Understanding Amazon Inspector findings
Amazon Inspector generates a finding when it detects a vulnerability in an Amazon EC2 instance, a container image in Amazon ECR, or an AWS Lambda function. A finding is a detailed report about a vulnerability impacting one of your AWS resources.
Findings are named after vulnerabilities and provide severity ratings, information about impacted AWS resources, and details that describe how to remediate detected vulnerabilities. Amazon Inspector stores all of your active findings until you remediate them.
When you remediate a finding, Amazon Inspector automatically closes the finding. After seven days, Amazon Inspector automatically deletes the finding.
Note
Amazon Inspector will reopen a closed finding within seven days of closing the finding if the issue that caused the vulnerability reoccurs.
If you disable Amazon Inspector, findings are removed after 24 hours. If a resource is terminated, any finding related to the resource is removed after seven days. If AWS suspends your account, findings are removed after 90 days. Findings for stopped instances remain active.
Findings states
Amazon Inspector categorizes findings in the following states.
- Active
-
Amazon Inspector categorizes a finding that hasn't been remediated as Active.
- Suppressed
-
Amazon Inspector categorizes a finding subject to one or more suppression rules as Suppressed.
- Closed
-
When a finding has been remediated, Amazon Inspector categorizes the finding as Closed.