Understanding Amazon Inspector findings - Amazon Inspector
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Understanding Amazon Inspector findings

Amazon Inspector generates a finding when it detects a vulnerability in an Amazon EC2 instance, a container image in Amazon ECR, or an Amazon Lambda function. A finding is a detailed report about a vulnerability impacting one of your Amazon resources.

Findings are named after vulnerabilities and provide severity ratings, information about impacted Amazon resources, and details that describe how to remediate detected vulnerabilities. Amazon Inspector stores all of your active findings until you remediate them.

When you remediate a finding, Amazon Inspector automatically closes the finding. After 30 days, Amazon Inspector automatically deletes the finding.

Note

Amazon Inspector will reopen a closed finding within seven days of closing the finding if the issue that caused the vulnerability reoccurs.

If you disable Amazon Inspector, findings are removed after 24 hours. If a resource is terminated, any finding related to the resource is removed after seven days. If Amazon suspends your account, findings are removed after 90 days. Findings for stopped instances remain active.

Findings states

Amazon Inspector categorizes findings in the following states.

Active

Amazon Inspector categorizes a finding that hasn't been remediated as Active.

Suppressed

Amazon Inspector categorizes a finding subject to one or more suppression rules as Suppressed.

Closed

When a finding has been remediated, Amazon Inspector categorizes the finding as Closed.