Comprehensive Detailed Explanation with all AWS References
To monitor EC2 instances for software vulnerabilities without installing agents and to display findings in AWS Security Hub,Amazon Inspectoris the most appropriate solution.
Amazon Inspector Overview:
Amazon Inspector is a vulnerability management service that automatically scans Amazon EC2 instances and container images in Amazon Elastic Container Registry (ECR) for known vulnerabilities.
It does not require agent installation as it integrates directly with EC2 metadata and uses network-based scanning.
[Reference:AmazonInspector Features, Integration with AWS Security Hub:, Enable the integration of Amazon Inspector with Security Hub to ingest and display findings in a centralized dashboard., Security Hub will show Inspector's findings as part of its comprehensive security overview., Reference:Amazon Inspector and Security Hub Integration, Why Not Other Options?, Option B:Security Hub's AWS Foundational Security Best Practices standard provides a broad set of checks but does not include detailed vulnerability scanning for EC2 instances., Option C:GuardDuty is focused on detecting security threats and anomalies, not software vulnerabilities., Option D:AWS Config managed rules provide compliance checks but lack detailed vulnerability scanning., , , , ]
Submit