This pattern describes how to automatically scan for vulnerabilities in cross-account workloads on the Amazon Web Services (AWS) Cloud.

The pattern helps create a schedule for host-based scans of Amazon Elastic Compute Cloud (Amazon EC2) instances that are grouped by tags or for network-ba

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automate-security-scans-for-cross-account-workloads-using-amazon-inspector-and-aws-security-hub.html?did=pg_card&trk=pg_carded Amazon Inspector scans. An AWS CloudFormation stack deploys all the required AWS resources and services to your AWS accounts.

The Amazon Inspector findings are exported to AWS Security Hub and provide insights into vulnerabilities across your accounts, AWS Regions, virtual private clouds (VPCs), and EC2 instances. You can receive these findings by email or you can create an Amazon Simple Notification Service (Amazon SNS) topic that uses an HTTP endpoint to send the findings to ticketing tools, security information and event management (SIEM) software, or other third-party security solutions.