Running CIS scan AL2023

0

Hello, I am trying to run a CIS scan using Inspector V2. The needed permissions are assigned to the instance (AL2023). At the CIS screen, I can create a new scan, and it is started, and then completed, but there are no results printed for me. Also, when downloading the report, I get the (Finding Details) without any results. SSM Agent is up to date. Amazon EC2 instance is running. Operating system is supported. Connectivity to Systems Manager is configured. Systems Manager associations and software application are configured.

2 Answers
1

Hi,

Did you check your inventory under Fleet manager in System manager to make sure that there are software packages?

https://repost.aws/knowledge-center/amazon-inspector-ec2-scanning

profile picture
EXPERT
answered 4 months ago
  • It is already there, yes. The message I can see in the CIS scan results is "No checks No checks to display" Does this mean the Instance is eligible for the CIS scan? I don't think that. The only (Association) in the pending status at the (AWS-QuickSetup-SSMHostMgmt-CollectInventory-iyuxc) I found articles saying this for the insufficient privileges, but over AWS documents no one mentioned any policies other than (AmazonSSMManagedInstanceCore & AmazonInspector2ManagedCispolicy), which already added to the IAM of my instance. I am using AL2023 OS! The (vulnerability scan) works as expected, I can see (No findings) for this, but the CIS scan (No checks to display).

0

Hello, did you manage to sort this issue? I am encountering a similar issue setting up CIS scans

answered a month ago
  • Yes, I have resolved the issue. You need to make sure of the (Tag). For example, if your ec2 instance is launched with tag (Name) = test-cis At the Inspector creation scan screen, make sure to use this key (Name) with the correct value. Don't miss to consider the other needed things (Permissions: To grant permissions to run CIS scans, attach the “AmazonSSMManagedInstanceCore” and the “AmazonInspector2ManagedCispolicy” IAM policies to the EC2 instance profile role).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions