Amazon Inspector is a service provided by AWS that scans your instances, container images, and repositories for issues like software vulnerabilities and network exposures.
VMware Aria Automation for Secure Clouds can use an integration to ingest and display findings from Amazon Inspector alongside native findings from the service. This allows you to more easily correlate Inspector-based findings with other, related vulnerabilities for the same resource.
Read further for instructions to enable and secure an Amazon Inspector integration for VMware Aria Automation for Secure Clouds.
Take note of the following before you enable integration with Amazon Inspector:
Amazon Inspector integrations are created automatically when you onboard on AWS account into VMware Aria Automation for Secure Clouds. Configuration involves enabling the integration and adding the correct permissions in your AWS account to allow ingestion of findings from Amazon Inspector.
From the VMware Aria Automation for Secure Clouds browser client, navigate to Settings > Integrations.
Locate the Amazon Inspector integration and select View Details.
Select your desired cloud account and click the Enable toggle to activate the integration.
Verify your cloud account is in Healthy status.
You are now ready to begin ingesting findings from Amazon Inspector. If your integration doesn't work, ensure that you have Amazon Inspector enabled in your AWS console. If it still isn't working, reach out to your support representative.
During and after configuration, the Status indicator is an important way to tell if your integration is working correctly. There are several possible statuses for your integration, each corresponding to a particular scenario.
Amazon Inspector distinguishes between two types of findings: Package vulnerability and network reachability. Review the AWS documentation for Inspector to learn more about each type of finding.
VMware Aria Automation for Secure Clouds assigns the vulnerability and violation finding types to Inspector-based findings to differentiate between package vulnerability and network reachability.
You can quickly view findings of either type from Amazon Inspector by taking the following actions in the VMware Aria Automation for Secure Clouds browser client:
Select your preferred view from the Findings tab.
Open the filter list, then select Amazon Inspector under Finding Source.
Under Finding Type, select Violation to see network reachability findings, or Vulnerability to see package vulnerability findings. If you want to see both, don't make a selection here.
Click Apply.
You should now see a list of all findings ingested from your Amazon Inspector integration.
If you don't see any findings, see if you've enabled event stream or not; it may take up to 12 hours before VMware Aria Automation for Secure Clouds to update with additional findings if event stream isn't active. You may also need to wait for Amazon Inspector to detect findings from your AWS resources if you just recently enabled the service.