Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Question About Vulnerability Results in AWS Inspector

0

Hello,

I am currently experimenting with AWS Inspector. I created two EC2 instances: one running Amazon Linux and the other running Windows Server 2019. Both instances were assigned the appropriate IAM roles, and I have not made any configurations or downloads on either instance.

In AWS Inspector, I noticed that no vulnerabilities are reported for the Amazon Linux instance, while vulnerabilities are detected for the Windows instance. Is there a specific reason why no vulnerabilities are being identified for the Amazon Linux instance?

Thank you in advance for your assistance.

Topics
ComputeSecurity, Identity, & Compliance
Tags
Amazon EC2Amazon Inspector
Language
English
asked a year ago234 views
1 Answer
-1

The difference in vulnerability reporting between your Amazon Linux and Windows Server 2019 instances in AWS Inspector is likely due to several factors:

  1. Operating System Differences: Amazon Linux is specifically designed and maintained by AWS, with a focus on security and optimization for AWS environments. It's regularly updated with the latest security patches, which may result in fewer vulnerabilities being detected immediately after creation.

  2. Scanning Methods: AWS Inspector uses both agent-based and agentless scanning methods. For Amazon Linux instances, the agentless scanning method might be used initially, which scans for operating system vulnerabilities. Windows instances typically require the SSM agent for more comprehensive scanning, which might be detecting a broader range of potential vulnerabilities.

  3. Vulnerability Database: AWS Inspector uses different vulnerability databases for different operating systems. The vulnerability data for Amazon Linux might be more tightly controlled and up-to-date, resulting in fewer reported vulnerabilities.

  4. Default Configurations: Amazon Linux instances often come with more secure default configurations compared to Windows Server instances, which might require additional hardening out of the box.

  5. Scanning Frequency: Agentless scanning for eligible instances occurs every 24 hours, while agent-based scanning is continuous. If you've just created the instances, it's possible that the Amazon Linux instance hasn't undergone its first agentless scan yet.

  6. Deep Inspection: For Linux instances, Amazon Inspector can perform deep inspection for application programming language packages, which might not be applicable to a fresh Amazon Linux instance without any additional software installed.

It's important to note that the absence of reported vulnerabilities doesn't necessarily mean the system is completely secure. Continue to monitor both instances and ensure they receive regular updates and patches. If you're concerned about the lack of findings for the Amazon Linux instance, you might want to verify that the instance is properly configured for scanning and that enough time has passed for a complete scan to occur.
Sources
Using Amazon Inspector in your vulnerability management program - AWS Prescriptive Guidance
Scanning Amazon EC2 instances with Amazon Inspector - Amazon Inspector
Supported operating systems and programming languages for Amazon Inspector - Amazon Inspector

answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content