Get AWS Inspector findings report from AWS Inspector in mail

Question

I want to get the AWS Inspector assessment run findings on email.

For that i had configured a SNS topic but the mail i received contains arns(refer pic) :

The json data is non-readable(from pic):

{

"template":"arn:aws:inspector:eu-central-1::target/0-nuQpXxdr/template/0-ZgdD12jw",

"run":"arn:aws:inspector:eu-central-1::target/0-nuQpXxdr/template/0-ZgdD12jw/run/0-xNByk8Qd",

"time":"2022-01-19T12:24:51.348Z",

"finding":"arn:aws:inspector:eu-central-1::target/0-nuQpXxdr/template/0-ZgdD12jw/run/0-xNByk8Qd/finding/0-ZGYFvyQi",

"event":"FINDING_REPORTED",

"target":"arn:aws:inspector:eu-central-1::target/0-nuQpXxdr"

}

REQUIRED: I need a way to get the whole report(pdf/html) or URL of this report and not singular un-readable finding. Is there any way out to do so??

Answer 1

For AWS Inspector Classic: One way I would do it is by having 2 SNS topics let's call them sns1 and sns2, where sns1 has a lambda function subscribed to it, and sns2 sends emails as notifications.

The lambda function here will receive the JSON, convert it into a readable format and push it sns2.

For AWS Inspector V2 you can get rid of the sns1 topic and replace it with AWS EventBridge for lambda.

Here are some links to help you:

• How do I subscribe a Lambda function to an Amazon SNS topic in the same account?
• How to Remediate Amazon Inspector Security Findings Automatically
• Email notification through SNS and Lambda

Answer 2

You may like to use the AWS Security hub.

How to set up a recurring Security Hub summary email - https://aws.amazon.com/blogs/security/how-to-set-up-a-recurring-security-hub-summary-email/

The above link guides you through a process that helps you get an email of inspector reports.