Inspector
Collects vulnerability findings from Amazon Inspector v2 to monitor security issues across EC2 instances, ECR container images, and Lambda functions.
Sync Type: Incremental
Details
Amazon Inspector is an automated vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure. This input connector retrieves security findings from Inspector v2 in your AWS account.
Functionality
On initialization, Monad connects to AWS Inspector in the specified region. The connector retrieves vulnerability findings and maintains state to ensure incremental updates on subsequent runs. Only new or updated findings since the last sync are collected, minimizing duplicates and API calls. Findings are sorted by their last observed time and filtered by status (active findings only).
Requirements
- IAM Role Assumption / Static Credentials
- Example permission to attach to the role/user:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"inspector2:ListFindings",
"inspector2:BatchGetFindingDetails"
],
"Resource": "*"
}
]
}
Configuration
The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Region | string | Yes | The AWS region where Inspector is enabled. |
| Role ARN | string | Conditional | The ARN of the IAM role to assume for accessing Inspector. |
| Severity | array | No | Severity levels of findings to fetch. Accepts multiple values: INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL. If not specified, all severities are collected. |
| Backfill Start Time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. |
Secrets (Static Credentials Only)
| Setting | Type | Required | Description |
|---|---|---|---|
| Access Key | string | Conditional | AWS Access Key ID |
| Secret Key | string | Conditional | AWS Secret Access Key |
Authentication: Choose either Role ARN (recommended) or static credentials. See AWS Authentication Guide for setup instructions.
Related Articles
Sample Record
{
"awsAccountId": "637113223881",
"description": "A vulnerability has been found in GNU Binutils 2.45.",
"epss": {
"score": 0.00001
},
"exploitAvailable": "NO",
"findingArn": "arn:aws:inspector2:eu-west-1:637113223881:finding/c4a3f9bb-787d-7868-7887-2e7298cedd89",
"firstObservedAt": "2026-01-05T17:07:41.15121Z",
"fixAvailable": "NO",
"inspectorScore": 0.1,
"inspectorScoreDetails": {
"adjustedCvss": {
"adjustments": [],
"cvssSource": "NVD",
"score": 0.1,
"scoreSource": "AMAZON_CVE",
"scoringVector": "",
"version": "3.0"
}
},
"lastObservedAt": "2026-01-05T17:07:41.15121Z",
"packageVulnerabilityDetails": {
"cvss": [
{
"baseScore": 10,
"scoringVector": "",
"source": "NVD",
"version": "4.0"
},
{
"baseScore": 0.1,
"scoringVector": "",
"source": "NVD",
"version": "3.1"
}
],
"referenceUrls": [
"https://alas.aws.test.amazon.com/AL2023/ALAS2021-0001.html",
"https://explore.alas.aws.test.amazon.com/cve/json/v1/CVE-2021-22222.json",
"https://explore.alas.aws.test.amazon.com/CVE-2021-22222.html"
],
"relatedVulnerabilities": [
"ALAS2023-2024-0001"
],
"source": "DEBIAN",
"sourceUrl": "https://explore.alas.aws.amazon.com/cve/json/v1/CVE-2024-1234.json",
"vendorCreatedAt": "2026-01-05T17:07:41.151683Z",
"vendorSeverity": "Critical",
"vendorUpdatedAt": "2026-01-05T17:07:41.151684Z",
"vulnerabilityId": "CVE-2021-3333",
"vulnerablePackages": [
{
"arch": "ARM64",
"epoch": 0,
"fixedInVersion": "0:1.1.amzn2023.0.5",
"name": "openssl",
"packageManager": "MAVEN",
"release": "",
"remediation": "sudo apt-get update \u0026\u0026 sudo apt-get upgrade",
"version": "1.1"
}
]
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"resources": [
{
"details": {
"awsEc2Instance": {
"iamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/305d4cd6-e6bf-a4ee-1a79-87abf05ade12",
"imageId": "ami-fd0113a3-82d2-efe7-310e-8c4ce0a54276",
"ipV4Addresses": [
"210.111.130.223",
"210.143.46.65"
],
"ipV6Addresses": [],
"launchedAt": "2026-01-05T17:07:41.151449Z",
"platform": "AMAZON_LINUX_2",
"subnetId": "subnet-6b07db42-1116-fcb1-b17d-f3fc99d002a7",
"type": "c5.xlarge",
"vpcId": "vpc-3970bf77-dc55-076e-4459-41deb9457392"
}
},
"id": "832b72b2-b013-e866-611f-62b3a80b88b6",
"partition": "aws",
"region": "ap-southeast-1",
"tags": {
"Environment": "dev-west",
"Name": "dev-worker-node-1",
"aws:autoscaling:groupName": "staging-asg-2021777",
"aws:ec2launchtemplate:id": "lt-1c9c9887-08bf-89fa-ac89-b55b451ad592",
"aws:ec2launchtemplate:version": "10"
},
"type": "AWS_EC2_INSTANCE"
}
],
"severity": "HIGH",
"status": "SUPPRESSED",
"title": "CVE-2021-4444 - python3",
"type": "PACKAGE_VULNERABILITY",
"updatedAt": "2026-01-05T17:07:41.151211Z"
}