AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2026-07-10 · Documentation low

File: inspector/latest/user/eventbridge-integration.md

Summary

Added support for Azure resources in EventBridge events, including provider-agnostic resource details (vm, image, serverlessFunction) alongside AWS-specific fields. Updated example IP addresses to RFC 5737 standards and added new Azure vulnerability finding examples.

Security assessment

The changes extend multi-cloud support and standardize event schemas but contain no evidence of addressing specific vulnerabilities or security incidents. Updates to example IPs are documentation improvements without security implications.

Diff

diff --git a/inspector/latest/user/eventbridge-integration.md b/inspector/latest/user/eventbridge-integration.md
index 4b5cf74b6..ba4e93a1d 100644
--- a//inspector/latest/user/eventbridge-integration.md
+++ b//inspector/latest/user/eventbridge-integration.md
@@ -63,0 +64,15 @@ The following fields identify a finding event:
+Each object in `detail.resources` can also include the following fields. These fields are present for all resources, including AWS resources. 
+
+For AWS resources, these fields appear alongside the AWS-specific fields. You can rely on a single, provider-agnostic representation regardless of where the resource is hosted. 
+
+  * `provider` is the cloud provider of the resource, for example `AWS` or `AZURE`. 
+
+  * `providerAccountId` is the cloud provider account identifier for the resource, such as an Azure subscription ID. For AWS resources, this matches the `account` field. 
+
+  * `providerOrgId` is the cloud provider organization or tenant identifier for the resource, such as an Azure tenant ID. Amazon Inspector populates this field for `AZURE` resources. 
+
+  * `detail.resources.details` contains a provider-agnostic resource detail object that corresponds to the resource `type`: `vm` for a virtual machine, `image` for a container image, or `serverlessFunction` for a serverless function. These are the multi-cloud equivalents of the `awsEc2Instance`, `awsEcrContainerImage`, and `awsLambdaFunction` objects. For AWS resources, Amazon Inspector also includes the provider-agnostic object alongside the corresponding AWS-specific object. For example, an Amazon EC2 instance finding includes both `awsEc2Instance` and `vm`. 
+
+
+
+
@@ -154,2 +169,2 @@ Amazon EC2 package vulnerability finding
-                                "1.23.456.789",
-                                "123.45.67.890"
+                                "192.0.2.10",
+                                "203.0.113.20"
@@ -162,0 +178,16 @@ Amazon EC2 package vulnerability finding
+                        },
+                        "vm": {
+                            "type": "t2.small",
+                            "vmImageReference": "ami-02ff980600c693b38",
+                            "ipV4Addresses": [
+                                "192.0.2.10",
+                                "203.0.113.20"
+                            ],
+                            "ipV6Addresses": [],
+                            "networkId": "vpc-12345678",
+                            "subnetIds": [
+                                "subnet-12345678"
+                            ],
+                            "launchedAt": "Wed Sep 04 16:57:40.000 UTC 2024",
+                            "platform": "UBUNTU_22_04",
+                            "executionRole": "arn:aws:iam::123456789012:instance-profile/AmazonSSMRoleForInstancesQuickSetup"
@@ -166,0 +198,2 @@ Amazon EC2 package vulnerability finding
+                    "provider": "AWS",
+                    "providerAccountId": "123456789012",
@@ -234 +267 @@ Amazon EC2 network reachability finding
-                        "ipV4Addresses": ["1.23.456.789", "123.45.67.890"],
+                        "ipV4Addresses": ["192.0.2.10", "203.0.113.20"],
@@ -240,0 +274,11 @@ Amazon EC2 network reachability finding
+                    },
+                    "vm": {
+                        "type": "t2.small",
+                        "vmImageReference": "ami-02ff980600c693b38",
+                        "ipV4Addresses": ["192.0.2.10", "203.0.113.20"],
+                        "ipV6Addresses": [],
+                        "networkId": "vpc-12345678",
+                        "subnetIds": ["subnet-12345678"],
+                        "launchedAt": "Wed Sep 04 17:41:24.000 UTC 2024",
+                        "platform": "UBUNTU_22_04",
+                        "executionRole": "arn:aws:iam::123456789012:instance-profile/AmazonSSMRoleForInstancesQuickSetup"
@@ -244,0 +289,2 @@ Amazon EC2 network reachability finding
+                "provider": "AWS",
+                "providerAccountId": "123456789012",
@@ -340,0 +387,11 @@ Amazon ECR package vulnerability finding
+                        },
+                        "image": {
+                            "repositoryName": "inspector2",
+                            "registry": "123456789012",
+                            "imageTags": [
+                                "ubuntu_latest"
+                            ],
+                            "imageDigest": "sha256:84f507df33c6864d49c296fb734192696e4cb6f78166ac51ac8b9b118181085d",
+                            "pushedAt": "Wed Sep 04 16:55:28.000 UTC 2024",
+                            "architecture": "arm64",
+                            "platform": "UBUNTU_24_04"
@@ -344,0 +402,2 @@ Amazon ECR package vulnerability finding
+                    "provider": "AWS",
+                    "providerAccountId": "123456789012",
@@ -446,0 +506,12 @@ Lambda package vulnerability finding
+                        },
+                        "serverlessFunction": {
+                            "serverlessFunctionName": "VulnerableFunction",
+                            "runtime": "PYTHON_3_11",
+                            "version": "$LATEST",
+                            "codeDigest": "O7jkFEmfPB+CK3Y6Pby5zW9gjG+zusAaqRRMGS8B27c=",
+                            "lastModifiedAt": "Wed Sep 04 16:50:20.000 UTC 2024",
+                            "executionRole": "arn:aws:iam::123456789012:role/service-role/VulnerableFunction-role-f9vs5mq8",
+                            "packageType": "ZIP",
+                            "architectures": [
+                                "X86_64"
+                            ]
@@ -450,0 +522,2 @@ Lambda package vulnerability finding
+                    "provider": "AWS",
+                    "providerAccountId": "123456789012",
@@ -525,0 +599,12 @@ Lambda code vulnerability finding
+                        },
+                        "serverlessFunction": {
+                            "serverlessFunctionName": "VulnerableFunction",
+                            "runtime": "PYTHON_3_11",
+                            "version": "$LATEST",
+                            "codeDigest": "O7jkFEmfPB+CK3Y6Pby5zW9gjG+zusAaqRRMGS8B27c=",
+                            "lastModifiedAt": "Wed Sep 04 16:50:20.000 UTC 2024",
+                            "executionRole": "arn:aws:iam::123456789012:role/service-role/VulnerableFunction-role-f9vs5mq8",
+                            "packageType": "ZIP",
+                            "architectures": [
+                                "X86_64"
+                            ]
@@ -529,0 +615,2 @@ Lambda code vulnerability finding
+                    "provider": "AWS",
+                    "providerAccountId": "123456789012",
@@ -542,0 +630,268 @@ Lambda code vulnerability finding
+Azure virtual machine package vulnerability finding
+    
+    
+    
+    {
+        "version": "0",
+        "id": "a1b2c3d4-1111-2222-3333-444455556666",
+        "detail-type": "Inspector2 Finding",
+        "source": "aws.inspector2",
+        "account": "123456789012",
+        "time": "2024-09-04T17:00:36Z",
+        "region": "us-east-1",
+        "resources": [
+            "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourcegroups/example-rg/providers/microsoft.compute/virtualmachines/example-vm"
+        ],
+        "detail": {
+            "awsAccountId": "123456789012",
+            "description": "A package vulnerability was detected on an Azure virtual machine monitored by Amazon Inspector.",
+            "exploitAvailable": "NO",
+            "findingArn": "arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID",
+            "firstObservedAt": "Wed Sep 04 16:59:44.356 UTC 2024",
+            "fixAvailable": "YES",
+            "lastObservedAt": "Wed Sep 04 16:59:44.476 UTC 2024",
+            "packageVulnerabilityDetails": {
+                "cvss": [
+                    {
+                        "baseScore": 4.8,
+                        "scoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+                        "source": "UBUNTU_CVE",
+                        "version": "3.1"
+                    }
+                ],
+                "referenceUrls": [
+                    "https://www.cve.org/CVERecord?id=CVE-2024-29069"
+                ],
+                "relatedVulnerabilities": [],
+                "source": "UBUNTU_CVE",
+                "sourceUrl": "https://people.canonical.com/~ubuntu-security/cve/2024/CVE-2024-29069.html",
+                "vendorSeverity": "medium",
+                "vulnerabilityId": "CVE-2024-29069",
+                "vulnerablePackages": [
+                    {
+                        "arch": "ALL",
+                        "epoch": 0,
+                        "fixedInVersion": "0:2.63+22.04ubuntu0.1",
+                        "name": "snapd",
+                        "packageManager": "OS",
+                        "remediation": "apt-get update && apt-get upgrade",
+                        "version": "2.63"
+                    }
+                ]
+            },
+            "remediation": {
+                "recommendation": {
+                    "text": "None Provided"
+                }
+            },
+            "resources": [
+                {
+                    "details": {
+                        "vm": {
+                            "type": "Standard_D2s_v3",
+                            "vmName": "example-vm",
+                            "vmImageReference": "Canonical:0001-com-ubuntu-server-jammy:22_04-lts:latest",
+                            "ipV4Addresses": [
+                                "10.0.0.4"
+                            ],
+                            "ipV6Addresses": [],
+                            "networkId": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourcegroups/example-rg/providers/microsoft.network/virtualnetworks/example-vnet",
+                            "subnetIds": [
+                                "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourcegroups/example-rg/providers/microsoft.network/virtualnetworks/example-vnet/subnets/default"
+                            ],
+                            "securityGroupIds": [
+                                "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourcegroups/example-rg/providers/microsoft.network/networksecuritygroups/example-nsg"
+                            ],
+                            "launchedAt": "Wed Sep 04 16:57:40.000 UTC 2024",
+                            "platform": "UBUNTU_22_04",
+                            "executionRole": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourcegroups/example-rg/providers/microsoft.managedidentity/userassignedidentities/example-identity",
+                            "keyName": "example-key"
+                        }
+                    },
+                    "id": "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/resourcegroups/example-rg/providers/microsoft.compute/virtualmachines/example-vm",
+                    "provider": "AZURE",
+                    "providerAccountId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
+                    "providerOrgId": "11111111-2222-3333-4444-555555555555",
+                    "region": "eastus",
+                    "type": "Microsoft.Compute/virtualMachines"
+                }
+            ],