DEV Community

Asanka Boteju
Asanka Boteju

Posted on

Vulnerability Management at Scale With Amazon Inspector

Amazon Inspector for automated and continues vulnerability management at scale. This includes things like Software vulnerabilities as well as unintended network exposure to outside world.

Amazon Inspector automates security scans and assessments for your applications for Software vulnerabilities (such as operating system and all installed applications) and unintended network exposure and deviations from best practices. Amazon Inspector can be enabled at AWS Organization level for multi-account management and implement automated discovery and continues scanning. This service provides you near real time findings with a inspector score denoting the severity level along with steps for remediation of the findings. Amazon Inspector can scan EC2 instances, ECR Images (Elastic Container Registry) and even Lambda functions.

The findings can be inspected via the Amazon Inspector Dashboard, integrated with other AWS services like AWS Security Hub, Amazon Event Bridge to create security workflows to apply remediation and for issue resolution.

Image description

In Amazon Inspector, a finding is a detailed report about a vulnerability that affects one of your AWS resources. Amazon Inspector generates a finding whenever it detects a vulnerability in your AWS resources. Each finding has the name of the detected vulnerability and provides a severity rating, information about the affected resource, and details such as how to remediate the reported vulnerability.

Amazon Inspector continually scans your compute environment and stores your active findings until it detects that they are remediated. A remediated finding is automatically detected and closed, and then deleted after 30 days. A finding is assigned one of the following states:

The finding is identified by Amazon Inspector and has not been remediated. Active findings are subject to suppression rules and, if applicable, the status is changed to Suppressed.

The finding meets one or more criteria of one or more suppression rules. Suppressed findings are hidden from most views, except for the Suppressed findings list.

After a vulnerability is remediated, Amazon Inspector automatically detects it and changes the state of the finding to closed. Closed findings are deleted after 30 days if there are no other changes.

With that we have come to the end of this article.

Thank you for your time...

Top comments (0)