Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.
Amazon Inspector performs security scans on EC2 instances and VPCs.
- Use up-to-date common vulnerabilities and exposures (CVE) information.
- Inspector produces a detailed list of security vulnerabilities prioritized by level of severity.
- Detailed assessment reports are available via the Amazon Inspector console or API.
There are two types of Assessment
- Network Assessment
- Network configuration analysis
- Check ports reachable from outside of the VPC
- An Inspector agent is not required.
- Host Assessment
- Check common vulnerabilities and exposures (CVE), host hardening (Center for Internet Security – CIS – Benchmarks), and security best practices
- An Inspector agent is required.
How it works
- Create assessment target
- Install agents on EC2 instances
- Crete assessment template
- Perform assessment
- Review the reports
- Quickly discover vulnerabilities
- Prioritize vulnerable resources
- Meet compliance requirements