An introduction to AWS Inspector for EC2 / ECR/Lambda vulnerability scanning

Introduction:

In this Article, I will show you how you can use AWS Inspector to scan your cloud resources( EC2 /ECR/Lambda), so that we have a high-level understanding of how AWS Inspector works and allow us to navigate comfortably. The other objective of this Article is to give you an understanding of vulnerability findings in your software and why they are important in security, specifically vulnerability management of applications.

What is Amazon Inspector?

AWS Inspector is a vulnerability scanning service by AWS that is used to scan EC2 instances, container images, and Lambda functions. Its findings will report vulnerabilities known as CVE’s (Common Vulnerabilities and Exposure) which are computer security flaws that are made public with the intention of bringing awareness and transparency.

What are CVE’s?

The US Government maintains a database of vulnerabilities with data such as risk score, product name, references, remediation and more. This database is known as the National Vulnerability Database(NVD) and is the source for many companies when trying to understand the impact of each vulnerability. Amazon Inspector uses the NVD score in many of its vulnerabilities.

A CVE naming convention will normally start with CVE followed by the year the vulnerability was discovered and then followed by a unique order number. Additionally, a profile of the vulnerability such as the severity, and in some cases how to “remediate” is updated frequently to keep users informed.

How to enable Amazon Inspector

Login to your AWS account using your admin account or an account that has admin privileges to enable the service and navigate to Inspector. Once in Inspector, on the left side you will see “Switch to Inspector Classic” which is an older version of Inspector that has been replaced with Inspector v2. You will see the button to Activate Inspector, click on that button. If this is your first time enabling, you get a 15-day free trial.

Once in Inspector, you will see the Inspector dashboard with a summary view with a readout of Environment coverage, Critical findings, and Risk based remediations.

On the left side, you will see Findings with different breakdowns such as by vulnerability, by instance, etc.

below is the details of vulnerability and you can check on CVE and remediation info.

Conclusion

I hope you have found this useful. The intent was to give an overview of AWS Inspector so that you can start playing around with it.