsEntry" }, { "count": 11, "dataSize": 2514, "messageType": "InspectorDirectoryInfoMsg" }, { "count": 1, "dataSize": 179, "messageType": "InspectorTcpV6ListeningPort" }, { "count": 101, "dataSize": 10949, "messageType": "InspectorTerminal" }, { "count": 26, "dataSize": 5916, "messageType": "InspectorUser" }, { "count": 282, "dataSize": 32148, "messageType": "InspectorDynamicallyLoadedCodeModule" }, { "count": 18, "dataSize": 10172, "messageType": "InspectorCreateProcess" }, { "count": 3, "dataSize": 8001, "messageType": "InspectorProcessPerformance" }, { "count": 1, "dataSize": 360, "messageType": "InspectorOperatingSystem" }, { "count": 6, "dataSize": 546, "messageType": "InspectorStopProcess" }, { "count": 1, "dataSize": 1553, "messageType": "InspectorInstanceMetaData" }, { "count": 2, "dataSize": 434, "messageType": "InspectorTcpV4Connection" }, { "count": 474, "dataSize": 2960322, "messageType": "InspectorPackageInfo" }, { "count": 3, "dataSize": 2235, "messageType": "InspectorSystemPerformance" }, { "count": 105, "dataSize": 46048, "messageType": "InspectorCodeModule" }, { "count": 1, "dataSize": 182, "messageType": "InspectorUdpV6ListeningPort" }, { "count": 2, "dataSize": 371, "messageType": "InspectorUdpV4ListeningPort" }, { "count": 18, "dataSize": 8362, "messageType": "InspectorKernelModule" }, { "count": 29, "dataSize": 48788, "messageType": "InspectorConfigurationInfo" }, { "count": 1, "dataSize": 79, "messageType": "InspectorMonitoringStart" }, { "count": 5, "dataSize": 0, "messageType": "InspectorSplitMsgBegin" }, { "count": 51, "dataSize": 4593, "messageType": "InspectorGroup" }, { "count": 1, "dataSize": 184, "messageType": "InspectorTcpV4ListeningPort" }, { "count": 1159, "dataSize": 3146579, "messageType": "Total" }, { "count": 5, "dataSize": 0, "messageType": "InspectorSplitMsgEnd" }, { "count": 1, "dataSize": 612, "messageType": "InspectorLoadImageInProcess" } ] }-
For API details, see GetTelemetryMetadata
in Amazon CLI Command Reference.
-
The following code example shows how to use list-account-permissions.
- Amazon CLI
-
To list account permissions
The following
list-account-permissionsexample lists your account permissions.aws inspector2 list-account-permissionsOutput:
{ "permissions": [ { "operation": "ENABLE_SCANNING", "service": "ECR" }, { "operation": "DISABLE_SCANNING", "service": "ECR" }, { "operation": "ENABLE_REPOSITORY", "service": "ECR" }, { "operation": "DISABLE_REPOSITORY", "service": "ECR" }, { "operation": "ENABLE_SCANNING", "service": "EC2" }, { "operation": "DISABLE_SCANNING", "service": "EC2" }, { "operation": "ENABLE_SCANNING", "service": "LAMBDA" }, { "operation": "DISABLE_SCANNING", "service": "LAMBDA" } ] }For more information, see Identity and Access Management for Amazon Inspector
in the Amazon Inspector User Guide. -
For API details, see ListAccountPermissions
in Amazon CLI Command Reference.
-
The following code example shows how to use list-assessment-run-agents.
- Amazon CLI
-
To list assessment run agents
The following
list-assessment-run-agentscommand lists the agents of the assessment run with the specified ARN.aws inspector list-assessment-run-agents \ --assessment-run-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPEOutput:
{ "assessmentRunAgents": [ { "agentHealth": "HEALTHY", "agentHealthCode": "HEALTHY", "agentId": "i-49113b93", "assessmentRunArn": "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE", "telemetryMetadata": [ { "count": 2, "dataSize": 345, "messageType": "InspectorDuplicateProcess" }, { "count": 3, "dataSize": 255, "messageType": "InspectorTimeEventMsg" }, { "count": 4, "dataSize": 1082, "messageType": "InspectorNetworkInterface" }, { "count": 2, "dataSize": 349, "messageType": "InspectorDnsEntry" }, { "count": 11, "dataSize": 2514, "messageType": "InspectorDirectoryInfoMsg" }, { "count": 1, "dataSize": 179, "messageType": "InspectorTcpV6ListeningPort" }, { "count": 101, "dataSize": 10949, "messageType": "InspectorTerminal" }, { "count": 26, "dataSize": 5916, "messageType": "InspectorUser" }, { "count": 282, "dataSize": 32148, "messageType": "InspectorDynamicallyLoadedCodeModule" }, { "count": 18, "dataSize": 10172, "messageType": "InspectorCreateProcess" }, { "count": 3, "dataSize": 8001, "messageType": "InspectorProcessPerformance" }, { "count": 1, "dataSize": 360, "messageType": "InspectorOperatingSystem" }, { "count": 6, "dataSize": 546, "messageType": "InspectorStopProcess" }, { "count": 1, "dataSize": 1553, "messageType": "InspectorInstanceMetaData" }, { "count": 2, "dataSize": 434, "messageType": "InspectorTcpV4Connection" }, { "count": 474, "dataSize": 2960322, "messageType": "InspectorPackageInfo" }, { "count": 3, "dataSize": 2235, "messageType": "InspectorSystemPerformance" }, { "count": 105, "dataSize": 46048, "messageType": "InspectorCodeModule" }, { "count": 1, "dataSize": 182, "messageType": "InspectorUdpV6ListeningPort" }, { "count": 2, "dataSize": 371, "messageType": "InspectorUdpV4ListeningPort" }, { "count": 18, "dataSize": 8362, "messageType": "InspectorKernelModule" }, { "count": 29, "dataSize": 48788, "messageType": "InspectorConfigurationInfo" }, { "count": 1, "dataSize": 79, "messageType": "InspectorMonitoringStart" }, { "count": 5, "dataSize": 0, "messageType": "InspectorSplitMsgBegin" }, { "count": 51, "dataSize": 4593, "messageType": "InspectorGroup" }, { "count": 1, "dataSize": 184, "messageType": "InspectorTcpV4ListeningPort" }, { "count": 1159, "dataSize": 3146579, "messageType": "Total" }, { "count": 5, "dataSize": 0, "messageType": "InspectorSplitMsgEnd" }, { "count": 1, "dataSize": 612, "messageType": "InspectorLoadImageInProcess" } ] } ] }For more information, see Amazon Agents
in the Amazon Inspector User Guide. -
For API details, see ListAssessmentRunAgents
in Amazon CLI Command Reference.
-
The following code example shows how to use list-assessment-runs.
- Amazon CLI
-
To list assessment runs
The following
list-assessment-runscommand lists all existing assessment runs.aws inspector list-assessment-runsOutput:
{ "assessmentRunArns": [ "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE", "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-v5D6fI3v" ] }For more information, see Amazon Inspector Assessment Templates and Assessment Runs
in the Amazon Inspector User Guide. -
For API details, see ListAssessmentRuns
in Amazon CLI Command Reference.
-
The following code example shows how to use list-assessment-targets.
- Amazon CLI
-
To list assessment targets
The following
list-assessment-targetscommand lists all existing assessment targets:aws inspector list-assessment-targetsOutput:
{ "assessmentTargetArns": [ "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq" ] }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see ListAssessmentTargets
in Amazon CLI Command Reference.
-
The following code example shows how to use list-assessment-templates.
- Amazon CLI
-
To list assessment templates
The following
list-assessment-templatescommand lists all existing assessment templates:aws inspector list-assessment-templatesOutput:
{ "assessmentTemplateArns": [ "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw", "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-Uza6ihLh" ] }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see ListAssessmentTemplates
in Amazon CLI Command Reference.
-
The following code example shows how to use list-coverage-statistics.
- Amazon CLI
-
Example 1: To list coverage statistics by groups
The following
list-coverage-statisticsexample lists the coverage statistics of your Amazon environment by groups.aws inspector2 list-coverage-statistics \ --group-byRESOURCE_TYPEOutput:
{ "countsByGroup": [ { "count": 56, "groupKey": "AWS_LAMBDA_FUNCTION" }, { "count": 27, "groupKey": "AWS_ECR_REPOSITORY" }, { "count": 18, "groupKey": "AWS_EC2_INSTANCE" }, { "count": 3, "groupKey": "AWS_ECR_CONTAINER_IMAGE" }, { "count": 1, "groupKey": "AWS_ACCOUNT" } ], "totalCounts": 105 }For more information, see Assessing Amazon Inspector coverage of your Amazon environment
in the Amazon Inspector User Guide. Example 2: To list coverage statistics by resource type
The following
list-coverage-statisticsexample lists the coverage statistics of your Amazon environment by resource type.aws inspector2 list-coverage-statistics --filter-criteria '{"resourceType":[{"comparison":"EQUALS","value":"AWS_ECR_REPOSITORY"}]}' --group-bySCAN_STATUS_REASONOutput:
{ "countsByGroup": [ { "count": 27, "groupKey": "SUCCESSFUL" } ], "totalCounts": 27 }For more information, see Assessing Amazon Inspector coverage of your Amazon environment
in the Amazon Inspector User Guide. Example 3: To list coverage statistics by ECR repository name
The following
list-coverage-statisticsexample lists the coverage statistics of your Amazon environment by ECR repository name.aws inspector2 list-coverage-statistics --filter-criteria '{"ecrRepositoryName":[{"comparison":"EQUALS","value":"debian"}]}' --group-bySCAN_STATUS_REASONOutput:
{ "countsByGroup": [ { "count": 3, "groupKey": "SUCCESSFUL" } ], "totalCounts": 3 }For more information, see Assessing Amazon Inspector coverage of your Amazon environment
in the Amazon Inspector User Guide. -
For API details, see ListCoverageStatistics
in Amazon CLI Command Reference.
-
The following code example shows how to use list-coverage.
- Amazon CLI
-
Example 1: To list coverage details about your environment
The following
list-coverageexample lists your environment's coverage details.aws inspector2 list-coverageOutput:
{ "coveredResources": [ { "accountId": "123456789012", "lastScannedAt": "2024-05-20T16:23:20-07:00", "resourceId": "i-EXAMPLE55555555555", "resourceMetadata": { "ec2": { "amiId": "ami-EXAMPLE6666666666", "platform": "LINUX" } }, "resourceType": "AWS_EC2_INSTANCE", "scanStatus": { "reason": "SUCCESSFUL", "statusCode": "ACTIVE" }, "scanType": "PACKAGE" } ] }Example 2: To list coverage details about the Lambda function resource type
The following
list-coverageexample lists your Lamda function resource type details.aws inspector2 list-coverage --filter-criteria '{"resourceType":[{"comparison":"EQUALS","value":"AWS_LAMBDA_FUNCTION"}]}'Output:
{ "coveredResources": [ { "accountId": "123456789012", "resourceId": "arn:aws:lambda:us-west-2:123456789012:function:Eval-container-scan-results:$LATEST", "resourceMetadata": { "lambdaFunction": { "functionName": "Eval-container-scan-results", "functionTags": {}, "layers": [], "runtime": "PYTHON_3_7" } }, "resourceType": "AWS_LAMBDA_FUNCTION", "scanStatus": { "reason": "SUCCESSFUL", "statusCode": "ACTIVE" }, "scanType": "CODE" } ] }-
For API details, see ListCoverage
in Amazon CLI Command Reference.
-
The following code example shows how to use list-delegated-admin-accounts.
- Amazon CLI
-
To list information about the delegated administrator account of your organization
The following
list-delegated-admin-accountsexample lists information about the delegated administrator account of your organization.aws inspector2 list-delegated-admin-accountsOutput:
{ "delegatedAdminAccounts": [ { "accountId": "123456789012", "status": "ENABLED" } ] }For more information, see Designating a delegated administrator for Amazon Inspector
in the Amazon Inspector User Guide. -
For API details, see ListDelegatedAdminAccounts
in Amazon CLI Command Reference.
-
The following code example shows how to use list-event-subscriptions.
- Amazon CLI
-
To list event subscriptions
The following
list-event-subscriptionscommand lists all the event subscriptions for the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0:aws inspector list-event-subscriptions --resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0Output:
{ "subscriptions": [ { "eventSubscriptions": [ { "event": "ASSESSMENT_RUN_COMPLETED", "subscribedAt": 1459455440.867 } ], "resourceArn": "arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0", "topicArn": "arn:aws:sns:us-west-2:123456789012:exampletopic" } ] }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see ListEventSubscriptions
in Amazon CLI Command Reference.
-
The following code example shows how to use list-filters.
- Amazon CLI
-
To list filters associated with the account that you used to activated Amazon Inspector
The following
list-filtersexamples lists filters associated with the account that you used to activated Amazon Inspector.aws inspector2 list-filtersOutput:
{ "filters": [ { "action": "SUPPRESS", "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444", "createdAt": "2024-05-15T21:11:08.602000+00:00", "criteria": { "resourceType": [ { "comparison": "EQUALS", "value": "AWS_EC2_INSTANCE" }, ] }, "description": "This suppression rule omits EC2 instance type findings", "name": "ExampleSuppressionRuleEC2", "ownerId": "o-EXAMPLE222", "tags": {}, "updatedAt": "2024-05-15T21:11:08.602000+00:00" }, { "action": "SUPPRESS", "arn": "arn:aws:inspector2:us-east-1:813737243517:owner/o-EXAMPLE222/filter/EXAMPLE444444444", "createdAt": "2024-05-15T21:28:27.054000+00:00", "criteria": { "resourceType": [ { "comparison": "EQUALS", "value": "AWS_ECR_INSTANCE" } ] }, "description": "This suppression rule omits ECR instance type findings", "name": "ExampleSuppressionRuleECR", "ownerId": "o-EXAMPLE222", "tags": {}, "updatedAt": "2024-05-15T21:28:27.054000+00:00" } ] }For more information, see Filtering Amazon Inspector findings
in the Amazon Inspector User Guide. -
For API details, see ListFilters
in Amazon CLI Command Reference.
-
The following code example shows how to use list-findings.
- Amazon CLI
-
To list findings
The following
list-findingscommand lists all of the generated findings:aws inspector list-findingsOutput:
{ "findingArns": [ "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-MKkpXXPE/finding/0-HwPnsDm4", "arn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-4r1V2mAw/run/0-v5D6fI3v/finding/0-tyvmqBLy" ] }For more information, see Amazon Inspector Findings in the Amazon Inspector guide.
-
For API details, see ListFindings
in Amazon CLI Command Reference.
-
The following code example shows how to use list-members.
- Amazon CLI
-
Example 1: To list all member accounts associated with the Amazon Inspector delegated administrator for your organization
aws inspector2 list-members --only-associated
Output:
{ { "members": [ { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.520000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2024-08-12T10:13:01.472000-07:00" }, { "accountId": "625032911453", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.438000-07:00" }, { "accountId": "715411239211", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2024-04-24T09:14:57.471000-07:00" } ] }For more information, see Managing multiple accounts in Amazon Inspector with Amazon Organizations
in the Amazon Inspector User Guide. Example 2: To list all member accounts associated with and disassociated from the Amazon Inspector delegated administrator for your organization
aws inspector2 list-members --no-only-associated
Output:
{ { "members": [ { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "REMOVED", "updatedAt": "2024-05-15T11:34:53.326000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.520000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2024-08-12T10:13:01.472000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2023-09-11T09:57:20.438000-07:00" }, { "accountId": "123456789012", "delegatedAdminAccountId": "123456789012", "relationshipStatus": "ENABLED", "updatedAt": "2024-04-24T09:14:57.471000-07:00" } ] }For more information, see Managing multiple accounts in Amazon Inspector with Amazon Organizations
in the Amazon Inspector User Guide. -
For API details, see ListMembers
in Amazon CLI Command Reference.
-
The following code example shows how to use list-rules-packages.
- Amazon CLI
-
To list rules packages
The following
list-rules-packagescommand lists all available Inspector rules packages:aws inspector list-rules-packagesOutput:
{ "rulesPackageArns": [ "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p", "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc", "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ", "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD" ] }For more information, see Amazon Inspector Rules Packages and Rules in the Amazon Inspector guide.
-
For API details, see ListRulesPackages
in Amazon CLI Command Reference.
-
The following code example shows how to use list-tags-for-resource.
- Amazon CLI
-
To list tags for resource
The following
list-tags-for-resourcecommand lists all tags associated with the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-gcwFliYu:aws inspector list-tags-for-resource --resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-gcwFliYuOutput:
{ "tags": [ { "key": "Name", "value": "Example" } ] }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see ListTagsForResource
in Amazon CLI Command Reference.
-
The following code example shows how to use list-usage-totals.
- Amazon CLI
-
To list usage totals over the last 30 days
The following
list-usage-totalsexamples lists usage totals over the last 30 days.aws inspector2 list-usage-totalsOutput:
{ "totals": [ { "accountId": "123456789012", "usage": [ { "currency": "USD", "estimatedMonthlyCost": 4.6022044647, "total": 1893.4784083333334, "type": "EC2_AGENTLESS_INSTANCE_HOURS" }, { "currency": "USD", "estimatedMonthlyCost": 18.892449279, "total": 10882.050784722222, "type": "EC2_INSTANCE_HOURS" }, { "currency": "USD", "estimatedMonthlyCost": 5.4525363736, "total": 6543.043648333333, "type": "LAMBDA_FUNCTION_CODE_HOURS" }, { "currency": "USD", "estimatedMonthlyCost": 3.9064080309, "total": 9375.379274166668, "type": "LAMBDA_FUNCTION_HOURS" }, { "currency": "USD", "estimatedMonthlyCost": 0.06, "total": 6.0, "type": "ECR_RESCAN" }, { "currency": "USD", "estimatedMonthlyCost": 0.09, "total": 1.0, "type": "ECR_INITIAL_SCAN" } ] } ] }For more information, see Monitoring usage and cost in Amazon Inspector
in the Amazon Inspector User Guide. -
For API details, see ListUsageTotals
in Amazon CLI Command Reference.
-
The following code example shows how to use preview-agents.
- Amazon CLI
-
To preview agents
The following
preview-agentscommand previews the agents installed on the EC2 instances that are part of the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq:aws inspector preview-agents --preview-agents-arnarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusqOutput:
{ "agentPreviews": [ { "agentId": "i-49113b93" } ] }For more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see PreviewAgents
in Amazon CLI Command Reference.
-
The following code example shows how to use register-cross-account-access-role.
- Amazon CLI
-
To register the cross account access role
The following
register-cross-account-access-rolecommand registers the IAM role with the ARN ofarn:aws:iam::123456789012:role/inspectorthat Amazon Inspector uses to list your EC2 instances at the start of the assessment run of when you call the preview-agents command:aws inspector register-cross-account-access-role --role-arnarn:aws:iam::123456789012:role/inspectorFor more information, see Setting up Amazon Inspector in the Amazon Inspector guide.
-
For API details, see RegisterCrossAccountAccessRole
in Amazon CLI Command Reference.
-
The following code example shows how to use remove-attributes-from-findings.
- Amazon CLI
-
To remove attributes from findings
The following
remove-attributes-from-findingcommand removes the attribute with the key ofExampleand value ofexamplefrom the finding with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU:aws inspector remove-attributes-from-findings --finding-arnsarn:aws:inspector:us-west-2:123456789012:target/0-0kFIPusq/template/0-8l1VIE0D/run/0-Z02cjjug/finding/0-T8yM9mEU--attribute-keyskey=Example,value=exampleOutput:
{ "failedItems": {} }For more information, see Amazon Inspector Findings in the Amazon Inspector guide.
-
For API details, see RemoveAttributesFromFindings
in Amazon CLI Command Reference.
-
The following code example shows how to use set-tags-for-resource.
- Amazon CLI
-
To set tags for a resource
The following
set-tags-for-resourcecommand sets the tag with the key ofExampleand value ofexampleto the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0:aws inspector set-tags-for-resource --resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0--tagskey=Example,value=exampleFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see SetTagsForResource
in Amazon CLI Command Reference.
-
The following code example shows how to use start-assessment-run.
- Amazon CLI
-
To start an assessment run
The following
start-assessment-runcommand starts the assessment run namedexamplerunusing the assessment template with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T:aws inspector start-assessment-run --assessment-run-nameexamplerun--assessment-template-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4TOutput:
{ "assessmentRunArn": "arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-jOoroxyY" }For more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see StartAssessmentRun
in Amazon CLI Command Reference.
-
The following code example shows how to use stop-assessment-run.
- Amazon CLI
-
To stop an assessment run
The following
stop-assessment-runcommand stops the assessment run with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-jOoroxyY:aws inspector stop-assessment-run --assessment-run-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-it5r2S4T/run/0-jOoroxyYFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see StopAssessmentRun
in Amazon CLI Command Reference.
-
The following code example shows how to use subscribe-to-event.
- Amazon CLI
-
To subscribe to an event
The following example enables the process of sending Amazon SNS notifications about the
ASSESSMENT_RUN_COMPLETEDevent to the topic with the ARN ofarn:aws:sns:us-west-2:123456789012:exampletopicaws inspector subscribe-to-event \ --eventASSESSMENT_RUN_COMPLETED\ --resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0\ --topic-arnarn:aws:sns:us-west-2:123456789012:exampletopicThis command produces no output.
For more information, see Amazon Inspector Assessment Templates and Assessment Runs
in the Amazon Inspector guide. -
For API details, see SubscribeToEvent
in Amazon CLI Command Reference.
-
The following code example shows how to use unsubscribe-from-event.
- Amazon CLI
-
To unsubscribe from an event
The following
unsubscribe-from-eventcommand disables the process of sending Amazon SNS notifications about theASSESSMENT_RUN_COMPLETEDevent to the topic with the ARN ofarn:aws:sns:us-west-2:123456789012:exampletopic:aws inspector unsubscribe-from-event --eventASSESSMENT_RUN_COMPLETED--resource-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0--topicarn:aws:sns:us-west-2:123456789012:exampletopicFor more information, see Amazon Inspector Assessment Templates and Assessment Runs in the Amazon Inspector guide.
-
For API details, see UnsubscribeFromEvent
in Amazon CLI Command Reference.
-
The following code example shows how to use update-assessment-target.
- Amazon CLI
-
To update an assessment target
The following
update-assessment-targetcommand updates the assessment target with the ARN ofarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxXand the name ofExample, and the resource group with the ARN ofarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-yNbgL5Pt:aws inspector update-assessment-target --assessment-target-arnarn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX--assessment-target-nameExample--resource-group-arnarn:aws:inspector:us-west-2:123456789012:resourcegroup/0-yNbgL5PtFor more information, see Amazon Inspector Assessment Targets in the Amazon Inspector guide.
-
For API details, see UpdateAssessmentTarget
in Amazon CLI Command Reference.
-
The following code example shows how to use update-filter.
- Amazon CLI
-
To update a filter
The following
update-filterexample updates a filter to omit Lambda findings instead of ECR instance findings.aws inspector2 update-filter \ --filter-arn"arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444"\ --name"ExampleSuppressionRuleLambda"\ --description"This suppression rule omits Lambda instance findings"\ --reason"Updating filter to omit Lambda instance findings instead of ECR instance findings"Output:
{ "filters": [ { "action": "SUPPRESS", "arn": "arn:aws:inspector2:us-west-2:123456789012:owner/o-EXAMPLE222/filter/EXAMPLE444444444", "createdAt": "2024-05-15T21:28:27.054000+00:00", "criteria": { "resourceType": [ { "comparison": "EQUALS", "value": "AWS_ECR_INSTANCE" } ] }, "description": "This suppression rule omits Lambda instance findings", "name": "ExampleSuppressionRuleLambda", "ownerId": "o-EXAMPLE222", "reason": "Updating filter to omit Lambda instance findings instead of ECR instance findings", "tags": {}, "updatedAt": "2024-05-15T22:23:13.665000+00:00" } ] }For more information, see Managing findings in Amazon Inspector
in the Amazon Inspector User Guide. -
For API details, see UpdateFilter
in Amazon CLI Command Reference.
-