Managing findings in Amazon Inspector

Amazon Inspector offers several ways to sort, group, and manage your findings. These features help you tailor findings to your environment, aggregate findings by different views, and focus on vulnerabilities to your specific AWS environment.

Findings appear in various views based on their state: active, suppressed, or closed. By default, each view shows only active findings. An active finding represents a potential security issue detected by Amazon Inspector that indicates a vulnerability or potential threat. Suppressed findings are active findings that you have excluded using suppression rules. Amazon Inspector automatically sets a finding's status to closed when it detects that the finding is remediated. You do not manually close findings.

You can also view findings in AWS Security Hub, a service that provides a comprehensive view of your security state across your AWS environment. For more information, see Amazon Inspector integration with AWS Security Hub. Container image findings are also available in the Amazon ECR console, and you can view findings for all resources using the AWS Command Line Interface (AWS CLI) or API.

Topics

• Viewing Amazon Inspector findings
• Filtering Amazon Inspector findings
• Suppressing Amazon Inspector findings with suppression rules
• Exporting findings reports from Amazon Inspector
• Creating custom responses to Amazon Inspector findings with Amazon EventBridge