Amazon Inspector finding details - Amazon Inspector
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Inspector finding details

In the Amazon Inspector console, you can view details for each finding. Finding details vary based on finding type.

To view the details for a finding

  1. Sign in using your credentials, and then open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home

  2. Select the Region to view findings in.

  3. In the navigation pane, choose Findings to display the findings list

  4. (Optional) Use the filter bar to select a specific finding. For more information, see Filtering Amazon Inspector findings.

  5. Choose a finding to view its details panel.

The Finding details panel contains the basic identifying features of the finding. This includes the title of the finding as well as a basic description of the vulnerability identified, remediation suggestions, and a severity score. For information about scoring, see Severity levels for Amazon Inspector findings.

The details available for a finding varies depending on finding type and the Resource affected.

All findings contain the Amazon Web Services account ID number the finding was identified for, a severity, a finding Type, the date the finding was created at, and a Resource affected section with details about that resource.

The finding Type determines the remediation and vulnerability intelligence information available for the finding. Depending on the finding type, different finding details are available.

Package Vulnerability

Package vulnerability findings are available for EC2 instances, ECR container images, and Lambda functions. See Package vulnerability for more info.

Package vulnerability findings also include Amazon Inspector score and vulnerability intelligence.

This finding type has the following details:

  • Fix available – Indicates if the vulnerability is fixed in a newer version of the affected packages. Has one of the following values:

    • YES, which means all the affected packages have a fixed version.

    • NO, which means no affected packages have a fixed version.

    • PARTIAL, which means one or more (but not all) of the affected packages have a fixed version.

  • Exploit available – Indicates the vulnerability has a known exploit.

    • YES, which means the vulnerability discovered in your environment has a known exploit. Amazon Inspector doesn't have visibility into the use of exploits in an environment.

    • NO, which means this vulnerability doesn't have a known exploit.

  • Affected packages – Lists each package identified as vulnerable in the finding, and the details of each package:

  • Filepath – The EBS volume ID and partition number associated with a finding. This field is present in findings for EC2 instances scanned using Agentless scanning.

  • Installed version / Fixed version – The version number of the currently installed package that a vulnerability was detected for. Compare the installed version number with the value after the slash (/). The second value is the version number of the package that fixes the detected vulnerability as provided by the Common Vulnerabilities and Exposures (CVEs) or advisory associated with the finding. If the vulnerability has been fixed in multiple versions, this field lists the most recent version that includes the fix. If a fix isn't available, this value is None available.

    Note

    If a finding was detected before Amazon Inspector began including this field in findings, the value for this field is empty. However, a fix may be available.

  • Package manager – The package manager used to configure this package.

  • Remediation – If a fix is available through an updated package or programming library, this section includes the commands that you can run to make the update. You can copy the provided command and run it in your environment.

    Note

    Remediation commands are provided from vendor data feeds and may vary depending on your system configuration. Review finding references or operating system documentation for more specific guidance.

  • Vulnerability details – provides a link to the Amazon Inspector preferred source for the CVE identified in the finding, such as National Vulnerability Database (NVD), REDHAT, or another OS vendor. Additionally, you will find the severity scores for the finding. For more information about severity scoring such as, see Severity levels for Amazon Inspector findings. The following scores are included, including the scoring vectors for each:

    • EPSS score

    • Inspector score

    • CVSS 3.1 from Amazon CVE

    • CVSS 3.1 from NVD

    • CVSS 2.0 from NVD (where applicable, for older CVEs)

  • Related vulnerabilities – Specifies other vulnerabilities related to the finding. Typically these are other CVEs that impact the same package version, or other CVEs within the same group as the finding CVE, as determined by the vendor.

Code vulnerability

Code vulnerability findings are available for Lambda functions only. See Code vulnerability for more info. This finding type has the following details:

  • Fix available – For code vulnerabilities this value is always YES.

  • Detector name – The name of the CodeGuru detector used to detect the code vulnerability. For a list of possible detections, see the CodeGuru Detector Library.

  • Detector tags – The CodeGuru tags associated with the detector, CodeGuru uses tags to categorize detections.

  • Relevant CWE – IDs of the Common Weakness Enumeration (CWE)s associated with the code vulnerability.

  • File path – The file location of the code vulnerability.

  • Vulnerability location – For Lambda code scanning code vulnerabilities, this field shows the exact lines of code where Amazon Inspector found the vulnerability.

  • Suggested remediation – This suggests how the code can be edited to remediate the finding.