creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccce7d4e068efecc2f98c385c8e5c01d969fc9bc
Anthropic-Cybersecurity-Skills/skills/performing-agentless-vulnerability-scanning/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

107 lines
3.0 KiB
Markdown
Raw Blame History

# Agentless Vulnerability Scanning - API Reference
## AWS Inspector2 (boto3)
### Enable Inspector
```python
client = boto3.client("inspector2")
client.enable(resourceTypes=["EC2", "ECR", "LAMBDA"],
accountIds=["123456789012"])
```
### Check Account Status
```python
client.batch_get_account_status(accountIds=["123456789012"])
```
### List Coverage
```python
paginator = client.get_paginator("list_coverage")
for page in paginator.paginate(
filterCriteria={"resourceType": [{"comparison": "EQUALS", "value": "AWS_EC2_INSTANCE"}]}
):
for resource in page["coveredResources"]:
print(resource["resourceId"], resource["scanStatus"]["statusCode"])
```
### List Findings
```python
paginator = client.get_paginator("list_findings")
for page in paginator.paginate(
filterCriteria={"severity": [{"comparison": "EQUALS", "value": "CRITICAL"}]}
):
for finding in page["findings"]:
print(finding["title"], finding["severity"])
```
### Finding Fields
| Field | Type | Description |
|-------|------|-------------|
| `findingArn` | string | Unique finding ARN |
| `title` | string | Vulnerability title |
| `severity` | string | CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL |
| `status` | string | ACTIVE, SUPPRESSED, CLOSED |
| `type` | string | NETWORK_REACHABILITY or PACKAGE_VULNERABILITY |
| `resources` | array | Affected AWS resources |
| `packageVulnerabilityDetails.vulnerabilityId` | string | CVE ID |
| `packageVulnerabilityDetails.cvss` | array | CVSS scores |
| `packageVulnerabilityDetails.fixedInVersion` | string | Patched version |
## Agentless Scanning via EBS Snapshots
Inspector2 supports agentless scanning by:
1. Creating EBS snapshots of instance volumes
2. Mounting snapshots in Inspector service account
3. Scanning file system for vulnerable packages
4. No agent installation required on target instances
### Create Snapshot (boto3 EC2)
```python
ec2 = boto3.client("ec2")
ec2.create_snapshot(
VolumeId="vol-xxx",
Description="Agentless scan",
TagSpecifications=[{"ResourceType": "snapshot",
"Tags": [{"Key": "Purpose", "Value": "VulnScan"}]}]
)
```
## SSM Inventory (Alternative)
AWS Systems Manager Inventory collects software inventory without custom agents:
```python
ssm = boto3.client("ssm")
ssm.get_inventory(
Filters=[{"Key": "AWS:Application.Name", "Values": ["openssl"]}]
)
```
## Scan Types
| Type | Method | Agent Required |
|------|--------|---------------|
| Inspector Classic | AWS agent | Yes |
| Inspector2 Agent | SSM agent | Yes (auto-installed) |
| Inspector2 Agentless | EBS snapshot | No |
| SSM Inventory | SSM agent | Yes |
## Output Schema
```json
{
"report": "agentless_vulnerability_scanning",
"inspector_status": {"enabled": true},
"total_resources_scanned": 50,
"uncovered_resources": 3,
"total_findings": 125,
"severity_summary": {"CRITICAL": 5, "HIGH": 30, "MEDIUM": 60, "LOW": 30}
}
```
## CLI Usage
```bash
python agent.py --region us-east-1 --severity CRITICAL HIGH --output report.json
```
Reference in New Issue View Git Blame Copy Permalink