Amazon Inspector Classic integration
Amazon Inspector Classic is a security assessment service that runs automated security scanning on instances, offering different rules packages for assessments. The rules package is a knowledge base of multiple rules mapped to common security best practices and vulnerability definitions, which are regularly updated.
With Site24x7's integration with Amazon Inspector Classic, you can improve your Amazon Web Services (AWS) security by delving deeper into Inspector findings for actionable insights. Obtain real-time control over Inspector findings, and track the results over time.
Currently, Site24x7 supports Amazon Inspector Classic, while the Amazon Inspector V2 is not yet supported.
Setup and configuration
- If you haven't already, enable access to your AWS resources between your AWS account and Site24x7's AWS account by either:
- Creating Site24x7 as an IAM user, or
- Creating a cross-account IAM role. Learn more.
- On the Integrate AWS Account page, select Inspector from the Services to be discovered field. Learn more.
Policy and permissions
Site24x7 uses various Amazon Inspector Classic APIs to collect information. Assign the AWS managed policy ReadOnlyAccess to the Site24x7 entity (IAM user or IAM role) to help Site24x7 collect metrics and metadata. If you want to assign a custom policy, please make sure the following read-level actions are present in the policy JSON. Learn more.
- "inspector:ListFindings",
- "inspector:ListRulesPackages",
- "inspector:ListAssessmentTemplates",
- "inspector:DescribeFindings",
- "inspector:DescribeRulesPackages",
- "inspector:DescribeAssessmentTemplates"
Polling Frequency
Site24x7 collects the metric data for Inspector according to the polling frequency. The poll interval is one hour by default. Learn more.
Supported metrics
| Metric Name | Description | Statistics | Unit |
|---|---|---|---|
| Finding Count Per Run | Number of findings detected during an assessment run | Maximum | Count |
| High Severity Findings | Number of high severity findings detected | Maximum | Count |
| Medium Severity Findings | Number of medium severity findings detected | Maximum | Count |
| Low Severity Findings | Number of low severity findings detected | Maximum | Count |
| Findings Count By Resource Type | Number of findings detected for a resource type | Maximum | Count |
| Findings Count By Region | Number of findings detected for a region | Maximum | Count |
| Findings Count By Action | Number of findings detected for an action type | Maximum | Count |
Threshold configuration
To configure thresholds for your Inspector monitor:
- Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
- Click Add Threshold Profile.
- Select Inspector from the Monitor Type drop-down menu.
- Provide an appropriate name in the Display Name field.
The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics listed above.
Licensing
Each Inspector monitor is considered a basic monitor.
EC2 Security Findings
With Inspector integration, view and get alerted for Inspector findings at a resource-level of an Amazon EC2 instance, grouped according to their severity level. Learn more
Site24x7's Amazon Inspector Classic monitoring interface
When you navigate to the Inspector monitoring interface, you'll find various details based on findings like Network Reachability, Common Vulnerabilities and Exposures, Security Best Practices, and other categories supported in the AWS console.
Each category is considered a Monitor Name in the Site24x7 console and provides information on Finding Count Per Run. On clicking a Monitor Name, the following tabs appear:
Inspector Summary
Receive an overview of the Events Timeline, Top Findings, and a bar chart of the Finding Count Per Day. The Events Timeline provides a timeline of different events that have occurred for a monitor, like Down, Critical, Trouble, Maintenance, Anomaly, and Suspended. The Top Findings section provides information on the Resource Name, Type, Severity, Region, and Number of Occurrences that have been detected by Amazon Inspector.
Regions
Information on Region Details, Findings Count By Region, and Regions Count Per Day is displayed here. The Region Details section includes information on Regions, Rules Package Name, Finding Count, and Action. The Regions section helps in obtaining a region-wise overview of a particular category, say Network Reachability, and analyzing which regions have this issue.
Resource Types
Information on Resource Type Details, Findings Count By Type, and Resource Count Per Day is displayed here. The Resource Type Details section includes information on Resource Type, Rules Package Name, Finding Count, and Action. A pie chart of Findings Count by Type provides a resource-wise overview of each resource type and its associated count.
Threshold Configuration lets you add or edit thresholds in bulk for various child monitors that you have chosen, and according to the Finding Count configuration you set.
Outages
Statuses like Down or Trouble are displayed in the Outages tab. Details on an outage's start time, end time, duration, and comments (if any) are also provided in this section.
Inventory
This is where you can configure the threshold for each Inspector monitor. The various threshold parameters that can be set include High Severity Findings, Medium Severity Findings, Findings Count By Resource Type, and Findings Count Per Day. The Polling Frequency and the Notification Profile can be set according to the user and viewed here.
Log Report
This tab offers a consolidated report of the log status of various Inspector findings, which can be downloaded as a CSV file.