With plerion assets, you can query your cloud asset inventory, retrieve details for individual assets, and download Software Bills of Materials (SBOMs).
Synopsis
plerion assets <subcommand> [options]
Subcommands
list
List cloud assets with filtering.
plerion assets list [options]
Options
| Flag | Type | Description |
|---|
--provider | string | Cloud provider: AWS, Azure, GCP, Kubernetes (case-insensitive) |
--region | string | Cloud region(s) |
--resource-type | string | Resource type (e.g. AWS::EC2::Instance) |
--service | string | Service filter (e.g. AWS::S3) |
--severity | string | Vulnerability severity levels |
--ids | string | Filter by asset IDs (comma-separated) |
--execution-id | string | Filter by execution IDs (comma-separated) |
--integration-id | string | Filter by integration IDs (comma-separated) |
--asset-group-id | string | Filter by asset group IDs (comma-separated) |
--environment-id | string | Filter by environment IDs or names (comma-separated) |
--is-publicly-exposed | flag | Show only publicly exposed assets |
--is-vulnerable | flag | Show only assets with vulnerabilities |
--is-exploitable | flag | Only exploitable assets |
--has-kev | flag | Show only assets with CISA KEV vulnerabilities |
--has-exploit | flag | Show only assets with known exploits |
--has-admin-privileges | flag | Show only assets with admin privileges |
--has-overly-permissive-privileges | flag | Only assets with overly permissive privileges |
--is-susceptible-to-privilege-escalation | flag | Only assets susceptible to privilege escalation |
--risk-score-gte | float | Minimum risk score (0-10) |
--secrets-level | string | CRITICAL, HIGH, MEDIUM, LOW (comma-separated) |
--query-string | string | Filter by asset name substring |
--metadata | string | Substring search against asset metadata |
--operational-state | string | active or inactive |
--first-observed-at-start | string | First observed start date (ISO 8601) |
--first-observed-at-end | string | First observed end date (ISO 8601) |
--sort-by | string | Sort field |
--sort-order | string | asc or desc |
--per-page | number | Results per page (default: 50, max: 1000) |
--all | flag | Fetch all pages automatically |
get
Get full details for a single asset.
plerion assets get --asset-id <asset-id> [--include <fields>]
Options
| Flag | Type | Description |
|---|
--include | string | Include additional data (e.g. rawData) |
get-sbom
Get the Software Bill of Materials (SBOM) for an asset.
plerion assets get-sbom --asset-id <asset-id>
The SBOM response includes a pre-signed download URL. Use --output json to extract the URL programmatically.
Examples
# Publicly exposed assets
plerion assets list --is-publicly-exposed
# High-risk AWS EC2 instances
plerion assets list --provider AWS --resource-type AWS::EC2::Instance --risk-score-gte 8.0
# Assets with CISA KEV vulnerabilities
plerion assets list --has-kev --output table
# Get full asset details
plerion assets get --asset-id prn:assets:abc123
# Get SBOM for an asset
plerion assets get-sbom --asset-id prn:assets:abc123 --output json
# Export all assets
plerion assets list --all --output json > assets.json
Output columns
Table output includes all fields returned by the API:
| Column | Description |
|---|
| ID | Asset ID |
| NAME | Asset name |
| TYPE | Asset type |
| PROVIDER | Cloud provider (AWS, Azure, GCP) |
| REGION | Cloud region |
| SERVICE | Cloud service |
| RESOURCE TYPE | Resource type (e.g. AWS::EC2::Instance) |
| RESOURCE ID | Provider resource ID |
| RESOURCE NAME | Resource name |
| FULL RESOURCE NAME | Full resource name |
| RISK SCORE | Numeric risk score |
| VULN SCORE | Vulnerability score |
| PUBLIC | Whether publicly exposed |
| VULNERABLE | Whether has vulnerabilities |
| KEV | Has CISA Known Exploited Vulnerability |
| EXPLOIT | Has known exploit |
| EXPLOITABLE | Whether exploitable |
| IN VPC | Whether inside a VPC |
| ADMIN PRIVS | Has admin privileges |
| OVERLY PERMISSIVE | Has overly permissive privileges |
| AUTHORIZER | Has an authorizer |
| TRACING | Has tracing enabled |
| STATE | Operational state (active, inactive) |
| PLATFORM | Platform (e.g. OS, runtime) |
| IMAGE ID | Container/AMI image ID |
| INTEGRATION ID | Integration ID |
| ACCOUNT ID | Cloud account/subscription ID |
| EXECUTION ID | Scan execution ID |
| CRITICAL/HIGH/MEDIUM/LOW VULNS | Vulnerability counts by severity |
| CRITICAL/HIGH/MEDIUM/LOW SECRETS | Secret counts by severity |
| RESOURCE URL | Link to resource in cloud console |
| FIRST OBSERVED | Timestamp first detected |
| LAST OBSERVED | Timestamp last detected |
| CREATED AT | Record creation timestamp |
| UPDATED AT | Record update timestamp |
| LAST SCANNED | Last scan timestamp |
| SCHEMA VERSION | API schema version |
