DevOps

Inspector

Overview

Scan mode

Agentless

  • Scanning base on EBS snapshot

  • Agentless không thể quét Network exposure.

Hybrid scanning

  • Use the combine of both agent-based and agentless methods.

  • If

    • SSM managed instances: use agent-based method

    • No SSM: use agentless method.

Agent-based scanning

  • Exclusive use Agent-based method for scanning

  • Only scan SSM managed instances.

Deep inspection

  • Super-detailed security scanner for EC2

  • Looking for vulnerabilities in

    • OS (Linux, Windows, Mac) system packages

    • Application code and programming (Linux only)

Trivia

  • You can exclude an instance from Inspector scan by using InspectorEc2Exclusion key.

  • If you not sure all agent have SSM Agent, then use hybrid scanning mode.

  • Agent-less scanning cant not scan Network exposure, because it scan on EBS snapshot.

PreviousGuardDutyNextKMS

Last updated