Creating a suppression rule Viewing suppressed findings Changing suppression rules Deleting suppression rules

Suppressing Amazon Inspector findings with suppression rules

Use suppression rules to exclude findings that match criteria. For example, you can create a rule that suppresses all findings with low vulnerability scores, so you can focus only on findings that are most critical.

Note

Suppression rules are only used to filter your list of findings and don't have any impact on findings or prevent Amazon Inspector from generating findings.

If Amazon Inspector generates findings that matches a suppression rule, the findings are set to Suppressed. Findings that match a suppression rule don't appear in your list by default.

Amazon Inspector stores suppressed findings until they're remediated. Amazon Inspector detects remediated findings. When Amazon Inspector detects a remediated finding, it sets the finding to Closed and stores it for 7 days.

Suppressed findings are published to AWS Security Hub and Amazon EventBridge as events. You can automatically suppress unwanted findings in Security Hub by changing the status of the findings using an EventBridge rule. For more information, see How to create auto-suppression rules in AWS Security Hub.

You can't create a suppression rule that closes or remediates findings. You can only create a suppression rule to filter which findings appear in your list. You can view suppressed findings at any time in the Amazon Inspector console.

Note

Member accounts in an organization can't create or manage suppression rules.

Creating a suppression rule

You can create suppression rules to filter the list of findings that are shown by default. You can create a suppression rule programmatically by using the CreateFilter API and specifying SUPRESS as the value for action.

Note

Only stand alone accounts and Amazon Inspector delegated administrators can create and manage suppression rules. Members in an organization will not see an option for suppression rules in the navigation pane.

To create a suppression rule (console)

Open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home.
In the navigation pane, choose Suppression rules. Then choose Create rule.
For each criterion, do the following:
- Select the filter bar to see a list of filter criteria that you can add to your suppression rule.
- Select the filter criteria for your suppression rule.
When you have finished adding criteria, enter a name for the rule and an optional description.
Choose Save rule. Amazon Inspector immediately applies the new suppression rule and hides any findings that match the criteria.

Viewing suppressed findings

By default, Amazon Inspector does not display suppressed findings in the Amazon Inspector console. However, you can view the findings suppressed by a particular rule.

To view suppressed findings

Open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home.
In the navigation pane, select Suppression rules.
In the suppression rules list, select the title of the rule.

Changing suppression rules

You can make changes to suppression rules at any time.

To modify suppression rules

Open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home
In the navigation pane, select Suppression rules.
Select the title of the suppression rule that you want to modify.
Make the intended changes, then choose Save to update the rule.

Deleting suppression rules

You can delete suppression rules. If you delete a suppression rule, Amazon Inspector stops suppressing new and existing occurrences of findings that meet the rule criteria and that aren't suppressed by other rules.

After you delete a suppression rule, new and existing occurrences of findings that met the rule's criteria have a status of Active. This means that they appear by default on the Amazon Inspector console. In addition, Amazon Inspector publishes these findings to AWS Security Hub and Amazon EventBridge as events.

To delete a suppression rule

Open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home.
In the navigation pane, select Suppression rules.
Select the check box next to the title of the suppression rule you want to delete.
Choose Delete, and then confirm your choice to permanently delete the rule.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Filtering findings

Exporting findings reports