Inspector2 is enabled with no active findings
inspector2_active_findings_exist
Amazon Inspector2 active findings are assessed across eligible resources when the service is ENABLED.
Indicates whether any findings remain in the Active state versus none.
Risk
Unremediated Inspector2 findings mean known vulnerabilities or exposures persist on workloads.
This enables:
- Unauthorized access and data exfiltration (C)
- Code tampering and privilege escalation (I)
- Service disruption via exploitation or malware (A)
prowler aws --checks inspector2_active_findings_exist
Recommendation
Prioritize and remediate Active findings quickly: patch hosts and runtimes, update/rebuild images, fix vulnerable code, and close unintended exposure.
Apply least privilege, use defense in depth, and avoid broad suppressions. Integrate findings into CI/CD and vulnerability management for continuous prevention.
Remediation
aws inspector2 create-filter --name <example_resource_name> --action SUPPRESS --filter-criteria '{"findingStatus":[{"comparison":"EQUALS","value":"ACTIVE"}]}'
- In the AWS Console, go to Amazon Inspector
- Open Suppression rules (or Filters) and click Create suppression rule
- Set condition: Finding status = Active
- Set action to Suppress and click Create
- Verify the Active findings count is 0 on the dashboard
Source Code
Resource Type
Other