instances can be launched and terminated in a day. Traditional tools lagging to scan all of them only the fly. Agent Based Install and configure the Agent to collect the vulnerabilities and the network connections & permissions. Scheduled Scan Most of the traditional tools works on scheduled scan basis. We have to wait till the scheduled window to detect the vulnerabilities. Knowledge & Effort Additional learning and management overhead of the 3rd party tools and integrations with all other services.
source of vulnerability intelligence for the Amazon Inspector service. • The Snyk Intel Vulnerability Database is maintained with hand-curated content and enriched meta-data, and identifies vulnerable functions as well as known exploit maturity with a Common Vulnerability Scoring System score and vector assigned to 100% of vulnerabilities.
Metric CVSS Inspector Attack Vector Network Local Attack Complexity Low Low Privileges Required None None User Interaction None None Scope Unchanged Unchanged Confidentiality High High Integrity High High Availability High High • CVSS provides a numerical (0-10) representation of the severity of an information security vulnerability • Amazon Inspector calculates an Inspector risk score by correlating up-to-date CVE information with temporal and environmental factors such as network accessibility and exploitability information to add context to help prioritize your findings. Rating CVSS Score Low 0.1 - 3.9 Medium 4.0 - 6.9 High 7.0 - 8.9 Critical 9.0 - 10.0
not relevant to you. Export the findings to S3 for historical data store. Account level control to enable or disable the features Projected cost usage on Inspector console to know. Integrated with Security Hub, Event Bridge for any workflow automation. Comprehensive Dashboard with near real-time reports
Scan Scan Findings in CloudWatch Call GetFindings API Vulnerability Details to SQS Store Update Ticket Status Internal Service FROM AWS RE:INVENT 2021 VIDEO