Inspector2 / Client / create_filter
create_filter#
- Inspector2.Client.create_filter(**kwargs)#
Creates a filter resource using specified filter criteria. When the filter action is set to
SUPPRESSthis action creates a suppression rule.See also: AWS API Documentation
Request Syntax
response = client.create_filter( action='NONE'|'SUPPRESS', description='string', filterCriteria={ 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'endInclusive': datetime(2015, 1, 1), 'startInclusive': datetime(2015, 1, 1) }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'lowerInclusive': 123.0, 'upperInclusive': 123.0 }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'endInclusive': datetime(2015, 1, 1), 'startInclusive': datetime(2015, 1, 1) }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'lowerInclusive': 123.0, 'upperInclusive': 123.0 }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'endInclusive': datetime(2015, 1, 1), 'startInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lastObservedAt': [ { 'endInclusive': datetime(2015, 1, 1), 'startInclusive': datetime(2015, 1, 1) }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'updatedAt': [ { 'endInclusive': datetime(2015, 1, 1), 'startInclusive': datetime(2015, 1, 1) }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'lowerInclusive': 123.0, 'upperInclusive': 123.0 }, 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ] }, name='string', reason='string', tags={ 'string': 'string' } )
- Parameters:
action (string) –
[REQUIRED]
Defines the action that is to be applied to the findings that match the filter.
description (string) – A description of the filter.
filterCriteria (dict) –
[REQUIRED]
Defines the criteria to be used in the filter for querying findings.
awsAccountId (list) –
Details of the Amazon Web Services account IDs used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
codeVulnerabilityDetectorName (list) –
The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
codeVulnerabilityDetectorTags (list) –
The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
codeVulnerabilityFilePath (list) –
The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
componentId (list) –
Details of the component IDs used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
componentType (list) –
Details of the component types used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
ec2InstanceImageId (list) –
Details of the Amazon EC2 instance image IDs used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
ec2InstanceSubnetId (list) –
Details of the Amazon EC2 instance subnet IDs used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
ec2InstanceVpcId (list) –
Details of the Amazon EC2 instance VPC IDs used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
ecrImageArchitecture (list) –
Details of the Amazon ECR image architecture types used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
ecrImageHash (list) –
Details of the Amazon ECR image hashes used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
ecrImagePushedAt (list) –
Details on the Amazon ECR image push date and time used to filter findings.
(dict) –
Contains details on the time range used to filter findings.
endInclusive (datetime) –
A timestamp representing the end of the time period filtered on.
startInclusive (datetime) –
A timestamp representing the start of the time period filtered on.
ecrImageRegistry (list) –
Details on the Amazon ECR registry used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
ecrImageRepositoryName (list) –
Details on the name of the Amazon ECR repository used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
ecrImageTags (list) –
The tags attached to the Amazon ECR container image.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
epssScore (list) –
The EPSS score used to filter findings.
(dict) –
An object that describes the details of a number filter.
lowerInclusive (float) –
The lowest number to be included in the filter.
upperInclusive (float) –
The highest number to be included in the filter.
exploitAvailable (list) –
Filters the list of Amazon Web Services Lambda findings by the availability of exploits.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
findingArn (list) –
Details on the finding ARNs used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
findingStatus (list) –
Details on the finding status types used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
findingType (list) –
Details on the finding types used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
firstObservedAt (list) –
Details on the date and time a finding was first seen used to filter findings.
(dict) –
Contains details on the time range used to filter findings.
endInclusive (datetime) –
A timestamp representing the end of the time period filtered on.
startInclusive (datetime) –
A timestamp representing the start of the time period filtered on.
fixAvailable (list) –
Details on whether a fix is available through a version update. This value can be
YES,NO, orPARTIAL. APARTIALfix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
inspectorScore (list) –
The Amazon Inspector score to filter on.
(dict) –
An object that describes the details of a number filter.
lowerInclusive (float) –
The lowest number to be included in the filter.
upperInclusive (float) –
The highest number to be included in the filter.
lambdaFunctionExecutionRoleArn (list) –
Filters the list of Amazon Web Services Lambda functions by execution role.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
lambdaFunctionLastModifiedAt (list) –
Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format
(dict) –
Contains details on the time range used to filter findings.
endInclusive (datetime) –
A timestamp representing the end of the time period filtered on.
startInclusive (datetime) –
A timestamp representing the start of the time period filtered on.
lambdaFunctionLayers (list) –
Filters the list of Amazon Web Services Lambda functions by the function’s layers. A Lambda function can have up to five layers.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
lambdaFunctionName (list) –
Filters the list of Amazon Web Services Lambda functions by the name of the function.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
lambdaFunctionRuntime (list) –
Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
lastObservedAt (list) –
Details on the date and time a finding was last seen used to filter findings.
(dict) –
Contains details on the time range used to filter findings.
endInclusive (datetime) –
A timestamp representing the end of the time period filtered on.
startInclusive (datetime) –
A timestamp representing the start of the time period filtered on.
networkProtocol (list) –
Details on network protocol used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
portRange (list) –
Details on the port ranges used to filter findings.
(dict) –
An object that describes the details of a port range filter.
beginInclusive (integer) –
The port number the port range begins at.
endInclusive (integer) –
The port number the port range ends at.
relatedVulnerabilities (list) –
Details on the related vulnerabilities used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
resourceId (list) –
Details on the resource IDs used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
resourceTags (list) –
Details on the resource tags used to filter findings.
(dict) –
An object that describes details of a map filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
key (string) – [REQUIRED]
The tag key used in the filter.
value (string) –
The tag value used in the filter.
resourceType (list) –
Details on the resource types used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
severity (list) –
Details on the severity used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
title (list) –
Details on the finding title used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
updatedAt (list) –
Details on the date and time a finding was last updated at used to filter findings.
(dict) –
Contains details on the time range used to filter findings.
endInclusive (datetime) –
A timestamp representing the end of the time period filtered on.
startInclusive (datetime) –
A timestamp representing the start of the time period filtered on.
vendorSeverity (list) –
Details on the vendor severity used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
vulnerabilityId (list) –
Details on the vulnerability ID used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
vulnerabilitySource (list) –
Details on the vulnerability type used to filter findings.
(dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
vulnerablePackages (list) –
Details on the vulnerable packages used to filter findings.
(dict) –
Contains information on the details of a package filter.
architecture (dict) –
An object that contains details on the package architecture type to filter on.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
epoch (dict) –
An object that contains details on the package epoch to filter on.
lowerInclusive (float) –
The lowest number to be included in the filter.
upperInclusive (float) –
The highest number to be included in the filter.
name (dict) –
An object that contains details on the name of the package to filter on.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
release (dict) –
An object that contains details on the package release to filter on.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
sourceLambdaLayerArn (dict) –
An object that describes the details of a string filter.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
sourceLayerHash (dict) –
An object that contains details on the source layer hash to filter on.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
version (dict) –
The package version to filter on.
comparison (string) – [REQUIRED]
The operator to use when comparing values in the filter.
value (string) – [REQUIRED]
The value to filter on.
name (string) –
[REQUIRED]
The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.
reason (string) – The reason for creating the filter.
tags (dict) –
A list of tags for the filter.
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'arn': 'string' }
Response Structure
(dict) –
arn (string) –
The Amazon Resource Number (ARN) of the successfully created filter.
Exceptions