steampipe plugin install aws

Table: aws_inspector_assessment_template - Query AWS Inspector Assessment Templates using SQL

The AWS Inspector Assessment Template is a resource within AWS Inspector that helps you analyze the behavior of the applications you run on AWS and helps identify potential security issues. It automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, AWS Inspector produces a detailed list of security findings prioritized by level of severity.

Table Usage Guide

The aws_inspector_assessment_template table in Steampipe provides you with information about assessment templates within AWS Inspector. This table allows you, as a DevOps engineer, security analyst, or other technical professional, to query template-specific details, including the ARN, duration, rules package ARNs, and user attributes for findings. You can utilize this table to gather insights on assessment templates, such as identifying templates with specific rules, verifying template configurations, and more. The schema outlines the various attributes of the assessment template for you, including the template ARN, duration, rules package ARNs, user attributes for findings, and associated tags.

Examples

Basic info

Explore which AWS Inspector assessment templates are in use to understand their distribution across regions and assess how frequently they are run. This can help identify potential areas for optimizing resource usage and improving security assessment practices.

select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
region
from
aws_inspector_assessment_template;
select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
region
from
aws_inspector_assessment_template;

List assessment templates that have no assigned finding attributes

Determine the areas in which assessment templates in AWS Inspector have not been assigned any finding attributes. This is useful for identifying potential gaps in your security assessment configuration.

select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
user_attributes_for_findings,
region
from
aws_inspector_assessment_template
where
user_attributes_for_findings = '[]';
select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
user_attributes_for_findings,
region
from
aws_inspector_assessment_template
where
user_attributes_for_findings = '[]';

List assessment templates that have no assessment runs

Identify instances where certain assessment templates in your AWS Inspector setup have not been used for any assessment runs. This can help pinpoint unused resources and optimize your security assessment process.

select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
user_attributes_for_findings,
region
from
aws_inspector_assessment_template
where
assessment_run_count = 0;
select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
user_attributes_for_findings,
region
from
aws_inspector_assessment_template
where
assessment_run_count = 0;

List assessment templates with run duration less than 1 hour

Determine the areas in which assessment templates have a run duration of less than an hour, helpful for identifying any quick assessments in your AWS Inspector setup.

select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
duration_in_seconds,
region
from
aws_inspector_assessment_template
where
duration_in_seconds < 3600;
select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
duration_in_seconds,
region
from
aws_inspector_assessment_template
where
duration_in_seconds < 3600;

List assessment templates that have no assessment runs

Identify assessment templates that are yet to be used for any assessment runs. This could be useful to clean up unused resources or to pinpoint areas where assessments are not being conducted.

select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
user_attributes_for_findings,
region
from
aws_inspector_assessment_template
where
assessment_run_count = 0;
select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
user_attributes_for_findings,
region
from
aws_inspector_assessment_template
where
assessment_run_count = 0;

List assessment templates with run duration less than 1 hour

Determine the areas in which AWS Inspector Assessment templates have a run duration of less than an hour. This can be useful for identifying templates that may be completing their run too quickly, potentially missing out on thorough inspections.

select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
duration_in_seconds,
region
from
aws_inspector_assessment_template
where
duration_in_seconds < 3600;
select
name,
arn,
assessment_run_count,
created_at,
assessment_target_arn,
duration_in_seconds,
region
from
aws_inspector_assessment_template
where
duration_in_seconds < 3600;

Schema for aws_inspector_assessment_template

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntext=The ARN of the assessment template.
assessment_run_countbigintThe number of existing assessment runs associated with this assessment template.
assessment_target_arntext=The ARN of the assessment target that corresponds to this assessment template.
created_attimestamp with time zoneThe time at which the assessment template is created.
duration_in_secondsbigintThe duration in seconds specified for this assessment template.
event_subscriptionsjsonbA list of event subscriptions associated with the Assessment Template.
last_assessment_run_arntextThe Amazon Resource Name (ARN) of the most recent assessment run associated with this assessment template.
nametext=The name of the assessment template.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
rules_package_arnsjsonbThe rules packages that are specified for this assessment template.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags associated with the Assessment Template.
titletextTitle of the resource.
user_attributes_for_findingsjsonbThe user-defined attributes that are assigned to every generated finding from the assessment run that uses this assessment template.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_inspector_assessment_template