Menu
Amazon Inspector
User Guide (Version Latest)

Amazon Inspector Findings

Findings are potential security issues discovered during the Amazon Inspector's assessment of the selected assessment target. Findings are displayed in the Amazon Inspector console or via the API, and contain both a detailed description of the security issues and recommendations for resolving them.

Once Amazon Inspector generates the findings, you can track them by assigning Amazon Inspector-specific attributes to them. These attributes consist of key-value pairs.

Tracking findings with attributes can be quite useful for driving the workflow of your security strategy. For example, once you create and run an assessment, it generates a list of findings of various severity, urgency, and interest to you, based on your security goals and approach. You might want to follow one finding's recommendation steps right away to resolve a potentially urgent security issue. And you might want to postpone resolving another finding until your next upcoming service update. For example, to track a finding to resolve right away, you can create and assign to a finding an attribute with a key-value pair of Status / Urgent. You could also use attributes to distribute the workload of resolving potential security issues. For example, to give Bob (who is a security engineer on your team) the task of resolving a finding, you can assign to a finding an attribute with a key-value pair of Assigned Engineer / Bob.

Working with Findings

Complete the following procedure on any of the generated Amazon Inspector findings:

To locate, analyze, and assign attributes to findings

  1. Sign in to the AWS Management Console and open the Amazon Inspector console at https://console.aws.amazon.com/inspector/.

  2. After you run an assessment, navigate to the Findings page in the Amazon Inspector console to view your findings.

    You can also see your findings in the Notable Findings section on the Dashboard page of the Amazon Inspector console.

    Note

    You cannot view the findings generated by an assessment run while it is still in progress. However, you can view a subset of findings if you stop the assessment before it completes its duration. In a production environment, we recommend that you let every assessment run through its entire duration so that it can produce a full set of findings.

  3. To view the details of a specific finding, choose the Expand widget next to that finding. The details of the finding include the following:

    • Name of the assessment target that includes the EC2 instance where this finding was registered

    • Name of the assessment template that was used to produce this finding

    • Assessment run start time

    • Assessment run end time

    • Assessment run status

    • Name of the rules package that includes the rule that triggered this finding

    • Name of the finding

    • Severity of the finding

    • Description of the finding

    • Recommended steps that you can complete to fix the potential security issue described by the finding

  4. To assign attributes to a finding, choose a finding, and then choose Add/Edit Attributes.

    You can also assign attributes to findings as you create a new assessment template by configuring the new template to automatically assign attributes to all findings generated by the assessment run. To do this, you can use the Key and Value fields from the Tags for findings from this assessment field. For more information, see Amazon Inspector Assessment Templates and Assessment Runs.

  5. To export findings to a spreasheet, click the down arrow button located in the upper right corner of the Amazon Inspector - Findings page. Then, in the pop up window, choose to Export all columns or to Export visible columns.

  6. To show or hide columns for the generated findings and to filter through the generated findings, click the settings wheel icon located in the upper right corner of the Amazon Inspector - Findings page.

On this page: