Understanding Amazon Inspector findings - Amazon Inspector

Understanding Amazon Inspector findings

Amazon Inspector generates a finding when it detects a vulnerability in an Amazon EC2 instance, a container image in Amazon ECR, or an AWS Lambda function. A finding is a detailed report about a vulnerability impacting one of your AWS resources.

Findings are named after vulnerabilities and provide severity ratings, information about impacted AWS resources, and details that describe how to remediate detected vulnerabilities. Amazon Inspector stores all of your active findings until you remediate them.

When you remediate a finding, Amazon Inspector automatically closes the finding. After seven days, Amazon Inspector automatically deletes the finding. Amazon Inspector removes other types of closed findings after 30 days.

Note

Amazon Inspector will reopen a remediated finding within seven days of closing the finding if the issue that caused the vulnerability reoccurs.

If you disable Amazon Inspector, findings are removed after 24 hours. If a resource is terminated, any finding related to the resource is removed after seven days. If AWS suspends your account, findings are removed after 90 days. Findings for stopped instances remain active.

Findings states

Amazon Inspector categorizes findings in the following states.

Active

Amazon Inspector categorizes a finding that hasn't been remediated as Active.

Suppressed

Amazon Inspector categorizes a finding subject to one or more suppression rules as Suppressed.

Closed

When a finding has been remediated, Amazon Inspector categorizes the finding as Closed.