Amazon Inspector integration

Amazon Inspector is a security assessment service that runs automated security scanning on instances, offering different rules packages for assessments. The rules package is a knowledge base of multiple rules mapped to common security best practices and vulnerability definitions, which are regularly updated.

With Site24x7's integration with Amazon Inspector, you can improve your Amazon Web Services (AWS) security by delving deeper into Inspector findings for actionable insights. Obtain real-time control over Inspector findings, and track the results over time.

Setup and configuration

  1. If you haven't already, enable access to your AWS resources between your AWS account and Site24x7's AWS account by either:
    • Creating Site24x7 as an IAM user, or
    • Creating a cross-account IAM role. Learn more.
  2. On the Integrate AWS Account page, check the appropriate checkbox named Inspector. Learn more.

Policy and permissions

Site24x7 uses various Amazon Inspector APIs to collect information. Assign the AWS managed policy ReadOnlyAccess to the Site24x7 entity (IAM user or IAM role) to help Site24x7 collect metrics and metadata. If you want to assign a custom policy, please make sure the following read-level actions are present in the policy JSON. Learn more.

  • inspector:ListFindings
  • inspector:ListRulesPackages
  • inspector:DescribeFindings
  • inspector:DescribeRulesPackages

Polling Frequency

Site24x7 collects the metric data for Inspector according to the polling frequency. The poll interval is one hour by default. Learn more.

Licensing

Each Inspector monitor is considered a basic monitor. Learn more.

EC2 Security Findings

With Inspector integration, view and get alerted for Inspector findings at a resource-level of an Amazon EC2 instance, grouped according to their severity level. Learn more

Site24x7's Amazon Inspector monitoring interface

When you navigate to the Inspector monitoring interface, you'll find various details based on findings like Network Reachability, Common Vulnerabilities and Exposures, Security Best Practices, and other categories supported in the AWS console.

Categorization of Inspector Findings

Each category is considered a Monitor Name in the Site24x7 console and provides information on Finding Count Per Run. On clicking a Monitor Name, the following tabs appear:

Inspector Summary

Receive an overview of the Events Timeline, Top Findings, and a bar chart of the Finding Count Per Day. The Events Timeline provides a timeline of different events that have occurred for a monitor, like Down, Critical, Trouble, Maintenance, Anomaly, and Suspended. The Top Findings section provides information on the Resource Name, Type, Severity, Region, and Number of Occurrences that have been detected by Amazon Inspector.

Regions

Information on Region Details, Findings Count By Region, and Regions Count Per Day is displayed here. The Region Details section includes information on Regions, Rules Package Name, Finding Count, and Action. The Regions section helps in obtaining a region-wise overview of a particular category, say Network Reachability, and analyzing which regions have this issue.

Resource Types

Information on Resource Type Details, Findings Count By Type, and Resource Count Per Day is displayed here. The Resource Type Details section includes information on Resource Type, Rules Package Name, Finding Count, and Action. A pie chart of Findings Count by Type provides a resource-wise overview of each resource type and its associated count.

Threshold Configuration lets you add or edit thresholds in bulk for various child monitors that you have chosen, and according to the Finding Count configuration you set.

Outages

Statuses like Down or Trouble are displayed in the Outages tab. Details on an outage's start time, end time, duration, and comments (if any) are also provided in this section.

Inventory

This is where you can configure the threshold for each Inspector monitor. The various threshold parameters that can be set include High Severity Findings, Medium Severity Findings, Findings Count By Resource Type, and Findings Count Per Day. The Polling Frequency and the Notification Profile can be set according to the user and viewed here.

Log Report

This tab offers a consolidated report of the log status of various Inspector findings, which can be downloaded as a CSV file.

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.