How to integrate Amazon Inspector with VMware Aria Automation for Secure Clouds

Amazon Inspector is a service provided by AWS that scans your instances, container images, and repositories for issues like software vulnerabilities and network exposures.

VMware Aria Automation for Secure Clouds can use an integration to ingest and display findings from Amazon Inspector alongside native findings from the service. This allows you to more easily correlate Inspector-based findings with other, related vulnerabilities for the same resource.

Read further for instructions to enable and secure an Amazon Inspector integration for VMware Aria Automation for Secure Clouds.

Before you start

Take note of the following before you enable integration with Amazon Inspector:

• The integration is only compatible with Amazon Inspector, also known as Inspector v2. Amazon Inspector Classic, also known as Inspector v1, is not supported.
• You must be an organization or project admin in VMware Aria Automation for Secure Clouds to enable an integration with Amazon Inspector.
• You must enable Amazon Inspector in AWS to for the integration to function. Note that this incurs an additional cost if you weren't already making use of the service.
• If you have cloud accounts in multiple regions, you must have Amazon Inspector enabled in each region where you plan to make use of an integration.

Configure your Amazon Inspector integration

Amazon Inspector integrations are created automatically when you onboard on AWS account into VMware Aria Automation for Secure Clouds. Configuration involves enabling the integration and adding the correct permissions in your AWS account to allow ingestion of findings from Amazon Inspector.

1. From the VMware Aria Automation for Secure Clouds browser client, navigate to Settings > Integrations.

2. Locate the Amazon Inspector integration and select View Details.

3. Select your desired cloud account and click the Enable toggle to activate the integration.

4. Verify your cloud account is in Healthy status.

You are now ready to begin ingesting findings from Amazon Inspector. If your integration doesn't work, ensure that you have Amazon Inspector enabled in your AWS console. If it still isn't working, reach out to your support representative.

Understand Amazon Inspector status

During and after configuration, the Status indicator is an important way to tell if your integration is working correctly. There are several possible statuses for your integration, each corresponding to a particular scenario.

• Healthy - This status is indicated by a green checkmark with a circle around it. A healthy status means VMware Aria Automation for Secure Clouds is connected to Amazon Inspector and is able to receive data.
• Not triggered - This status is indicated by a yellow exclamation point with a triangle around it. A not triggered status means VMware Aria Automation for Secure Clouds is connected to Amazon Inspector but can't receive data. This occurs when the service lacks sufficient permissions in AWS IAM to read findings from Inspector. To correct this, verify you've created and attached the correct IAM policy.
• Not connected - This status is indicated by a red exclamation point with a circle around it. A not connected status means VMware Aria Automation for Secure Clouds can't communicate with Amazon Inspector, likely because Inspector hasn't been enabled for your cloud account in the AWS console.
• Disabled - This status is indicated by a gray minus sign with a circle around it. The disable status only appears when you've disabled the Amazon Inspector integration in VMware Aria Automation for Secure Clouds.

Review findings from Amazon Inspector

Amazon Inspector distinguishes between two types of findings: Package vulnerability and network reachability. Review the AWS documentation for Inspector to learn more about each type of finding.

VMware Aria Automation for Secure Clouds assigns the vulnerability and violation finding types to Inspector-based findings to differentiate between package vulnerability and network reachability.

You can quickly view findings of either type from Amazon Inspector by taking the following actions in the VMware Aria Automation for Secure Clouds browser client:

1. Select your preferred view from the Findings tab.

2. Open the filter list, then select Amazon Inspector under Finding Source.

3. Under Finding Type, select Violation to see network reachability findings, or Vulnerability to see package vulnerability findings. If you want to see both, don't make a selection here.

4. Click Apply.

You should now see a list of all findings ingested from your Amazon Inspector integration.

If you don't see any findings, see if you've enabled event stream or not; it may take up to 12 hours before VMware Aria Automation for Secure Clouds to update with additional findings if event stream isn't active. You may also need to wait for Amazon Inspector to detect findings from your AWS resources if you just recently enabled the service.