Baseline data collected from monitoring metrics and logs are used to understand your usage over time and to create a performance baseline. Baselines can help you understand what is considered a normal usage pattern. When the tracking data exceeds the baseline metrics, you will have visibility into what is out of range and work to resolve the issue or add capacity to meet an increasing workload. With an accurate baseline, you can often predict issues before they become critical and take preemptive steps to address the out-of-range metrics.
By capturing and storing data across many devices in a central repository, analytics and AI functions can be performed to add intelligence to the data collected and perform operations in real time to make sure your AWS deployment meets any service-level agreements.
Inspector is the AWS managed service that performs security and vulnerability analysis and assessments for EC2 and ECR container instances, applications, network accessibility, and how security is configured for the applications on the instances. Inspector can replace scanning utilities, which are generally use-restricted by AWS inside a VPC. The service automatically discovers endpoints and applications and performs a security vulnerability analysis on each device; based on its findings, a report is generated, and the vulnerability is tracked to resolution.
Inspector can test routing inside and out of your VPC and validates firewall rules. Open ports, also called listeners, are identified per IP address. These are then mapped back to the host, and its owner is identified. Inspector can act as an automated security assessment service by using test packages. These host assessment packages report on the host/EC2, ECR/container-based hosts and the applications running on the instances for compliance, vulnerabilities, and how they compare to established best practices.
When Inspector discovers a network, host, or application vulnerability, a finding is created to report on the issue. Each finding includes a description of the vulnerability, logs the resource that the vulnerability was found on, applies a rating to how severe that vulnerability is, and even gives information on how to remediate and resolve the issue. Categories of findings include active, which means unresolved; suppressed, which means it is acknowledged and archived but still present as a vulnerability; and closed, which indicates the issue has been remediated and will be removed from Inspector in 30 days.
Each finding has a severity rating of either untriaged, informational, low, medium, high, or critical. The finding is represented by a numerical score. Scores are based on the National Institute of Standards and Technology (NIST) National Vulnerability Database at https://nvd.nist.gov/vuln, and details on the scoring system can be found at www.first.org/cvss.
The Inspector console has multiple options to analyze, report, and remediate the discovered vulnerabilities or by other AWS and third-party services. Inspector is integrated with many AWS service offerings including Amazon EventBridge and Security Hub. Pricing is per region and per container or EC2 image scanned.