Amazon Inspector
User Guide (Version Latest)

Amazon Inspector Terminology and Concepts

As you get started with Amazon Inspector, you can benefit from learning about its key concepts.

Amazon Inspector agent

A software agent that you can install on the Amazon EC2 instances that are included in the assessment target. The agent monitors the behavior of the EC2 instances, including network, file system, and process activity. It also collects a wide set of behavior and configuration data (telemetry). For more information, see Amazon Inspector Agents.

Assessment run

The process of discovering potential security issues through the analysis of your assessment target's configuration and behavior against specified rules packages. During an assessment run, Amazon Inspector monitors, collects, and analyzes behavioral data (telemetry) within the specified target. This includes the use of secure channels, network traffic among running processes, and details of communication with AWS services. Next, Amazon Inspector analyzes the data and compares it against a set of security rules packages that are specified in the assessment template used during the assessment run. A completed assessment run produces a list of findings, which are potential security issues of various levels of severity. For more information, see Amazon Inspector Assessment Templates and Assessment Runs.

Assessment target

In the context of Amazon Inspector, a collection of AWS resources that work together as a unit to help you accomplish your business goals. Amazon Inspector evaluates the security state of the resources that constitute the assessment target.

Important

Currently, your Amazon Inspector assessment targets can consist only of EC2 instances. For more information, see Amazon Inspector Service Limits

To create an Amazon Inspector assessment target, you must first tag your EC2 instances with key-value pairs of your choice. Next, you can create a view of these tagged EC2 instances that have common keys or common values. For more information, see Amazon Inspector Assessment Targets.

Assessment template

A configuration that is used during your assessment run. The template includes the following:

  • Rules packages that Amazon Inspector uses to evaluate your assessment target

  • Amazon SNS topics that you want Amazon Inspector to send notifications to about assessment run states and findings

  • Tags (key-value pairs) that you can assign to findings that are generated by the assessment run

  • The duration of the assessment run

Finding

A potential security issue that Amazon Inspector discovers during an assessment run of the specified target. Findings are displayed in the Amazon Inspector console or retrieved through the API. They contain both a detailed description of the security issue and a recommendation on how to fix it. For more information, see Amazon Inspector Findings.

Rule

In the context of Amazon Inspector, a security check performed during an assessment run. When a rule detects a potential security issue, Amazon Inspector generates a finding that describes the issue.

Rules package

In the context of Amazon Inspector, a collection of rules. A rules package corresponds to a security goal that you might have. You can specify your security goal by selecting the appropriate rules package when you create an Amazon Inspector assessment template. For more information, see Amazon Inspector Rules Packages and Rules.

Telemetry

EC2 instance data (behavioral, configuration, and so on), such as records of network connections and process creations. Amazon Inspector collects the data during an assessment run.