Help Amazon Web Services Amazon Inspector
Amazon Inspector is a security assessment service that runs automated security scanning on instances, offering different rules packages for assessments. The rules package is a knowledge base of multiple rules mapped to common security best practices and vulnerability definitions, which are regularly updated.
With Site24x7's integration with Amazon Inspector, you can improve your Amazon Web Services (AWS) security by delving deeper into Inspector findings for actionable insights. Obtain real-time control over Inspector findings, and track the results over time.
Site24x7 uses various Amazon Inspector APIs to collect information. Assign the AWS managed policy ReadOnlyAccess to the Site24x7 entity (IAM user or IAM role) to help Site24x7 collect metrics and metadata. If you want to assign a custom policy, please make sure the following read-level actions are present in the policy JSON. Learn more.
Site24x7 collects the metric data for Inspector according to the polling frequency. The poll interval is one hour by default. Learn more.
Each Inspector monitor is considered a basic monitor. Learn more.
With Inspector integration, view and get alerted for Inspector findings at a resource-level of an Amazon EC2 instance, grouped according to their severity level. Learn more
When you navigate to the Inspector monitoring interface, you'll find various details based on findings like Network Reachability, Common Vulnerabilities and Exposures, Security Best Practices, and other categories supported in the AWS console.
Each category is considered a Monitor Name in the Site24x7 console and provides information on Finding Count Per Run. On clicking a Monitor Name, the following tabs appear:
Receive an overview of the Events Timeline, Top Findings, and a bar chart of the Finding Count Per Day. The Events Timeline provides a timeline of different events that have occurred for a monitor, like Down, Critical, Trouble, Maintenance, Anomaly, and Suspended. The Top Findings section provides information on the Resource Name, Type, Severity, Region, and Number of Occurrences that have been detected by Amazon Inspector.
Information on Region Details, Findings Count By Region, and Regions Count Per Day is displayed here. The Region Details section includes information on Regions, Rules Package Name, Finding Count, and Action. The Regions section helps in obtaining a region-wise overview of a particular category, say Network Reachability, and analyzing which regions have this issue.
Information on Resource Type Details, Findings Count By Type, and Resource Count Per Day is displayed here. The Resource Type Details section includes information on Resource Type, Rules Package Name, Finding Count, and Action. A pie chart of Findings Count by Type provides a resource-wise overview of each resource type and its associated count.
Threshold Configuration lets you add or edit thresholds in bulk for various child monitors that you have chosen, and according to the Finding Count configuration you set.
Statuses like Down or Trouble are displayed in the Outages tab. Details on an outage's start time, end time, duration, and comments (if any) are also provided in this section.
This is where you can configure the threshold for each Inspector monitor. The various threshold parameters that can be set include High Severity Findings, Medium Severity Findings, Findings Count By Resource Type, and Findings Count Per Day. The Polling Frequency and the Notification Profile can be set according to the user and viewed here.
This tab offers a consolidated report of the log status of various Inspector findings, which can be downloaded as a CSV file.
Help Amazon Web Services Amazon Inspector