Amazon Inspector

Amazon Inspector

  • Amazon Inspector is a vulnerability management service that continuously scans the AWS workloads for vulnerabilities
  • Inspector automatically discovers and scans EC2 instances and container images residing in Elastic Container Registry (ECR) for software vulnerabilities and unintended network exposure.
  • Inspector creates a finding, when a software vulnerability or network issue is discovered, that describes the vulnerability, rates its severity, identifies the affected resource,  and provides remediation guidance.
  • Inspector is a Regional service.
  • Inspector requires Systems Manager (SSM) agent to be installed and enabled.

AWS Inspector Features

  • Continuously scan environments for vulnerabilities and network exposure
    • Inspector automatically discovers and begins scanning the eligible resources without the need to manually schedule or configure assessment scans.
  • Assess vulnerabilities accurately with the Amazon Inspector Risk score
    • Inspector collects information about the environment through scans, it provides severity scores specifically tailored to the environment.
  • Identify high-impact findings with the Amazon Inspector dashboard
    • Amazon Inspector dashboard offers a high-level view of findings from across your environment.
  • Manage your findings using customisable views
    • Inspector console offers a Findings view
    • Users can use filters and suppression rules to generate customised finding reports
  • Monitor and process findings with other services and systems
    • Inspector publishes findings to
      • EventBridge, which can then be monitored and processed in near-real time as part of the existing security and compliance workflows or routed to SNS, Lambda etc.
      • Security Hub.

Inspector Finding Types

  • Package Vulnerability
    • Package vulnerability findings identify software packages in the environment that are exposed to common vulnerabilities and exposures (CVEs).
    • Package vulnerability findings are generated for both EC2 instances and ECR container images.
  • Network Vulnerability
    • Network reachability findings indicate that there are allowed network paths to Amazon EC2 instances in your environment.
    • Network reachability findings are only generated for EC2 resources.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities?
    1. AWS Trusted Advisor
    2. AWS Inspector
    3. AWS WAF
    4. AWS Shield
  2. Your company has a set of AWS resources which consists of EC2 Instances. The Security departments need to run vulnerability analysis on these machines to ensure that the Instances comply with the latest security standards. Which of the following would you implement for this requirement?
    1. AWS WAF
    2. AWS Snowball
    3. AWS CloudFront
    4. AWS Inspector

References

Amazon_Inspector