-
Notifications
You must be signed in to change notification settings - Fork 3
/
inspector-findings-summary.py
executable file
·83 lines (71 loc) · 2.15 KB
/
inspector-findings-summary.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/env python
# summarize AWS Inspector findings
# Usage:
#
# inspector-findings-summary.py AssessmentRunArn1 AssessmentRunArn2 ...
#
import boto3
from pprint import pprint
import sys
sample_arn = 'arn:aws:inspector:us-east-1:095493758574:target/0-upam1Mi6/template/0-nyZxudNI/run/0-B61BZFB3'
runs = []
if len(sys.argv) < 2:
print("Usage:\n\ninspector-findings-summary.py AssessmentRunArn1 AssessmentRunArn2 ...")
sys.exit()
else:
runs = sys.argv[1:len(sys.argv)]
# print("Using Assessment Run Arns:")
# pprint(runs)
client = boto3.client('inspector')
# ec2 = boto3.resource('ec2')
next_token = None
findings = []
while True:
if next_token is not None:
r = client.list_findings(
assessmentRunArns = runs,
nextToken= next_token,
maxResults=999
)
else:
r = client.list_findings(assessmentRunArns = runs, maxResults = 999)
findings = findings + r['findingArns']
if 'nextToken' in r:
next_token = r['nextToken']
else:
break
print('Total Findings: {}'.format(len(findings)))
start = 0
details = []
while start < len(findings):
end = min(start + 99, len(findings))
# print(f'start: {start} end: {end}')
r = client.describe_findings(
findingArns=findings[start:end],
locale='EN_US'
)
details = details + r['findings']
start += 100
# pprint(details)
instances = {}
severity_types = {'High', 'Medium', 'Low', 'Informational'}
for f in details:
id = f['assetAttributes']['agentId']
name = id
for t in f['assetAttributes']['tags']:
if t['key'] == 'Name':
name = t['value']
break;
record = instances.get(id, { 'findings': [] })
record['findings'].append(f)
record['name'] = name
severity = f['severity']
severity_types.add(severity)
record[severity] = record.get(severity, 0) + 1
instances[id] = record
for id,record in instances.items():
print('Instance: {} ({})'.format(record["name"], id))
print('\tTotal findings: {}'.format(len(record["findings"])))
# i = ec2.Instance(id)
for s in severity_types:
print('\t{}: {}'.format(s, record.get(s, 0)))