chore(aws): enhance metadata for inspector2 service

prowler/CHANGELOG.md

@@ -57,6 +57,8 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Raise ASFF output error for non-AWS providers [(#9225)](https://github.com/prowler-cloud/prowler/pull/9225)
 - Update AWS ECR service metadata to new format [(#8872)](https://github.com/prowler-cloud/prowler/pull/8872)
 - Update AWS ECS service metadata to new format [(#8888)](https://github.com/prowler-cloud/prowler/pull/8888)
+- Update AWS Inspector v2 service metadata to new format [(#9260)](https://github.com/prowler-cloud/prowler/pull/9260)
+
 
 ---
 

prowler/providers/aws/services/inspector2/inspector2_active_findings_exist/inspector2_active_findings_exist.metadata.json

@@ -1,33 +1,45 @@
 {
   "Provider": "aws",
   "CheckID": "inspector2_active_findings_exist",
-  "CheckTitle": "Check if Inspector2 active findings exist",
-  "CheckAliases": [
-    "inspector2_findings_exist"
+  "CheckTitle": "Inspector2 is enabled with no active findings",
+  "CheckType": [
+    "Software and Configuration Checks/Vulnerabilities/CVE",
+    "Software and Configuration Checks/Patch Management",
+    "Software and Configuration Checks/AWS Security Best Practices",
+    "Industry and Regulatory Standards/AWS Foundational Security Best Practices"
   ],
-  "CheckType": [],
   "ServiceName": "inspector2",
   "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:inspector2:region:account-id/detector-id",
-  "Severity": "medium",
+  "ResourceIdTemplate": "",
+  "Severity": "high",
   "ResourceType": "Other",
-  "Description": "This check determines if there are any active findings in your AWS account that have been detected by AWS Inspector2. Inspector2 is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.",
-  "Risk": "Without using AWS Inspector, you may not be aware of all the security vulnerabilities in your AWS resources, which could lead to unauthorized access, data breaches, or other security incidents.",
-  "RelatedUrl": "https://docs.aws.amazon.com/inspector/latest/user/findings-understanding.html",
+  "Description": "**Amazon Inspector2** active findings are assessed across eligible resources when the service is `ENABLED`.\n\nIndicates whether any findings remain in the **Active** state versus none.",
+  "Risk": "**Unremediated Inspector2 findings** mean known vulnerabilities or exposures persist on workloads.\n\nThis enables:\n- Unauthorized access and data exfiltration (C)\n- Code tampering and privilege escalation (I)\n- Service disruption via exploitation or malware (A)",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Inspector/amazon-inspector-findings.html",
+    "https://docs.aws.amazon.com/inspector/latest/user/findings-understanding.html",
+    "https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Inspector/amazon-inspector-findings.html",
-      "Terraform": ""
+      "CLI": "aws inspector2 create-filter --name <example_resource_name> --action SUPPRESS --filter-criteria '{\"findingStatus\":[{\"comparison\":\"EQUALS\",\"value\":\"ACTIVE\"}]}'",
+      "NativeIaC": "```yaml\n# CloudFormation: Suppress all ACTIVE Inspector findings\nResources:\n  <example_resource_name>:\n    Type: AWS::InspectorV2::Filter\n    Properties:\n      Name: <example_resource_name>\n      Action: SUPPRESS  # critical: converts matching findings to Suppressed, not Active\n      FilterCriteria:\n        FindingStatus:\n          - Comparison: EQUALS\n            Value: ACTIVE  # critical: targets all active findings\n```",
+      "Other": "1. In the AWS Console, go to Amazon Inspector\n2. Open Suppression rules (or Filters) and click Create suppression rule\n3. Set condition: Finding status = Active\n4. Set action to Suppress and click Create\n5. Verify the Active findings count is 0 on the dashboard",
+      "Terraform": "```hcl\n# Terraform: Suppress all ACTIVE Inspector findings\nresource \"aws_inspector2_filter\" \"<example_resource_name>\" {\n  name   = \"<example_resource_name>\"\n  action = \"SUPPRESS\"  # critical: converts matching findings to Suppressed, not Active\n\n  filter_criteria {\n    finding_status {\n      comparison = \"EQUALS\"\n      value      = \"ACTIVE\"  # critical: targets all active findings\n    }\n  }\n}\n```"
     },
     "Recommendation": {
-      "Text": "Review the active findings from Inspector2",
-      "Url": "https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html"
+      "Text": "Prioritize and remediate **Active findings** quickly: patch hosts and runtimes, update/rebuild images, fix vulnerable code, and close unintended exposure.\n\nApply **least privilege**, use **defense in depth**, and avoid broad suppressions. Integrate findings into CI/CD and vulnerability management for continuous prevention.",
+      "Url": "https://hub.prowler.com/check/inspector2_active_findings_exist"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "vulnerabilities"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
-  "Notes": ""
+  "Notes": "",
+  "CheckAliases": [
+    "inspector2_findings_exist"
+  ]
 }

prowler/providers/aws/services/inspector2/inspector2_is_enabled/inspector2_is_enabled.metadata.json

@@ -1,35 +1,44 @@
 {
   "Provider": "aws",
   "CheckID": "inspector2_is_enabled",
-  "CheckTitle": "Check if Inspector2 is enabled for Amazon EC2 instances, ECR container images and Lambda functions.",
-  "CheckAliases": [
-    "inspector2_findings_exist"
-  ],
+  "CheckTitle": "Inspector2 is enabled for Amazon EC2 instances, ECR container images, Lambda functions, and Lambda code",
   "CheckType": [
-    "Software and Configuration Checks/AWS Security Best Practices"
+    "Software and Configuration Checks/AWS Security Best Practices",
+    "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices"
   ],
   "ServiceName": "inspector2",
   "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:inspector2:region:account-id/detector-id",
-  "Severity": "medium",
-  "ResourceType": "AwsAccount",
-  "Description": "Ensure that the new version of Amazon Inspector is enabled in order to help you improve the security and compliance of your AWS cloud environment. Amazon Inspector 2 is a vulnerability management solution that continually scans scans your Amazon EC2 instances, ECR container images, and Lambda functions to identify software vulnerabilities and instances of unintended network exposure.",
-  "Risk": "Without using AWS Inspector, you may not be aware of all the security vulnerabilities in your AWS resources, which could lead to unauthorized access, data breaches, or other security incidents.",
-  "RelatedUrl": "https://docs.aws.amazon.com/inspector/latest/user/findings-understanding.html",
+  "ResourceIdTemplate": "",
+  "Severity": "high",
+  "ResourceType": "Other",
+  "Description": "**Amazon Inspector 2** activation and coverage across regions, verifying that scanning is active for **EC2**, **ECR**, **Lambda functions**, and **Lambda code** where applicable.\n\nIt flags missing account activation or gaps in any scan type.",
+  "Risk": "Absent or partial coverage leaves **unpatched vulnerabilities**, risky **code dependencies**, and **unintended network exposure** undetected.\n\nAttackers can exploit known CVEs for **remote code execution**, **lateral movement**, and **data exfiltration**, degrading **confidentiality**, **integrity**, and **availability**.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Inspector2/enable-amazon-inspector2.html",
+    "https://docs.aws.amazon.com/inspector/latest/user/findings-understanding.html",
+    "https://docs.aws.amazon.com/inspector/latest/user/getting_started_tutorial.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "aws inspector2 enable --resource-types 'EC2' 'ECR' 'LAMBDA' 'LAMBDA_CODE'",
+      "CLI": "aws inspector2 enable --resource-types EC2 ECR LAMBDA LAMBDA_CODE",
       "NativeIaC": "",
-      "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Inspector2/enable-amazon-inspector2.html",
-      "Terraform": ""
+      "Other": "1. Sign in to the AWS Console and open Amazon Inspector (v2)\n2. If not yet activated: click Get started > Activate Amazon Inspector\n3. If already activated: go to Settings > Scans and ensure EC2, ECR, Lambda functions, and Lambda code are all enabled, then Save",
+      "Terraform": "```hcl\nresource \"aws_inspector2_enabler\" \"<example_resource_name>\" {\n  resource_types = [\"EC2\", \"ECR\", \"LAMBDA\", \"LAMBDA_CODE\"] # Enables Inspector2 scans for all required resource types\n}\n```"
     },
     "Recommendation": {
-      "Text": "Enable Amazon Inspector 2 for your AWS account.",
-      "Url": "https://docs.aws.amazon.com/inspector/latest/user/getting_started_tutorial.html"
+      "Text": "Enable **Amazon Inspector 2** across all regions and activate scans for **EC2**, **ECR**, **Lambda**, and **Lambda code**.\n\nApply **defense in depth**: auto-enable coverage for new workloads, integrate findings with patching and CI/CD gates, enforce remediation SLAs, and grant only **least privilege** to process and act on findings.",
+      "Url": "https://hub.prowler.com/check/inspector2_is_enabled"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "vulnerabilities",
+    "container-security"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
-  "Notes": ""
+  "Notes": "",
+  "CheckAliases": [
+    "inspector2_findings_exist"
+  ]
 }