What is Amazon Inspector and How Does It Work?

Amazon Inspector logo - plus key features Amazon Inspector is an automated security assessment service that scans AWS workloads for vulnerabilities, misconfigurations, unintended network exposure and compliance risks, helping organizations enhance cloud security, detect threats, and meet regulatory requirements (such as ISO/IEC 27001, HIPAA, NIS 2 and SOC 2 Type 2) in real time.

Amazon Inspector discovers and scans Amazon EC2 instances, container images in Amazon ECR (Elastic Container Registry), and Lambda functions. When Inspector detects a software vulnerability or unintended network exposure, it creates a “finding”, which is a detailed report about the issue.

How to View and Manage Amazon Inspector Findings

Using native tooling you can manage findings via the Inspector console or API. Amazon also provides the Amazon Inspector dashboard which offers a high-level view of findings from across your AWS environment.

Out-of-the-box these tools require manual inspection by a human operator. If you want to automate near real-time monitoring and alerting on Inspector findings you need to tool your own integration against the API or the Amazon EventBridge. Inspector publishes findings to Amazon EventBridge as “finding” events. EventBridge is a serverless event bus service that can route findings data to targets such as AWS Lambda functions and Amazon Simple Notification Service (Amazon SNS) topics. With EventBridge, you can monitor and process findings in near-real time as part of your existing security and compliance workflows. Beyond the official documentation, some community advice on how to do this is available.

Automating Amazon Inspector Monitoring & Alerting

Many organizations prefer to adopt third-party AI-powered observability solutions such as eG Enterprise which can provide out-of-the-box monitoring, alerting and root-cause analytics on Inspector findings. Reasons to choose eG Enterprise include:

eG Innovations is an official Amazon partner and eG Enterprise is certified as Amazon Well-Architected Monitoring Solution
  • The audit trails of Inspector findings recorded by eG Enterprise ensure that you can track incidents and automate reports needed for regulatory compliance with risk management frameworks and regulations such as NIS2, DORA, ISO 27001 and so on.
  • eG Enterprise includes powerful AI-driven auto-baselining and anomaly detection so you get alerting configured out-of-the-box
  • eG Enterprise provides external visibility on cloud outages, whilst you can leverage EventBridge and Amazon’s SNS services, these can leave you blind in the event of an AWS failure. See: How to Protect your IT Ops from Cloud Outages
  • For MSPs running multi-tenant AWS deployments, eG Enterprise’s support for multi-tenancy enables them to provide per tenant / customer reports and management

How eG Enterprise Tracks Amazon Inspector Findings

eG Enterprise’s domain aware layer models for AWS now include an AWS Security layer within which AWS Inspector Findings are reported.

Figure 1: This screenshot shows where eG Enterprise reports Amazon Inspector findings – detailed root-cause diagnostics, are also available with details of the findings.

Can eG Enterprise Monitor “Amazon Inspector Classic”?

Yes, it can. Amazon Inspector Classic tests the network accessibility of your Amazon EC2 instances and the security state of your applications that run on those instances. Amazon strongly encourages users to explore and use the newer Amazon Inspector Service as described above, see: What is Amazon Inspector Classic? – Amazon Inspector Classic. However, for our customers who continue to use the “Classic” version we can offer them comparable monitoring and alerting in the same familiar single console.

Figure 2: eG Enterprise can monitor and alert on Amazon Inspector Classic alongside, and within the same friendly console as, the new Amazon Inspector.

How is Amazon Inspector different from Amazon Inspector Classic?

The new Amazon Inspector has expanded coverage to add support for container images residing in Amazon Elastic Container Registry (Amazon ECR) in addition to EC2 instances. It also offers multi-account support through integration with AWS Organizations, and continual software vulnerability and network reachability scanning based on common vulnerabilities and exposures (CVEs).

More details on this and other FAQs relating to Inspector are available, see: Automated Vulnerability Management – Inspector FAQs – AWS.

Monitor AWS and Azure Security Recommendations from One Console

Yes, eG Enterprise can monitor Azure recommendation services in a comparable manner to those in AWS, again in the same familiar, single console. Some information on how eG Enterprise monitors and alerts on security recommendations from Azure Advisor is covered in a previous article, see Azure Advisor Integration | eG Innovations.

Benefits of Automated Amazon Inspector Monitoring

Automating Amazon Inspector monitoring helps security teams move from reactive checks to continuous visibility. With eG Enterprise, Inspector findings can be surfaced in a single console, tracked alongside other infrastructure and application signals.

Faster vulnerability detection

Automated monitoring reduces the time between a new Amazon Inspector finding and the moment your team sees it. Since Inspector publishes findings to Amazon EventBridge, alerts can be triggered as soon as critical or high-severity issues appear, instead of waiting for manual review.

Reduced security risks

Early alerting helps teams respond before vulnerable workloads are exposed for too long. Amazon Inspector continuously scans EC2 instances, container images in Amazon ECR, and Lambda functions for vulnerabilities and unintended network exposure, which helps shrink the window of risk.

Improved compliance readiness

eG Enterprise monitoring supports compliance by making it easier to track findings over time. Amazon Inspector is designed to help meet compliance requirements and best practices such as NIST CSF and PCI DSS, while eG Enterprise adds centralized visibility and incident history that can support broader regulatory reporting.

Centralized security visibility

Instead of forcing teams to switch between the Inspector console, EventBridge rules, and notification tools, eG Enterprise can bring AWS Security-related findings into one operational view. That makes it easier to correlate Inspector issues with other cloud, application, and infrastructure signals in the same dashboard.

Reduced manual monitoring effort

Manual inspection of Inspector findings can become repetitive, especially in environments with many accounts, regions, and workloads. eG Enterprise helps reduce that effort by providing out-of-the-box monitoring and alerting for Inspector findings, so teams spend less time checking consoles and more time remediating issues.

eG Enterprise is an Observability solution for Modern IT. Monitor digital workspaces,
web applications, SaaS services, cloud and containers from a single pane of glass.

Related Articles

Frequently Asked Questions

About the Author

Babu is Head of Product Engineering at eG Innovations, having joined the company back in 2001 as one of our first software developers following undergraduate and masters degrees in Computer Science, he knows the product inside and out. Based within our Singapore R&D Management team, Babu has undertaken various roles in engineering and product management becoming a certified PMP along the way.