Understanding findings in Amazon Inspector
A finding is a detailed report about a vulnerability that affects one of your AWS resources. Findings are named after detected vulnerabilities and provide severity ratings, information about affected resources, and details that describe how to remediate reported vulnerabilities.
Amazon Inspector generates a finding whenever it detects a vulnerability in an Amazon EC2 instance, a container image in an Amazon ECR repository, or an AWS Lambda function. Amazon Inspector continually scans your compute environment and stores all of your active findings until you remediate them.
When you remediate a finding, the finding is automatically closed, and Amazon Inspector deletes the finding after 7 days.
If you disable Amazon Inspector, findings are removed after 24 hours. If AWS suspends your account, findings are removed after 90 days.
Findings are categorized in one of the following states:
- Active
-
Amazon Inspector identifies findings that haven't been remediated as Active.
- Suppressed
-
Amazon Inspector identifies findings that are subject to one or more suppression rules as Suppressed. You can find suppressed findings in the Suppressed findings list. For more information, see Suppressing Amazon Inspector findings with suppression rules.
- Closed
-
After you remediate a vulnerability, Amazon Inspector automatically detects this and changes the state of the finding to Closed. Closed findings are deleted after 7 days.
Topics
