Running CIS scan AL2023

Hello, I am trying to run a CIS scan using Inspector V2. The needed permissions are assigned to the instance (AL2023). At the CIS screen, I can create a new scan, and it is started, and then completed, but there are no results printed for me. Also, when downloading the report, I get the (Finding Details) without any results. SSM Agent is up to date. Amazon EC2 instance is running. Operating system is supported. Connectivity to Systems Manager is configured. Systems Manager associations and software application are configured.

Topics

Security, Identity, & Compliance Compute Management & Governance

Tags

Security, Identity, & Compliance Amazon EC2 Amazon Inspector Session Management AWS Systems Manager Fleet Manager

Language

English

rePost-User-2140084

asked a month ago278 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Hi,

Did you check your inventory under Fleet manager in System manager to make sure that there are software packages?

https://repost.aws/knowledge-center/amazon-inspector-ec2-scanning

EXPERT

Sivaraman Selvam

answered a month ago

rePost-User-2140084
a month ago
It is already there, yes. The message I can see in the CIS scan results is "No checks No checks to display" Does this mean the Instance is eligible for the CIS scan? I don't think that. The only (Association) in the pending status at the (AWS-QuickSetup-SSMHostMgmt-CollectInventory-iyuxc) I found articles saying this for the insufficient privileges, but over AWS documents no one mentioned any policies other than (AmazonSSMManagedInstanceCore & AmazonInspector2ManagedCispolicy), which already added to the IAM of my instance. I am using AL2023 OS! The (vulnerability scan) works as expected, I can see (No findings) for this, but the CIS scan (No checks to display).

Relevant content

AWS Inspector - Scan on-premise VMs - CIS Benchmarks
Accepted Answer
Maan
asked 2 years ago
Conflicts between CIS Windows hardening and Workspaces
rePost-User-2267076
asked a year ago
CIS OS level benchmarks on New Amazon Inspector
Accepted Answer
rePost-User-4926486
asked a year ago
AWS Inspector CVE Scanning
Shivkumar
asked 2 months ago
How do I assign a static hostname to an Amazon EC2 instance that runs Ubuntu Linux?
AWS OFFICIALUpdated 9 months ago
How do I set up Amazon Inspector Classic to run security assessments on my Amazon EC2 instances?
AWS OFFICIALUpdated 2 years ago
How do I exclude specific AWS resources from Amazon Inspector scans?
AWS OFFICIALUpdated a month ago
Why is Amazon Inspector not scanning my Amazon EC2 instances?
AWS OFFICIALUpdated a year ago
How to enable Amazon EKS Pod Identity and assign role to Service account running workloads
EXPERT
Arun Nagpal
published 5 months ago
A First Look at AWS CloudFormation IaC Generator
EXPERT
Patrick Kremer
published 4 months ago