AWS CLI Command Reference

[ aws . inspector2 ]

create-filter

Description

Creates a filter resource using specified filter criteria.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  create-filter
--action <value>
[--description <value>]
--filter-criteria <value>
--name <value>
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--action (string)

Defines the action that is to be applied to the findings that match the filter.

Possible values:

  • NONE

  • SUPPRESS

--description (string)

A description of the filter.

--filter-criteria (structure)

Defines the criteria to be used in the filter for querying findings.

awsAccountId -> (list)

Details of the Amazon Web Services account IDs used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

componentId -> (list)

Details of the component IDs used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

componentType -> (list)

Details of the component types used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

ec2InstanceImageId -> (list)

Details of the Amazon EC2 instance image IDs used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

ec2InstanceSubnetId -> (list)

Details of the Amazon EC2 instance subnet IDs used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

ec2InstanceVpcId -> (list)

Details of the Amazon EC2 instance VPC IDs used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

ecrImageArchitecture -> (list)

Details of the Amazon ECR image architecture types used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

ecrImageHash -> (list)

Details of the Amazon ECR image hashes used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

ecrImagePushedAt -> (list)

Details on the Amazon ECR image push date and time used to filter findings.

(structure)

Contains details on the time range used to filter findings.

endInclusive -> (timestamp)

A timestamp representing the end of the time period filtered on.

startInclusive -> (timestamp)

A timestamp representing the start of the time period filtered on.

ecrImageRegistry -> (list)

Details on the Amazon ECR registry used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

ecrImageRepositoryName -> (list)

Details on the name of the Amazon ECR repository used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

ecrImageTags -> (list)

The tags attached to the Amazon ECR container image.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

findingArn -> (list)

Details on the finding ARNs used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

findingStatus -> (list)

Details on the finding status types used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

findingType -> (list)

Details on the finding types used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

firstObservedAt -> (list)

Details on the date and time a finding was first seen used to filter findings.

(structure)

Contains details on the time range used to filter findings.

endInclusive -> (timestamp)

A timestamp representing the end of the time period filtered on.

startInclusive -> (timestamp)

A timestamp representing the start of the time period filtered on.

inspectorScore -> (list)

The Amazon Inspector score to filter on.

(structure)

An object that describes the details of a number filter.

lowerInclusive -> (double)

The lowest number to be included in the filter.

upperInclusive -> (double)

The highest number to be included in the filter.

lastObservedAt -> (list)

Details on the date and time a finding was last seen used to filter findings.

(structure)

Contains details on the time range used to filter findings.

endInclusive -> (timestamp)

A timestamp representing the end of the time period filtered on.

startInclusive -> (timestamp)

A timestamp representing the start of the time period filtered on.

networkProtocol -> (list)

Details on the ingress source addresses used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

portRange -> (list)

Details on the port ranges used to filter findings.

(structure)

An object that describes the details of a port range filter.

beginInclusive -> (integer)

The port number the port range begins at.

endInclusive -> (integer)

The port number the port range ends at.

relatedVulnerabilities -> (list)

Details on the related vulnerabilities used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

resourceId -> (list)

Details on the resource IDs used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

resourceTags -> (list)

Details on the resource tags used to filter findings.

(structure)

An object that describes details of a map filter.

comparison -> (string)

The operator to use when comparing values in the filter.

key -> (string)

The tag key used in the filter.

value -> (string)

The tag value used in the filter.

resourceType -> (list)

Details on the resource types used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

severity -> (list)

Details on the severity used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

title -> (list)

Details on the finding title used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

updatedAt -> (list)

Details on the date and time a finding was last updated at used to filter findings.

(structure)

Contains details on the time range used to filter findings.

endInclusive -> (timestamp)

A timestamp representing the end of the time period filtered on.

startInclusive -> (timestamp)

A timestamp representing the start of the time period filtered on.

vendorSeverity -> (list)

Details on the vendor severity used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

vulnerabilityId -> (list)

Details on the vulnerability ID used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

vulnerabilitySource -> (list)

Details on the vulnerability type used to filter findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

vulnerablePackages -> (list)

Details on the vulnerable packages used to filter findings.

(structure)

Contains information on the details of a package filter.

architecture -> (structure)

An object that contains details on the package architecture type to filter on.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

epoch -> (structure)

An object that contains details on the package epoch to filter on.

lowerInclusive -> (double)

The lowest number to be included in the filter.

upperInclusive -> (double)

The highest number to be included in the filter.

name -> (structure)

An object that contains details on the name of the package to filter on.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

release -> (structure)

An object that contains details on the package release to filter on.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

sourceLayerHash -> (structure)

An object that contains details on the source layer hash to filter on.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

version -> (structure)

The package version to filter on.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

JSON Syntax:

{
  "awsAccountId": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "componentId": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "componentType": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "ec2InstanceImageId": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "ec2InstanceSubnetId": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "ec2InstanceVpcId": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "ecrImageArchitecture": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "ecrImageHash": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "ecrImagePushedAt": [
    {
      "endInclusive": timestamp,
      "startInclusive": timestamp
    }
    ...
  ],
  "ecrImageRegistry": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "ecrImageRepositoryName": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "ecrImageTags": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "findingArn": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "findingStatus": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "findingType": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "firstObservedAt": [
    {
      "endInclusive": timestamp,
      "startInclusive": timestamp
    }
    ...
  ],
  "inspectorScore": [
    {
      "lowerInclusive": double,
      "upperInclusive": double
    }
    ...
  ],
  "lastObservedAt": [
    {
      "endInclusive": timestamp,
      "startInclusive": timestamp
    }
    ...
  ],
  "networkProtocol": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "portRange": [
    {
      "beginInclusive": integer,
      "endInclusive": integer
    }
    ...
  ],
  "relatedVulnerabilities": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "resourceId": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "resourceTags": [
    {
      "comparison": "EQUALS",
      "key": "string",
      "value": "string"
    }
    ...
  ],
  "resourceType": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "severity": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "title": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "updatedAt": [
    {
      "endInclusive": timestamp,
      "startInclusive": timestamp
    }
    ...
  ],
  "vendorSeverity": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "vulnerabilityId": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "vulnerabilitySource": [
    {
      "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
      "value": "string"
    }
    ...
  ],
  "vulnerablePackages": [
    {
      "architecture": {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      },
      "epoch": {
        "lowerInclusive": double,
        "upperInclusive": double
      },
      "name": {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      },
      "release": {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      },
      "sourceLayerHash": {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      },
      "version": {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
    }
    ...
  ]
}

--name (string)

The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

--tags (map)

A list of tags for the filter.

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Output

arn -> (string)

The Amazon Resource Number (ARN) of the successfully created filter.

© Copyright 2018, Amazon Web Services. Created using Sphinx.