Copy page

AWS

Inspector

Collects vulnerability findings from Amazon Inspector v2 to monitor security issues across EC2 instances, ECR container images, and Lambda functions.

Sync Type: Incremental

Details

Amazon Inspector is an automated vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure. This input connector retrieves security findings from Inspector v2 in your AWS account.

Functionality

On initialization, Monad connects to AWS Inspector in the specified region. The connector retrieves vulnerability findings and maintains state to ensure incremental updates on subsequent runs. Only new or updated findings since the last sync are collected, minimizing duplicates and API calls. Findings are sorted by their last observed time and filtered by status (active findings only).

Requirements

• IAM Role Assumption / Static Credentials
• Example permission to attach to the role/user:

Code
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "",
			"Effect": "Allow",
			"Action": [
				"inspector2:ListFindings",
				"inspector2:BatchGetFindingDetails"
			],
			"Resource": "*"
		}
	]
}

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Region	string	Yes	The AWS region where Inspector is enabled.
Role ARN	string	Conditional	The ARN of the IAM role to assume for accessing Inspector.
Severity	array	No	Severity levels of findings to fetch. Accepts multiple values: INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL. If not specified, all severities are collected.
Backfill Start Time	string	No	The date to start fetching data from. If not specified, no past records will be fetched.

Secrets (Static Credentials Only)

Setting	Type	Required	Description
Access Key	string	Conditional	AWS Access Key ID
Secret Key	string	Conditional	AWS Secret Access Key

Authentication: Choose either Role ARN (recommended) or static credentials. See AWS Authentication Guide for setup instructions.

Related Articles

• AWS Inspector User Guide

Sample Record

Code
{
    "awsAccountId": "637113223881",
    "description": "A vulnerability has been found in GNU Binutils 2.45.",
    "epss": {
        "score": 0.00001
    },
    "exploitAvailable": "NO",
    "findingArn": "arn:aws:inspector2:eu-west-1:637113223881:finding/c4a3f9bb-787d-7868-7887-2e7298cedd89",
    "firstObservedAt": "2026-01-05T17:07:41.15121Z",
    "fixAvailable": "NO",
    "inspectorScore": 0.1,
    "inspectorScoreDetails": {
        "adjustedCvss": {
            "adjustments": [],
            "cvssSource": "NVD",
            "score": 0.1,
            "scoreSource": "AMAZON_CVE",
            "scoringVector": "",
            "version": "3.0"
        }
    },
    "lastObservedAt": "2026-01-05T17:07:41.15121Z",
    "packageVulnerabilityDetails": {
        "cvss": [
            {
                "baseScore": 10,
                "scoringVector": "",
                "source": "NVD",
                "version": "4.0"
            },
            {
                "baseScore": 0.1,
                "scoringVector": "",
                "source": "NVD",
                "version": "3.1"
            }
        ],
        "referenceUrls": [
            "https://alas.aws.test.amazon.com/AL2023/ALAS2021-0001.html",
            "https://explore.alas.aws.test.amazon.com/cve/json/v1/CVE-2021-22222.json",
            "https://explore.alas.aws.test.amazon.com/CVE-2021-22222.html"
        ],
        "relatedVulnerabilities": [
            "ALAS2023-2024-0001"
        ],
        "source": "DEBIAN",
        "sourceUrl": "https://explore.alas.aws.amazon.com/cve/json/v1/CVE-2024-1234.json",
        "vendorCreatedAt": "2026-01-05T17:07:41.151683Z",
        "vendorSeverity": "Critical",
        "vendorUpdatedAt": "2026-01-05T17:07:41.151684Z",
        "vulnerabilityId": "CVE-2021-3333",
        "vulnerablePackages": [
            {
                "arch": "ARM64",
                "epoch": 0,
                "fixedInVersion": "0:1.1.amzn2023.0.5",
                "name": "openssl",
                "packageManager": "MAVEN",
                "release": "",
                "remediation": "sudo apt-get update \u0026\u0026 sudo apt-get upgrade",
                "version": "1.1"
            }
        ]
    },
    "remediation": {
        "recommendation": {
            "text": "None Provided"
        }
    },
    "resources": [
        {
            "details": {
                "awsEc2Instance": {
                    "iamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/305d4cd6-e6bf-a4ee-1a79-87abf05ade12",
                    "imageId": "ami-fd0113a3-82d2-efe7-310e-8c4ce0a54276",
                    "ipV4Addresses": [
                        "210.111.130.223",
                        "210.143.46.65"
                    ],
                    "ipV6Addresses": [],
                    "launchedAt": "2026-01-05T17:07:41.151449Z",
                    "platform": "AMAZON_LINUX_2",
                    "subnetId": "subnet-6b07db42-1116-fcb1-b17d-f3fc99d002a7",
                    "type": "c5.xlarge",
                    "vpcId": "vpc-3970bf77-dc55-076e-4459-41deb9457392"
                }
            },
            "id": "832b72b2-b013-e866-611f-62b3a80b88b6",
            "partition": "aws",
            "region": "ap-southeast-1",
            "tags": {
                "Environment": "dev-west",
                "Name": "dev-worker-node-1",
                "aws:autoscaling:groupName": "staging-asg-2021777",
                "aws:ec2launchtemplate:id": "lt-1c9c9887-08bf-89fa-ac89-b55b451ad592",
                "aws:ec2launchtemplate:version": "10"
            },
            "type": "AWS_EC2_INSTANCE"
        }
    ],
    "severity": "HIGH",
    "status": "SUPPRESSED",
    "title": "CVE-2021-4444 - python3",
    "type": "PACKAGE_VULNERABILITY",
    "updatedAt": "2026-01-05T17:07:41.151211Z"
}