What is Amazon Inspector? Monitoring and Alerting with Amazon Inspector

What is Amazon Inspector?

Amazon Inspector is an automated security assessment service that scans AWS workloads for vulnerabilities, misconfigurations, unintended network exposure and compliance risks, helping organizations enhance cloud security, detect threats, and meet regulatory requirements (such as ISO/IEC 27001, HIPAA, NIS 2 and SOC 2 Type 2) in real time.

Amazon Inspector discovers and scans Amazon EC2 instances, container images in Amazon ECR (Elastic Container Registry), and Lambda functions. When Inspector detects a software vulnerability or unintended network exposure, it creates a “finding”, which is a detailed report about the issue.

How to Access Amazon Inspector Findings

Using native tooling you can manage findings via the Inspector console or API. Amazon also provides the Amazon Inspector dashboard which offers a high-level view of findings from across your AWS environment.

Out-of-the-box these tools require manual inspection by a human operator. If you want to automate near real-time monitoring and alerting on Inspector findings you need to tool your own integration against the API or the Amazon EventBridge. Inspector publishes findings to Amazon EventBridge as “finding” events. EventBridge is a serverless event bus service that can route findings data to targets such as AWS Lambda functions and Amazon Simple Notification Service (Amazon SNS) topics. With EventBridge, you can monitor and process findings in near-real time as part of your existing security and compliance workflows. Beyond the official documentation, some community advice on how to do this is available, for example:

• json – EventBridge Event Pattern for Inspector events from last 24 hours – Stack Overflow
• Inspector Findings : r/aws
• amazon web services – Get AWS Inspector findings report from AWS Inspector in mail – Stack Overflow

Simple GUI, Ready-to-go Monitoring and Alerting for Amazon Inspector

Many organizations prefer to adopt third-party AI-powered observability solutions such as eG Enterprise which can provide out-of-the-box monitoring, alerting and root-cause analytics on Inspector findings. Reasons to choose eG Enterprise include:

• • Removes the need to build and maintain bespoke tooling and the skilled staffing requirements associated
  • Supports cloud-agnostic, multi-cloud, cloud-exit and hybrid cloud strategies, a AI-powered observability solution such as eG Enterprise supports over 650 application, infrastructure and technology stacks. So, if in the future your platform needs move away from AWS you will not need to build yet another platform-specific monitoring stack

  • eG Enterprise already integrates with a vast range of ITSM and notification systems so you can track security issues raised by Inspector in your preferred system (or even multiple systems)

• The audit trails of Inspector findings recorded by eG Enterprise ensure that you can track incidents and automate reports needed for regulatory compliance with risk management frameworks and regulations such as NIS2, DORA, ISO 27001 and so on.
• eG Enterprise includes powerful AI-driven auto-baselining and anomaly detection so you get alerting configured out-of-the-box
• eG Enterprise provides external visibility on cloud outages, whilst you can leverage EventBridge and Amazon’s SNS services, these can leave you blind in the event of an AWS failure. See: How to Protect your IT Ops from Cloud Outages
• For MSPs running multi-tenant AWS deployments, eG Enterprise’s support for multi-tenancy enables them to provide per tenant / customer reports and management

How eG Enterprise Tracks Amazon Inspector Findings

eG Enterprise’s domain aware layer models for AWS now include an AWS Security layer within which AWS Inspector Findings are reported.

Can eG Enterprise Monitor “Amazon Inspector Classic”?

Yes, it can. Amazon Inspector Classic tests the network accessibility of your Amazon EC2 instances and the security state of your applications that run on those instances. Amazon strongly encourages users to explore and use the newer Amazon Inspector Service as described above, see: What is Amazon Inspector Classic? – Amazon Inspector Classic. However, for our customers who continue to use the “Classic” version we can offer them comparable monitoring and alerting in the same familiar single console.

Can eG Enterprise also Monitor Recommendations for the Microsoft Azure Cloud?

Yes, eG Enterprise can monitor Azure recommendation services in a comparable manner to those in AWS, again in the same familiar, single console. Some information on how eG Enterprise monitors and alerts on security recommendations from Azure Advisor is covered in a previous article, see Azure Advisor Integration | eG Innovations.

Related Articles

• If you’d like to explore how Advanced AWS Monitoring Solutions can help you go beyond native cloud capabilities and provide automated AI-powered correlation between Applications, User Experience and Amazon’s AWS platform / services, please see: How to Achieve Full Observability in the Cloud: Nine Practical Steps to Go Beyond Cloud-Native Monitoring.
• Learn more about our partnerships with Amazon, see: eG Innovations achieves Amazon Web Services (AWS) Digital Workplace Competency status | eG Innovations
• If you are an SRE, IT Sys Admin, DevOps or generally just interested in IT Operational Resilience using AIOps, please see: How to Protect your IT Ops from Cloud Outages.
• Take a quick look at some of our Amazon infrastructure dashboards, see: AWS monitoring dashboards for EC2, EBS, RDS and S3