Question posted in 
I created a script to report on inspector output from the command line.
aws inspector2 list-findings --query 'findings[*].{Severity:severity,Title:title,Instance:resources[*].id,Name:resources[*].tags.name,Type:resources[*].type}' --profile MYPROFILE --output json
I noticed that the output seems to be point-in-time data vs. current data. For example, I see high vulnerability counts even after patching, but if I look in the console I see the numbers for inspector are totally different.
Is there another filter I need to use to provide current findings vs. old and outdated findings?
Thanks!
aws inspector2 list-findings --query 'findings[*].{Severity:severity,Title:title,Instance:resources[*].id,Name:resources[*].tags.name,Type:resources[*].type}' --profile MYPROFILE --output json
It is showing old data even after patching instances with vulnerabilities. This doesn’t match what I see in the AWS console in Inspector.
2
Answers
Thank you very much! That helped me accomplish what I was looking to do.
aws list-findingsoutputs all the findings with their details (which include status). If you need to filter only findings that are not yet solved, you should add:This way it will show you only findings that are not yet solved (they have status ACTIVE in the Amazon Inspector).