Alert When New Software is Installed


Is there a way to determine if new software gets installed on an EC2, then get alerted about it? I know config gives a timeline of inventory changes, but not exactly what I'm looking for. Any ideas?

1 Answer
Accepted Answer


As you know, you can use AWS Config rules to notify you when unauthorized software is installed.
However, I think this rule would be difficult to handle if you want to be notified when new software is installed.

If you use Amazon Inspector, it may be possible to notify you when software is installed.

  • When you launch a new EC2 instance.
  • When you install new software on an existing EC2 instance (Linux and Mac).
  • When Amazon Inspector adds a new common vulnerabilities and exposures (CVE) item to its database, and that CVE is relevant to your EC2 instance (Linux and Mac).
profile picture
answered 2 months ago
profile picture
reviewed a month ago
profile pictureAWS
reviewed 2 months ago
  • I tried to create an event bridge rule:

    { "source": ["aws.inspector"], "detail-type": ["Inspector Assessment Run State Change"], "detail": { "state": ["COMPLETED"] } }

    Downloaded/installed docker on my linux 2 instance, but didn't seem to trigger the rule. Any ideas?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions