Help Docs

Amazon Inspector Classic integration

Amazon Inspector Classic is a security assessment service that runs automated security scanning on instances, offering different rules packages for assessments. The rules package is a knowledge base of multiple rules mapped to common security best practices and vulnerability definitions, which are regularly updated.

With Site24x7's integration with Amazon Inspector Classic, you can improve your Amazon Web Services (AWS) security by delving deeper into Inspector findings for actionable insights. Obtain real-time control over Inspector findings, and track the results over time.

Note

Currently, Site24x7 supports Amazon Inspector Classic, while the Amazon Inspector V2 is not yet supported.

Setup and configuration

  1. If you haven't already, enable access to your AWS resources between your AWS account and Site24x7's AWS account by either:
    • Creating Site24x7 as an IAM user, or
    • Creating a cross-account IAM role. Learn more.
  2. On the Integrate AWS Account page, select Inspector from the Services to be discovered field. Learn more.

Policy and permissions

Site24x7 uses various Amazon Inspector Classic APIs to collect information. Assign the AWS managed policy ReadOnlyAccess to the Site24x7 entity (IAM user or IAM role) to help Site24x7 collect metrics and metadata. If you want to assign a custom policy, please make sure the following read-level actions are present in the policy JSON. Learn more.

  • "inspector:ListFindings",
  • "inspector:ListRulesPackages",
  • "inspector:ListAssessmentTemplates",
  • "inspector:DescribeFindings",
  • "inspector:DescribeRulesPackages",
  • "inspector:DescribeAssessmentTemplates"

Polling Frequency

Site24x7 collects the metric data for Inspector according to the polling frequency. The poll interval is one hour by default. Learn more.

Supported metrics

Metric Name Description Statistics Unit
Finding Count Per Run Number of findings detected during an assessment run Maximum Count
High Severity Findings Number of high severity findings detected Maximum Count
Medium Severity Findings Number of medium severity findings detected Maximum Count
Low Severity Findings Number of low severity findings detected Maximum Count
Findings Count By Resource Type Number of findings detected for a resource type Maximum Count
Findings Count By Region Number of findings detected for a region Maximum Count
Findings Count By Action Number of findings detected for an action type Maximum Count

Threshold configuration

To configure thresholds for your Inspector monitor:

  1. Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
  2. Click Add Threshold Profile.
  3. Select Inspector from the Monitor Type drop-down menu.
  4. Provide an appropriate name in the Display Name field.

The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics listed above.

Licensing

Each Inspector monitor is considered a basic monitor

EC2 Security Findings

With Inspector integration, view and get alerted for Inspector findings at a resource-level of an Amazon EC2 instance, grouped according to their severity level. Learn more

Site24x7's Amazon Inspector Classic monitoring interface

When you navigate to the Inspector monitoring interface, you'll find various details based on findings like Network Reachability, Common Vulnerabilities and Exposures, Security Best Practices, and other categories supported in the AWS console.

Each category is considered a Monitor Name in the Site24x7 console and provides information on Finding Count Per Run. On clicking a Monitor Name, the following tabs appear:

Inspector Summary

Receive an overview of the Events Timeline, Top Findings, and a bar chart of the Finding Count Per Day. The Events Timeline provides a timeline of different events that have occurred for a monitor, like Down, Critical, Trouble, Maintenance, Anomaly, and Suspended. The Top Findings section provides information on the Resource Name, Type, Severity, Region, and Number of Occurrences that have been detected by Amazon Inspector.

Regions

Information on Region Details, Findings Count By Region, and Regions Count Per Day is displayed here. The Region Details section includes information on Regions, Rules Package Name, Finding Count, and Action. The Regions section helps in obtaining a region-wise overview of a particular category, say Network Reachability, and analyzing which regions have this issue.

Resource Types

Information on Resource Type Details, Findings Count By Type, and Resource Count Per Day is displayed here. The Resource Type Details section includes information on Resource Type, Rules Package Name, Finding Count, and Action. A pie chart of Findings Count by Type provides a resource-wise overview of each resource type and its associated count.

Threshold Configuration lets you add or edit thresholds in bulk for various child monitors that you have chosen, and according to the Finding Count configuration you set.

Outages

Statuses like Down or Trouble are displayed in the Outages tab. Details on an outage's start time, end time, duration, and comments (if any) are also provided in this section.

Inventory

This is where you can configure the threshold for each Inspector monitor. The various threshold parameters that can be set include High Severity Findings, Medium Severity Findings, Findings Count By Resource Type, and Findings Count Per Day. The Polling Frequency and the Notification Profile can be set according to the user and viewed here.

Log Report

This tab offers a consolidated report of the log status of various Inspector findings, which can be downloaded as a CSV file.

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!