[ aws . inspector2 ]

list-finding-aggregations

Description

Lists aggregated finding data for your environment based on specific criteria.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

list-finding-aggregations is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate argument. When using --output text and the --query argument on a paginated response, the --query argument must extract data from the results of the following query expressions: responses

Synopsis

  list-finding-aggregations
[--account-ids <value>]
[--aggregation-request <value>]
--aggregation-type <value>
[--cli-input-json | --cli-input-yaml]
[--starting-token <value>]
[--page-size <value>]
[--max-items <value>]
[--generate-cli-skeleton <value>]

Options

--account-ids (list)

The Amazon Web Services account IDs to retrieve finding aggregation data for.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

Shorthand Syntax:

comparison=string,value=string ...

JSON Syntax:

[
  {
    "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
    "value": "string"
  }
  ...
]

--aggregation-request (structure)

Details of the aggregation request that is used to filter your aggregation results.

accountAggregation -> (structure)

An object that contains details about an aggregation request based on Amazon Web Services account IDs.

findingType -> (string)

The type of finding.

resourceType -> (string)

The type of resource.

sortBy -> (string)

The value to sort by.

sortOrder -> (string)

The sort order (ascending or descending).

amiAggregation -> (structure)

An object that contains details about an aggregation request based on Amazon Machine Images (AMIs).

amis -> (list)

The IDs of AMIs to aggregate findings for.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

sortBy -> (string)

The value to sort results by.

sortOrder -> (string)

The order to sort results by.

awsEcrContainerAggregation -> (structure)

An object that contains details about an aggregation request based on Amazon ECR container images.

architectures -> (list)

The architecture of the containers.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

imageShas -> (list)

The image SHA values.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

imageTags -> (list)

The image tags.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

repositories -> (list)

The container repositories.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

resourceIds -> (list)

The container resource IDs.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

sortBy -> (string)

The value to sort by.

sortOrder -> (string)

The sort order (ascending or descending).

ec2InstanceAggregation -> (structure)

An object that contains details about an aggregation request based on Amazon EC2 instances.

amis -> (list)

The AMI IDs associated with the Amazon EC2 instances to aggregate findings for.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

instanceIds -> (list)

The Amazon EC2 instance IDs to aggregate findings for.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

instanceTags -> (list)

The Amazon EC2 instance tags to aggregate findings for.

(structure)

An object that describes details of a map filter.

comparison -> (string)

The operator to use when comparing values in the filter.

key -> (string)

The tag key used in the filter.

value -> (string)

The tag value used in the filter.

operatingSystems -> (list)

The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are ORACLE_LINUX_7 and ALPINE_LINUX_3_8 .

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

sortBy -> (string)

The value to sort results by.

sortOrder -> (string)

The order to sort results by.

findingTypeAggregation -> (structure)

An object that contains details about an aggregation request based on finding types.

findingType -> (string)

The finding type to aggregate.

resourceType -> (string)

The resource type to aggregate.

sortBy -> (string)

The value to sort results by.

sortOrder -> (string)

The order to sort results by.

imageLayerAggregation -> (structure)

An object that contains details about an aggregation request based on container image layers.

layerHashes -> (list)

The hashes associated with the layers.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

repositories -> (list)

The repository associated with the container image hosting the layers.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

resourceIds -> (list)

The ID of the container image layer.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

sortBy -> (string)

The value to sort results by.

sortOrder -> (string)

The order to sort results by.

packageAggregation -> (structure)

An object that contains details about an aggregation request based on operating system package type.

packageNames -> (list)

The names of packages to aggregate findings on.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

sortBy -> (string)

The value to sort results by.

sortOrder -> (string)

The order to sort results by.

repositoryAggregation -> (structure)

An object that contains details about an aggregation request based on Amazon ECR repositories.

repositories -> (list)

The names of repositories to aggregate findings on.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

sortBy -> (string)

The value to sort results by.

sortOrder -> (string)

The order to sort results by.

titleAggregation -> (structure)

An object that contains details about an aggregation request based on finding title.

resourceType -> (string)

The resource type to aggregate on.

sortBy -> (string)

The value to sort results by.

sortOrder -> (string)

The order to sort results by.

titles -> (list)

The finding titles to aggregate on.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

vulnerabilityIds -> (list)

The vulnerability IDs of the findings.

(structure)

An object that describes the details of a string filter.

comparison -> (string)

The operator to use when comparing values in the filter

value -> (string)

The value to filter on.

JSON Syntax:

{
  "accountAggregation": {
    "findingType": "NETWORK_REACHABILITY"|"PACKAGE_VULNERABILITY",
    "resourceType": "AWS_EC2_INSTANCE"|"AWS_ECR_CONTAINER_IMAGE",
    "sortBy": "CRITICAL"|"HIGH"|"ALL",
    "sortOrder": "ASC"|"DESC"
  },
  "amiAggregation": {
    "amis": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "sortBy": "CRITICAL"|"HIGH"|"ALL"|"AFFECTED_INSTANCES",
    "sortOrder": "ASC"|"DESC"
  },
  "awsEcrContainerAggregation": {
    "architectures": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "imageShas": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "imageTags": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "repositories": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "resourceIds": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "sortBy": "CRITICAL"|"HIGH"|"ALL",
    "sortOrder": "ASC"|"DESC"
  },
  "ec2InstanceAggregation": {
    "amis": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "instanceIds": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "instanceTags": [
      {
        "comparison": "EQUALS",
        "key": "string",
        "value": "string"
      }
      ...
    ],
    "operatingSystems": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "sortBy": "NETWORK_FINDINGS"|"CRITICAL"|"HIGH"|"ALL",
    "sortOrder": "ASC"|"DESC"
  },
  "findingTypeAggregation": {
    "findingType": "NETWORK_REACHABILITY"|"PACKAGE_VULNERABILITY",
    "resourceType": "AWS_EC2_INSTANCE"|"AWS_ECR_CONTAINER_IMAGE",
    "sortBy": "CRITICAL"|"HIGH"|"ALL",
    "sortOrder": "ASC"|"DESC"
  },
  "imageLayerAggregation": {
    "layerHashes": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "repositories": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "resourceIds": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "sortBy": "CRITICAL"|"HIGH"|"ALL",
    "sortOrder": "ASC"|"DESC"
  },
  "packageAggregation": {
    "packageNames": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "sortBy": "CRITICAL"|"HIGH"|"ALL",
    "sortOrder": "ASC"|"DESC"
  },
  "repositoryAggregation": {
    "repositories": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "sortBy": "CRITICAL"|"HIGH"|"ALL"|"AFFECTED_IMAGES",
    "sortOrder": "ASC"|"DESC"
  },
  "titleAggregation": {
    "resourceType": "AWS_EC2_INSTANCE"|"AWS_ECR_CONTAINER_IMAGE",
    "sortBy": "CRITICAL"|"HIGH"|"ALL",
    "sortOrder": "ASC"|"DESC",
    "titles": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ],
    "vulnerabilityIds": [
      {
        "comparison": "EQUALS"|"PREFIX"|"NOT_EQUALS",
        "value": "string"
      }
      ...
    ]
  }
}

--aggregation-type (string)

The type of the aggregation request.

Possible values:

  • FINDING_TYPE

  • PACKAGE

  • TITLE

  • REPOSITORY

  • AMI

  • AWS_EC2_INSTANCE

  • AWS_ECR_CONTAINER

  • IMAGE_LAYER

  • ACCOUNT

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--starting-token (string)

A token to specify where to start paginating. This is the NextToken from a previously truncated response.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--page-size (integer)

The size of each page to get in the AWS service call. This does not affect the number of items returned in the command’s output. Setting a smaller page size results in more calls to the AWS service, retrieving fewer items in each call. This can help prevent the AWS service calls from timing out.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--max-items (integer)

The total number of items to return in the command’s output. If the total number of items available is more than the value specified, a NextToken is provided in the command’s output. To resume pagination, provide the NextToken value in the starting-token argument of a subsequent command. Do not use the NextToken response element directly outside of the AWS CLI.

For usage examples, see Pagination in the AWS Command Line Interface User Guide .

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

See ‘aws help’ for descriptions of global parameters.

Output

aggregationType -> (string)

The type of aggregation to perform.

nextToken -> (string)

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

responses -> (list)

Objects that contain the results of an aggregation operation.

(structure)

A structure that contains details about the results of an aggregation type.

accountAggregation -> (structure)

An object that contains details about an aggregation response based on Amazon Web Services account IDs.

accountId -> (string)

The Amazon Web Services account ID.

severityCounts -> (structure)

The number of findings by severity.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

amiAggregation -> (structure)

An object that contains details about an aggregation response based on Amazon Machine Images (AMIs).

accountId -> (string)

The Amazon Web Services account ID that the AMI belongs.

affectedInstances -> (long)

The IDs of Amazon EC2 instances using this AMI.

ami -> (string)

The ID of the AMI that findings were aggregated for.

severityCounts -> (structure)

An object that contains the count of matched findings per severity.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

awsEcrContainerAggregation -> (structure)

An object that contains details about an aggregation response based on Amazon ECR container images.

accountId -> (string)

The Amazon Web Services account ID of the account that owns the container.

architecture -> (string)

The architecture of the container.

imageSha -> (string)

The SHA value of the container image.

imageTags -> (list)

The container image stags.

(string)

repository -> (string)

The container repository.

resourceId -> (string)

The resource ID of the container.

severityCounts -> (structure)

The number of finding by severity.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

ec2InstanceAggregation -> (structure)

An object that contains details about an aggregation response based on Amazon EC2 instances.

accountId -> (string)

The Amazon Web Services account the Amazon EC2 instance belongs to.

ami -> (string)

The Amazon Machine Image (AMI) of the Amazon EC2 instance.

instanceId -> (string)

The Amazon EC2 instance ID.

instanceTags -> (map)

The tags attached to the instance.

key -> (string)

value -> (string)

networkFindings -> (long)

The number of network findings for the Amazon EC2 instance.

operatingSystem -> (string)

The operating system of the Amazon EC2 instance.

severityCounts -> (structure)

An object that contains the count of matched findings per severity.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

findingTypeAggregation -> (structure)

An object that contains details about an aggregation response based on finding types.

accountId -> (string)

The ID of the Amazon Web Services account associated with the findings.

severityCounts -> (structure)

The value to sort results by.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

imageLayerAggregation -> (structure)

An object that contains details about an aggregation response based on container image layers.

accountId -> (string)

The ID of the Amazon Web Services account that owns the container image hosting the layer image.

layerHash -> (string)

The layer hash.

repository -> (string)

The repository the layer resides in.

resourceId -> (string)

The resource ID of the container image layer.

severityCounts -> (structure)

An object that represents the count of matched findings per severity.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

packageAggregation -> (structure)

An object that contains details about an aggregation response based on operating system package type.

accountId -> (string)

The ID of the Amazon Web Services account associated with the findings.

packageName -> (string)

The name of the operating system package.

severityCounts -> (structure)

An object that contains the count of matched findings per severity.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

repositoryAggregation -> (structure)

An object that contains details about an aggregation response based on Amazon ECR repositories.

accountId -> (string)

The ID of the Amazon Web Services account associated with the findings.

affectedImages -> (long)

The number of container images impacted by the findings.

repository -> (string)

The name of the repository associated with the findings.

severityCounts -> (structure)

An object that represent the count of matched findings per severity.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

titleAggregation -> (structure)

An object that contains details about an aggregation response based on finding title.

accountId -> (string)

The ID of the Amazon Web Services account associated with the findings.

severityCounts -> (structure)

An object that represent the count of matched findings per severity.

all -> (long)

The total count of findings from all severities.

critical -> (long)

The total count of critical severity findings.

high -> (long)

The total count of high severity findings.

medium -> (long)

The total count of medium severity findings.

title -> (string)

The title that the findings were aggregated on.

vulnerabilityId -> (string)

The vulnerability ID of the finding.