If you are missing AWS Inspector scans for your EC2 instances, please follow the steps in the article and write back to support if they could not resolve your issues. Please submit the required screenshots as well.
Prerequisites
- Administrator access on Vanta
- Access to Inspector in AWS
Verify Vanta Settings
The first thing an administrator should do is verify their Vanta settings for AWS.
1. They can head to the integrations page to make sure there is no banner saying to Reconnect AWS at the top of the page:
2. Also check that the status is green and not a loading circle. It should say 'Connected':
If there are any connection issues, please resolve them first as they may be why your scans are not coming through from Inspector. If your connection is fine move on to step three.
3. Next, click on Configure scope for AWS, and the goal here is to confirm that all resources have fully loaded. There should be no spinning circles or any messages about loading resources:
If you see any kind of issues with loading resources please wait to write in for assistance. If you see no issues move on to step four.
4. Please filter your resources by EC2
5. And confirm the EC2 instance you are not seeing vulnerabilities for is marked in scope and not toggled out or set out of scope by tags:
If the instance that is not showing scans is marked out of scope, they need to be made back in scope. See this article for more information. If your AWS connection is up and running; and the EC2 instance with he missing scan is in scope , please move on to the next section.
Verify Instance Status
Vanta relies on the results from the inspector to populate the vulnerabilities page. If the inspector has no findings because no scans have been performed, the page will be blank. A common reason for an instance not having any scans is that the SSM agent is not installed or installed correctly. Instances in this state are unmonitored, meaning inspectors cannot run on them. To verify this, the administrator must:
1. Go to the inspector dashboard inside of AWS, select Account Management from the left-hand menu, and then the instance tab
2. On this page, all of the EC2 instances being monitored by the inspector will populate along with their status (the last column). Please search for your EC2 example and confirm its status.
If you are not sure how to do this, one easy method is to click the search bar, select Resource ID from the drop-down and then enter the name of the EC2 instance in question:
3. If the instance "Activley monitoring", the status is highlighted in green below, please proceed to the next section.
If the status is not actively monitoring but instead "Unmanaged EC2 instance", the SSM agent has not been installed correctly on the EC2 instance. This is needed for the inspector to work. Administrators can try the steps from AWS here, which detail how to install the agent. Administrators should reach out to AWS Support if they continue to face issues.
Verify If A Full Fix is Available
The last step administrators should try after verifying the instance status is to confirm if the instance has vulnerabilities that have full fixes available. They can do this by following the steps below:
1. Click into one of the instances that are missing scans and then click the search bar and then click the 'Fix Available' filter:
3. From there select 'Yes' and then click 'apply':
4. If there are no vulnerabilities listed, there are no actionable vulnerabilities and this is why they do not show in Vanta. If there are vulnerabilities shown, please take a screenshot with the resource ID, and fix available fields along with the findings in view. See an example below:
Write to Vanta Support with the screenshot along so we can further assist.
<%= heading %>