aws-sdk-inspector2 1.10.0 → 1.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d8a05c9f3073b7cd2de272a497ea7dc33241e5acc2f1ff97ac6c932ef0872a98
-  data.tar.gz: 657a6c49c85d3ad04967a1372791f7371b39d21a4773c67e80a65c44a88decef
+  metadata.gz: 37045386cef6441373fa42145f3ecf648fef0f4322fad6515b80719539a77473
+  data.tar.gz: b815de9f7ae4804241a5aabc60fede44880a5ba087b92d4000e179b7c7fee2ca
 SHA512:
-  metadata.gz: 11e3761219c9f9d140f48e298ecd05c7c5a34c22f8bd657ec554bf9abe8f4e9dda48a8cab421f9422ce5d5dbae0ac2f860cb6cf5105c8159e3e9078afbdb5f9a
-  data.tar.gz: cb819fb1b69b9e446a9e223f6fd72dc5ddc8c6c04c415bbf4ff6af2ad2cde245dd2112dafd2615c7bae21b64d6f4a5bbdea4bc735f941990754655402adb17b8
+  metadata.gz: 1b1f03de0aaef59011515095e6fbd52e881a1ff9a49c798d7048af053da8d2db939b786a32f263332ebcd01e988d0df84b096f02af018f5c460055216687ab32
+  data.tar.gz: a20ac868d3f766413ca6cc2a70ed86276d9fcbeef6db46c9e2d609727c3ac2b2b903b109959141cca536e6d4ee92963af94fd7912f0785a05b110ddbdf26de70

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.12.0 (2023-05-05)
+------------------
+
+* Feature - Amazon Inspector now allows customers to search its vulnerability intelligence database if any of the Inspector scanning types are activated.
+
+1.11.0 (2023-05-03)
+------------------
+
+* Feature - This feature provides deep inspection for linux based instance
+
 1.10.0 (2023-01-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.10.0
+1.12.0

data/lib/aws-sdk-inspector2/client.rb

@@ -369,7 +369,16 @@ module Aws::Inspector2
     # @!group API Operations
 
     # Associates an Amazon Web Services account with an Amazon Inspector
-    # delegated administrator.
+    # delegated administrator. An HTTP 200 response indicates the
+    # association was successfully started, but doesn’t indicate whether it
+    # was completed. You can check if the association completed by using
+    # [ListMembers][1] for multiple accounts or [GetMembers][2] for a single
+    # account.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListMembers.html
+    # [2]: https://docs.aws.amazon.com/inspector/v2/APIReference/API_GetMember.html
     #
     # @option params [required, String] :account_id
     #   The Amazon Web Services account ID of the member account to be
@@ -489,6 +498,92 @@ module Aws::Inspector2
       req.send_request(options)
     end
 
+    # Retrieves Amazon Inspector deep inspection activation status of
+    # multiple member accounts within your organization. You must be the
+    # delegated administrator of an organization in Amazon Inspector to use
+    # this API.
+    #
+    # @option params [Array<String>] :account_ids
+    #   The unique identifiers for the Amazon Web Services accounts to
+    #   retrieve Amazon Inspector deep inspection activation status for.
+    #   </p>
+    #
+    # @return [Types::BatchGetMemberEc2DeepInspectionStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchGetMemberEc2DeepInspectionStatusResponse#account_ids #account_ids} => Array&lt;Types::MemberAccountEc2DeepInspectionStatusState&gt;
+    #   * {Types::BatchGetMemberEc2DeepInspectionStatusResponse#failed_account_ids #failed_account_ids} => Array&lt;Types::FailedMemberAccountEc2DeepInspectionStatusState&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_get_member_ec2_deep_inspection_status({
+    #     account_ids: ["AccountId"],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account_ids #=> Array
+    #   resp.account_ids[0].account_id #=> String
+    #   resp.account_ids[0].error_message #=> String
+    #   resp.account_ids[0].status #=> String, one of "ACTIVATED", "DEACTIVATED", "PENDING", "FAILED"
+    #   resp.failed_account_ids #=> Array
+    #   resp.failed_account_ids[0].account_id #=> String
+    #   resp.failed_account_ids[0].ec2_scan_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED", "SUSPENDING", "SUSPENDED"
+    #   resp.failed_account_ids[0].error_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/inspector2-2020-06-08/BatchGetMemberEc2DeepInspectionStatus AWS API Documentation
+    #
+    # @overload batch_get_member_ec2_deep_inspection_status(params = {})
+    # @param [Hash] params ({})
+    def batch_get_member_ec2_deep_inspection_status(params = {}, options = {})
+      req = build_request(:batch_get_member_ec2_deep_inspection_status, params)
+      req.send_request(options)
+    end
+
+    # Activates or deactivates Amazon Inspector deep inspection for the
+    # provided member accounts in your organization. You must be the
+    # delegated administrator of an organization in Amazon Inspector to use
+    # this API.
+    #
+    # @option params [required, Array<Types::MemberAccountEc2DeepInspectionStatus>] :account_ids
+    #   The unique identifiers for the Amazon Web Services accounts to change
+    #   Amazon Inspector deep inspection status for.
+    #
+    # @return [Types::BatchUpdateMemberEc2DeepInspectionStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchUpdateMemberEc2DeepInspectionStatusResponse#account_ids #account_ids} => Array&lt;Types::MemberAccountEc2DeepInspectionStatusState&gt;
+    #   * {Types::BatchUpdateMemberEc2DeepInspectionStatusResponse#failed_account_ids #failed_account_ids} => Array&lt;Types::FailedMemberAccountEc2DeepInspectionStatusState&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_update_member_ec2_deep_inspection_status({
+    #     account_ids: [ # required
+    #       {
+    #         account_id: "AccountId", # required
+    #         activate_deep_inspection: false, # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account_ids #=> Array
+    #   resp.account_ids[0].account_id #=> String
+    #   resp.account_ids[0].error_message #=> String
+    #   resp.account_ids[0].status #=> String, one of "ACTIVATED", "DEACTIVATED", "PENDING", "FAILED"
+    #   resp.failed_account_ids #=> Array
+    #   resp.failed_account_ids[0].account_id #=> String
+    #   resp.failed_account_ids[0].ec2_scan_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED", "SUSPENDING", "SUSPENDED"
+    #   resp.failed_account_ids[0].error_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/inspector2-2020-06-08/BatchUpdateMemberEc2DeepInspectionStatus AWS API Documentation
+    #
+    # @overload batch_update_member_ec2_deep_inspection_status(params = {})
+    # @param [Hash] params ({})
+    def batch_update_member_ec2_deep_inspection_status(params = {}, options = {})
+      req = build_request(:batch_update_member_ec2_deep_inspection_status, params)
+      req.send_request(options)
+    end
+
     # Cancels the given findings report.
     #
     # @option params [required, String] :report_id
@@ -826,7 +921,9 @@ module Aws::Inspector2
       req.send_request(options)
     end
 
-    # Creates a finding report.
+    # Creates a finding report. By default only `ACTIVE` findings are
+    # returned in the report. To see `SUPRESSED` or `CLOSED` findings you
+    # must specify a value for the `findingStatus` filter criteria.
     #
     # @option params [Types::FilterCriteria] :filter_criteria
     #   The filter criteria to apply to the results of the finding report.
@@ -1416,6 +1513,34 @@ module Aws::Inspector2
       req.send_request(options)
     end
 
+    # Retrieves the activation status of Amazon Inspector deep inspection
+    # and custom paths associated with your account.
+    #
+    # @return [Types::GetEc2DeepInspectionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetEc2DeepInspectionConfigurationResponse#error_message #error_message} => String
+    #   * {Types::GetEc2DeepInspectionConfigurationResponse#org_package_paths #org_package_paths} => Array&lt;String&gt;
+    #   * {Types::GetEc2DeepInspectionConfigurationResponse#package_paths #package_paths} => Array&lt;String&gt;
+    #   * {Types::GetEc2DeepInspectionConfigurationResponse#status #status} => String
+    #
+    # @example Response structure
+    #
+    #   resp.error_message #=> String
+    #   resp.org_package_paths #=> Array
+    #   resp.org_package_paths[0] #=> String
+    #   resp.package_paths #=> Array
+    #   resp.package_paths[0] #=> String
+    #   resp.status #=> String, one of "ACTIVATED", "DEACTIVATED", "PENDING", "FAILED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/inspector2-2020-06-08/GetEc2DeepInspectionConfiguration AWS API Documentation
+    #
+    # @overload get_ec2_deep_inspection_configuration(params = {})
+    # @param [Hash] params ({})
+    def get_ec2_deep_inspection_configuration(params = {}, options = {})
+      req = build_request(:get_ec2_deep_inspection_configuration, params)
+      req.send_request(options)
+    end
+
     # Gets the status of a findings report.
     #
     # @option params [String] :report_id
@@ -1786,7 +1911,7 @@ module Aws::Inspector2
     #   resp.covered_resources[0].resource_metadata.lambda_function.layers[0] #=> String
     #   resp.covered_resources[0].resource_metadata.lambda_function.runtime #=> String, one of "NODEJS", "NODEJS_12_X", "NODEJS_14_X", "NODEJS_16_X", "JAVA_8", "JAVA_8_AL2", "JAVA_11", "PYTHON_3_7", "PYTHON_3_8", "PYTHON_3_9", "UNSUPPORTED", "NODEJS_18_X", "GO_1_X"
     #   resp.covered_resources[0].resource_type #=> String, one of "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", "AWS_LAMBDA_FUNCTION"
-    #   resp.covered_resources[0].scan_status.reason #=> String, one of "PENDING_INITIAL_SCAN", "ACCESS_DENIED", "INTERNAL_ERROR", "UNMANAGED_EC2_INSTANCE", "UNSUPPORTED_OS", "SCAN_ELIGIBILITY_EXPIRED", "RESOURCE_TERMINATED", "SUCCESSFUL", "NO_RESOURCES_FOUND", "IMAGE_SIZE_EXCEEDED", "SCAN_FREQUENCY_MANUAL", "SCAN_FREQUENCY_SCAN_ON_PUSH", "EC2_INSTANCE_STOPPED", "PENDING_DISABLE", "NO_INVENTORY", "STALE_INVENTORY", "EXCLUDED_BY_TAG", "UNSUPPORTED_RUNTIME"
+    #   resp.covered_resources[0].scan_status.reason #=> String, one of "PENDING_INITIAL_SCAN", "ACCESS_DENIED", "INTERNAL_ERROR", "UNMANAGED_EC2_INSTANCE", "UNSUPPORTED_OS", "SCAN_ELIGIBILITY_EXPIRED", "RESOURCE_TERMINATED", "SUCCESSFUL", "NO_RESOURCES_FOUND", "IMAGE_SIZE_EXCEEDED", "SCAN_FREQUENCY_MANUAL", "SCAN_FREQUENCY_SCAN_ON_PUSH", "EC2_INSTANCE_STOPPED", "PENDING_DISABLE", "NO_INVENTORY", "STALE_INVENTORY", "EXCLUDED_BY_TAG", "UNSUPPORTED_RUNTIME", "UNSUPPORTED_MEDIA_TYPE", "UNSUPPORTED_CONFIG_FILE", "DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED", "DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED", "DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED", "DEEP_INSPECTION_NO_INVENTORY"
     #   resp.covered_resources[0].scan_status.status_code #=> String, one of "ACTIVE", "INACTIVE"
     #   resp.covered_resources[0].scan_type #=> String, one of "NETWORK", "PACKAGE"
     #   resp.next_token #=> String
@@ -2836,7 +2961,7 @@ module Aws::Inspector2
     #   resp.findings[0].package_vulnerability_details.vulnerable_packages[0].file_path #=> String
     #   resp.findings[0].package_vulnerability_details.vulnerable_packages[0].fixed_in_version #=> String
     #   resp.findings[0].package_vulnerability_details.vulnerable_packages[0].name #=> String
-    #   resp.findings[0].package_vulnerability_details.vulnerable_packages[0].package_manager #=> String, one of "BUNDLER", "CARGO", "COMPOSER", "NPM", "NUGET", "PIPENV", "POETRY", "YARN", "GOBINARY", "GOMOD", "JAR", "OS", "PIP", "PYTHONPKG", "NODEPKG", "POM"
+    #   resp.findings[0].package_vulnerability_details.vulnerable_packages[0].package_manager #=> String, one of "BUNDLER", "CARGO", "COMPOSER", "NPM", "NUGET", "PIPENV", "POETRY", "YARN", "GOBINARY", "GOMOD", "JAR", "OS", "PIP", "PYTHONPKG", "NODEPKG", "POM", "GEMSPEC"
     #   resp.findings[0].package_vulnerability_details.vulnerable_packages[0].release #=> String
     #   resp.findings[0].package_vulnerability_details.vulnerable_packages[0].remediation #=> String
     #   resp.findings[0].package_vulnerability_details.vulnerable_packages[0].source_lambda_layer_arn #=> String
@@ -3033,6 +3158,79 @@ module Aws::Inspector2
       req.send_request(options)
     end
 
+    # Lists Amazon Inspector coverage details for a specific vulnerability.
+    #
+    # @option params [required, Types::SearchVulnerabilitiesFilterCriteria] :filter_criteria
+    #   The criteria used to filter the results of a vulnerability search.
+    #
+    # @option params [String] :next_token
+    #   A token to use for paginating results that are returned in the
+    #   response. Set the value of this parameter to null for the first
+    #   request to a list action. For subsequent calls, use the `NextToken`
+    #   value returned from the previous request to continue listing results
+    #   after the first page.
+    #
+    # @return [Types::SearchVulnerabilitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::SearchVulnerabilitiesResponse#next_token #next_token} => String
+    #   * {Types::SearchVulnerabilitiesResponse#vulnerabilities #vulnerabilities} => Array&lt;Types::Vulnerability&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.search_vulnerabilities({
+    #     filter_criteria: { # required
+    #       vulnerability_ids: ["VulnId"], # required
+    #     },
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.vulnerabilities #=> Array
+    #   resp.vulnerabilities[0].atig_data.first_seen #=> Time
+    #   resp.vulnerabilities[0].atig_data.last_seen #=> Time
+    #   resp.vulnerabilities[0].atig_data.targets #=> Array
+    #   resp.vulnerabilities[0].atig_data.targets[0] #=> String
+    #   resp.vulnerabilities[0].atig_data.ttps #=> Array
+    #   resp.vulnerabilities[0].atig_data.ttps[0] #=> String
+    #   resp.vulnerabilities[0].cisa_data.action #=> String
+    #   resp.vulnerabilities[0].cisa_data.date_added #=> Time
+    #   resp.vulnerabilities[0].cisa_data.date_due #=> Time
+    #   resp.vulnerabilities[0].cvss2.base_score #=> Float
+    #   resp.vulnerabilities[0].cvss2.scoring_vector #=> String
+    #   resp.vulnerabilities[0].cvss3.base_score #=> Float
+    #   resp.vulnerabilities[0].cvss3.scoring_vector #=> String
+    #   resp.vulnerabilities[0].cwes #=> Array
+    #   resp.vulnerabilities[0].cwes[0] #=> String
+    #   resp.vulnerabilities[0].description #=> String
+    #   resp.vulnerabilities[0].detection_platforms #=> Array
+    #   resp.vulnerabilities[0].detection_platforms[0] #=> String
+    #   resp.vulnerabilities[0].epss.score #=> Float
+    #   resp.vulnerabilities[0].exploit_observed.first_seen #=> Time
+    #   resp.vulnerabilities[0].exploit_observed.last_seen #=> Time
+    #   resp.vulnerabilities[0].id #=> String
+    #   resp.vulnerabilities[0].reference_urls #=> Array
+    #   resp.vulnerabilities[0].reference_urls[0] #=> String
+    #   resp.vulnerabilities[0].related_vulnerabilities #=> Array
+    #   resp.vulnerabilities[0].related_vulnerabilities[0] #=> String
+    #   resp.vulnerabilities[0].source #=> String, one of "NVD"
+    #   resp.vulnerabilities[0].source_url #=> String
+    #   resp.vulnerabilities[0].vendor_created_at #=> Time
+    #   resp.vulnerabilities[0].vendor_severity #=> String
+    #   resp.vulnerabilities[0].vendor_updated_at #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/inspector2-2020-06-08/SearchVulnerabilities AWS API Documentation
+    #
+    # @overload search_vulnerabilities(params = {})
+    # @param [Hash] params ({})
+    def search_vulnerabilities(params = {}, options = {})
+      req = build_request(:search_vulnerabilities, params)
+      req.send_request(options)
+    end
+
     # Adds tags to a resource.
     #
     # @option params [required, String] :resource_arn
@@ -3115,6 +3313,56 @@ module Aws::Inspector2
       req.send_request(options)
     end
 
+    # Activates, deactivates Amazon Inspector deep inspection, or updates
+    # custom paths for your account.
+    #
+    # @option params [Boolean] :activate_deep_inspection
+    #   Specify `TRUE` to activate Amazon Inspector deep inspection in your
+    #   account, or `FALSE` to deactivate. Member accounts in an organization
+    #   cannot deactivate deep inspection, instead the delegated administrator
+    #   for the organization can deactivate a member account using
+    #   [BatchUpdateMemberEc2DeepInspectionStatus][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/inspector/v2/APIReference/API_BatchUpdateMemberEc2DeepInspectionStatus.html
+    #
+    # @option params [Array<String>] :package_paths
+    #   The Amazon Inspector deep inspection custom paths you are adding for
+    #   your account.
+    #
+    # @return [Types::UpdateEc2DeepInspectionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateEc2DeepInspectionConfigurationResponse#error_message #error_message} => String
+    #   * {Types::UpdateEc2DeepInspectionConfigurationResponse#org_package_paths #org_package_paths} => Array&lt;String&gt;
+    #   * {Types::UpdateEc2DeepInspectionConfigurationResponse#package_paths #package_paths} => Array&lt;String&gt;
+    #   * {Types::UpdateEc2DeepInspectionConfigurationResponse#status #status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_ec2_deep_inspection_configuration({
+    #     activate_deep_inspection: false,
+    #     package_paths: ["Path"],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.error_message #=> String
+    #   resp.org_package_paths #=> Array
+    #   resp.org_package_paths[0] #=> String
+    #   resp.package_paths #=> Array
+    #   resp.package_paths[0] #=> String
+    #   resp.status #=> String, one of "ACTIVATED", "DEACTIVATED", "PENDING", "FAILED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/inspector2-2020-06-08/UpdateEc2DeepInspectionConfiguration AWS API Documentation
+    #
+    # @overload update_ec2_deep_inspection_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_ec2_deep_inspection_configuration(params = {}, options = {})
+      req = build_request(:update_ec2_deep_inspection_configuration, params)
+      req.send_request(options)
+    end
+
     # Specifies the action that is to be applied to the findings that match
     # the filter.
     #
@@ -3421,6 +3669,31 @@ module Aws::Inspector2
       req.send_request(options)
     end
 
+    # Updates the Amazon Inspector deep inspection custom paths for your
+    # organization. You must be an Amazon Inspector delegated administrator
+    # to use this API.
+    #
+    # @option params [required, Array<String>] :org_package_paths
+    #   The Amazon Inspector deep inspection custom paths you are adding for
+    #   your organization.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_org_ec2_deep_inspection_configuration({
+    #     org_package_paths: ["Path"], # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/inspector2-2020-06-08/UpdateOrgEc2DeepInspectionConfiguration AWS API Documentation
+    #
+    # @overload update_org_ec2_deep_inspection_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_org_ec2_deep_inspection_configuration(params = {}, options = {})
+      req = build_request(:update_org_ec2_deep_inspection_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates the configurations for your Amazon Inspector organization.
     #
     # @option params [required, Types::AutoEnable] :auto_enable
@@ -3469,7 +3742,7 @@ module Aws::Inspector2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-inspector2'
-      context[:gem_version] = '1.10.0'
+      context[:gem_version] = '1.12.0'
       Seahorse::Client::Request.new(handlers, context)
     end