steampipe plugin install aws

Table: aws_inspector_exclusion - Query AWS Inspector Exclusions using SQL

The AWS Inspector Exclusion is a feature of AWS Inspector, a service that helps you improve the security and compliance of applications deployed on AWS. Exclusions are defined during the assessment template creation process, and they represent a scope that is excluded from the assessment run. They are used to exclude false positives from the assessment findings, allowing you to focus on truly significant security findings.

Table Usage Guide

The aws_inspector_exclusion table in Steampipe provides you with information about exclusions within AWS Inspector. This table allows you, as a DevOps engineer, to query exclusion-specific details, including the ARN, description, and recommendation. You can utilize this table to gather insights on exclusions, such as their status, the reasons behind their exclusions, and more. The schema outlines the various attributes of the AWS Inspector exclusion for you, including the ARN, description, recommendation, and associated metadata.

Examples

Basic info

Determine the areas in which AWS Inspector exclusions are applied to gain insights into your AWS security setup. This can help in understanding the scope and impact of these exclusions within your infrastructure.

select
arn,
attributes,
description,
title,
region
from
aws_inspector_exclusion;
select
arn,
attributes,
description,
title,
region
from
aws_inspector_exclusion;

List exclusions associated with an assessment run

Identify the exclusions linked to a specific assessment run to understand the areas that were omitted during the assessment. This can be helpful in reviewing the comprehensiveness of the assessment or identifying potential blind spots.

select
arn,
attributes,
description,
title,
region
from
aws_inspector_exclusion
where
assessment_run_arn = 'arn:aws:inspector:us-east-1:012345678912:target/0-ywdTAdRg/template/0-rY1J4B4f/run/0-LRRwpQFz';
select
arn,
attributes,
description,
title,
region
from
aws_inspector_exclusion
where
assessment_run_arn = 'arn:aws:inspector:us-east-1:012345678912:target/0-ywdTAdRg/template/0-rY1J4B4f/run/0-LRRwpQFz';

Get the attribute and scope details for each exclusion

Explore the specifics of each exclusion in your AWS Inspector to understand the nature and extent of what is excluded. This can be useful in auditing your security setup, ensuring that no critical resources are accidentally excluded from inspections.

select
arn,
jsonb_pretty(attributes) as attributes,
jsonb_pretty(scopes) as scopes
from
aws_inspector_exclusion;
select
arn,
attributes,
scopes
from
aws_inspector_exclusion;

Count the number of exclusions whose type is 'Agent not found'

Determine the areas in which the number of 'Agent not found' exclusions are highest. This helps in identifying regions that might have connectivity issues or where agents are not deployed properly.

select
arn,
region,
title,
count(arn)
from
aws_inspector_exclusion
group by
arn,
region,
title
order by
count desc;
select
arn,
region,
title,
count(arn)
from
aws_inspector_exclusion
group by
arn,
region,
title
order by
count(arn) desc;

Get the exclusion details of each assessment template that have run at least once

Identify instances where specific assessment templates have been used at least once, and gain insights into the exclusions related to each of these templates. This is useful to understand which templates are commonly used and to review the exclusions associated with them for better resource management.

select
e.arn,
e.title,
jsonb_pretty(e.attributes) as attributes,
e.recommendation
from
aws_inspector_exclusion e,
aws_inspector_assessment_run r,
aws_inspector_assessment_template t
where
e.assessment_run_arn = r.arn
and r.assessment_template_arn = t.arn;
select
e.arn,
e.title,
e.attributes,
e.recommendation
from
aws_inspector_exclusion e,
aws_inspector_assessment_run r,
aws_inspector_assessment_template t
where
e.assessment_run_arn = r.arn
and r.assessment_template_arn = t.arn;

Schema for aws_inspector_exclusion

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe ARN that specifies the exclusion.
assessment_run_arntext=The ARN that specifies the assessment run, the exclusion belongs to.
attributesjsonbThe system-defined attributes for the exclusion.
descriptiontextThe description of the exclusion.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
recommendationtextThe recommendation for the exclusion.
regiontextThe AWS Region in which the resource is located.
scopesjsonbThe AWS resources for which the exclusion pertains.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_inspector_exclusion