Amazon Inspector monitoring

  • How-to guide
  • 2-min read
  • Published Oct 12, 2020

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Inspector. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "acm-pca:ListCertificateAuthorities",
        "apigateway:GET",
        "apprunner:ListServices",
        "appstream:DescribeFleets",
        "appsync:ListGraphqlApis",
        "athena:ListWorkGroups",
        "autoscaling:DescribeAutoScalingGroups",
        "cloudformation:ListStackResources",
        "cloudfront:ListDistributions",
        "cloudhsm:DescribeClusters",
        "cloudsearch:DescribeDomains",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "codebuild:ListProjects",
        "datasync:ListTasks",
        "dax:DescribeClusters",
        "directconnect:DescribeConnections",
        "dms:DescribeReplicationInstances",
        "dynamodb:ListTables",
        "dynamodb:ListTagsOfResource",
        "ec2:DescribeAvailabilityZones",
        "ec2:DescribeInstances",
        "ec2:DescribeNatGateways",
        "ec2:DescribeSpotFleetRequests",
        "ec2:DescribeTransitGateways",
        "ec2:DescribeVolumes",
        "ec2:DescribeVpnConnections",
        "ecs:ListClusters",
        "eks:ListClusters",
        "elasticache:DescribeCacheClusters",
        "elasticbeanstalk:DescribeEnvironmentResources",
        "elasticbeanstalk:DescribeEnvironments",
        "elasticfilesystem:DescribeFileSystems",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:DescribeListeners",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeRules",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetHealth",
        "elasticmapreduce:ListClusters",
        "elastictranscoder:ListPipelines",
        "es:ListDomainNames",
        "events:ListEventBuses",
        "firehose:ListDeliveryStreams",
        "fsx:DescribeFileSystems",
        "gamelift:ListFleets",
        "glue:GetJobs",
        "inspector:ListAssessmentTemplates",
        "kafka:ListClusters",
        "kinesis:ListStreams",
        "kinesisanalytics:ListApplications",
        "kinesisvideo:ListStreams",
        "lambda:ListFunctions",
        "lambda:ListTags",
        "lex:GetBots",
        "logs:DescribeLogGroups",
        "mediaconnect:ListFlows",
        "mediaconvert:DescribeEndpoints",
        "mediapackage-vod:ListPackagingConfigurations",
        "mediapackage:ListChannels",
        "mediatailor:ListPlaybackConfigurations",
        "opsworks:DescribeStacks",
        "qldb:ListLedgers",
        "rds:DescribeDBClusters",
        "rds:DescribeDBInstances",
        "rds:DescribeEvents",
        "rds:ListTagsForResource",
        "redshift:DescribeClusters",
        "robomaker:ListSimulationJobs",
        "route53:ListHostedZones",
        "route53resolver:ListResolverEndpoints",
        "s3:ListAllMyBuckets",
        "sagemaker:ListEndpoints",
        "sns:ListTopics",
        "sqs:ListQueues",
        "storagegateway:ListGateways",
        "sts:GetCallerIdentity",
        "swf:ListDomains",
        "tag:GetResources",
        "tag:GetTagKeys",
        "transfer:ListServers",
        "workmail:ListOrganizations",
        "workspaces:DescribeWorkspaces"
      ],
      "Resource": "*"
    }
  ]
}
EndpointService
autoscaling.<REGION>.amazonaws.comAmazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling
lambda.<REGION>.amazonaws.comAWS Lambda (built-in), AWS Lambda
elasticloadbalancing.<REGION>.amazonaws.comAmazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in)
dynamodb.<REGION>.amazonaws.comAmazon DynamoDB (built-in), Amazon DynamoDB
ec2.<REGION>.amazonaws.comAmazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN
rds.<REGION>.amazonaws.comAmazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS
s3.<REGION>.amazonaws.comAmazon S3 (built-in)
acm-pca.<REGION>.amazonaws.comAWS Certificate Manager Private Certificate Authority
apigateway.<REGION>.amazonaws.comAmazon API Gateway
apprunner.<REGION>.amazonaws.comAWS App Runner
appstream2.<REGION>.amazonaws.comAmazon AppStream
appsync.<REGION>.amazonaws.comAWS AppSync
athena.<REGION>.amazonaws.comAmazon Athena
cloudfront.amazonaws.comAmazon CloudFront
cloudhsmv2.<REGION>.amazonaws.comAWS CloudHSM
cloudsearch.<REGION>.amazonaws.comAmazon CloudSearch
codebuild.<REGION>.amazonaws.comAWS CodeBuild
datasync.<REGION>.amazonaws.comAWS DataSync
dax.<REGION>.amazonaws.comAmazon DynamoDB Accelerator (DAX)
dms.<REGION>.amazonaws.comAWS Database Migration Service (AWS DMS)
directconnect.<REGION>.amazonaws.comAWS Direct Connect
ecs.<REGION>.amazonaws.comAmazon Elastic Container Service (ECS), Amazon ECS Container Insights
elasticfilesystem.<REGION>.amazonaws.comAmazon Elastic File System (EFS)
eks.<REGION>.amazonaws.comAmazon Elastic Kubernetes Service (EKS)
elasticache.<REGION>.amazonaws.comAmazon ElastiCache (EC)
elasticbeanstalk.<REGION>.amazonaws.comAWS Elastic Beanstalk
elastictranscoder.<REGION>.amazonaws.comAmazon Elastic Transcoder
es.<REGION>.amazonaws.comAmazon Elasticsearch Service (ES)
events.<REGION>.amazonaws.comAmazon EventBridge
fsx.<REGION>.amazonaws.comAmazon FSx
gamelift.<REGION>.amazonaws.comAmazon GameLift
glue.<REGION>.amazonaws.comAWS Glue
inspector.<REGION>.amazonaws.comAmazon Inspector
kafka.<REGION>.amazonaws.comAmazon Managed Streaming for Kafka
models.lex.<REGION>.amazonaws.comAmazon Lex
logs.<REGION>.amazonaws.comAmazon CloudWatch Logs
api.mediatailor.<REGION>.amazonaws.comAWS Elemental MediaTailor
mediaconnect.<REGION>.amazonaws.comAWS Elemental MediaConnect
mediapackage.<REGION>.amazonaws.comAWS Elemental MediaPackage Live
mediapackage-vod.<REGION>.amazonaws.comAWS Elemental MediaPackage Video on Demand
opsworks.<REGION>.amazonaws.comAWS OpsWorks
qldb.<REGION>.amazonaws.comAmazon QLDB
redshift.<REGION>.amazonaws.comAmazon Redshift
robomaker.<REGION>.amazonaws.comAWS RoboMaker
route53.amazonaws.comAmazon Route 53
route53resolver.<REGION>.amazonaws.comAmazon Route 53 Resolver
api.sagemaker.<REGION>.amazonaws.comAmazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances
sns.<REGION>.amazonaws.comAmazon Simple Notification Service (SNS)
sqs.<REGION>.amazonaws.comAmazon Simple Queue Service (SQS)
storagegateway.<REGION>.amazonaws.comAWS Storage Gateway
swf.<REGION>.amazonaws.comAmazon SWF
transfer.<REGION>.amazonaws.comAWS Transfer Family
workmail.<REGION>.amazonaws.comAmazon WorkMail
workspaces.<REGION>.amazonaws.comAmazon WorkSpaces

Enable monitoring

To learn how to enable service monitoring, see Enable service monitoring.

View service metrics

You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.

View metrics on the custom device overview page

To access the custom device overview page

  1. Go to Technologies & Processes Classic.
  2. Filter by service name and select the relevant custom device group.
  3. Once you select the custom device group, you're on the custom device group overview page.
  4. The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.

View metrics on your dashboard

After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

AWS presets

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.

You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu () and select Clone.

To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu () and select Hide.

Hiding a dashboard doesn't affect other users.

Clone hide AWS

To check the availability of preset dashboards for each AWS service, see the list below.

AWS servicePreset dashboard
Amazon EC2 Auto Scaling (built-in)Not applicable
AWS Lambda (built-in)Not applicable
Amazon Application and Network Load Balancer (built-in)Not applicable
Amazon DynamoDB (built-in)Not applicable
Amazon EBS (built-in)Not applicable
Amazon EC2 (built-in)Not applicable
Amazon Elastic Load Balancer (ELB) (built-in)Not applicable
Amazon RDS (built-in)Not applicable
Amazon S3 (built-in)Not applicable
AWS Certificate Manager Private Certificate AuthorityNot applicable
All monitored Amazon servicesNot applicable
Amazon API GatewayNot applicable
AWS App RunnerNot applicable
Amazon AppStreamApplicable
AWS AppSyncApplicable
Amazon AthenaApplicable
Amazon AuroraNot applicable
Amazon EC2 Auto ScalingApplicable
AWS BillingApplicable
Amazon KeyspacesApplicable
AWS ChatbotApplicable
Amazon CloudFrontNot applicable
AWS CloudHSMApplicable
Amazon CloudSearchApplicable
AWS CodeBuildApplicable
Amazon CognitoNot applicable
Amazon ConnectApplicable
AWS DataSyncApplicable
Amazon DynamoDB Accelerator (DAX)Applicable
AWS Database Migration Service (AWS DMS)Applicable
Amazon DocumentDBApplicable
AWS Direct ConnectApplicable
Amazon DynamoDBNot applicable
Amazon EBSNot applicable
Amazon EC2 Spot FleetNot applicable
Amazon EC2 APIApplicable
Amazon Elastic Container Service (ECS)Not applicable
Amazon ECS Container InsightsApplicable
Amazon Elastic File System (EFS)Not applicable
Amazon Elastic Kubernetes Service (EKS)Applicable
Amazon ElastiCache (EC)Not applicable
AWS Elastic BeanstalkApplicable
Amazon Elastic InferenceApplicable
Amazon Elastic TranscoderApplicable
Amazon Elastic Map Reduce (EMR)Not applicable
Amazon Elasticsearch Service (ES)Not applicable
Amazon EventBridgeApplicable
Amazon FSxApplicable
Amazon GameLiftApplicable
AWS GlueNot applicable
Amazon InspectorApplicable
AWS Internet of Things (IoT)Not applicable
AWS IoT Things GraphApplicable
AWS IoT AnalyticsApplicable
Amazon Managed Streaming for KafkaApplicable
Amazon Kinesis Data AnalyticsNot applicable
Amazon Data FirehoseNot applicable
Amazon Kinesis Data StreamsNot applicable
Amazon Kinesis Video StreamsNot applicable
AWS LambdaNot applicable
Amazon LexApplicable
Amazon CloudWatch LogsApplicable
AWS Elemental MediaTailorApplicable
AWS Elemental MediaConnectApplicable
AWS Elemental MediaConvertApplicable
AWS Elemental MediaPackage LiveApplicable
AWS Elemental MediaPackage Video on DemandApplicable
Amazon MQApplicable
Amazon VPC NAT GatewaysNot applicable
Amazon NeptuneApplicable
AWS OpsWorksApplicable
Amazon PollyApplicable
Amazon QLDBApplicable
Amazon RDSNot applicable
Amazon RedshiftNot applicable
Amazon RekognitionApplicable
AWS RoboMakerApplicable
Amazon Route 53Applicable
Amazon Route 53 ResolverApplicable
Amazon S3Not applicable
Amazon SageMaker Batch Transform JobsNot applicable
Amazon SageMaker EndpointsNot applicable
Amazon SageMaker Endpoint InstancesNot applicable
Amazon SageMaker Ground TruthNot applicable
Amazon SageMaker Processing JobsNot applicable
Amazon SageMaker Training JobsNot applicable
AWS Service CatalogApplicable
Amazon Simple Email Service (SES)Not applicable
Amazon Simple Notification Service (SNS)Not applicable
Amazon Simple Queue Service (SQS)Not applicable
AWS Systems Manager - Run CommandApplicable
AWS Step FunctionsApplicable
AWS Storage GatewayApplicable
Amazon SWFApplicable
Amazon TextractApplicable
AWS Transfer FamilyApplicable
AWS Transit GatewayApplicable
Amazon TranslateApplicable
AWS Trusted AdvisorApplicable
AWS API UsageApplicable
AWS Site-to-Site VPNApplicable
AWS WAF ClassicApplicable
AWS WAFApplicable
Amazon WorkMailApplicable
Amazon WorkSpacesApplicable

Inspector

Available metrics

AssessmentTemplateArn is the main dimension.

NameDescriptionUnitStatisticsDimensionsRecommended
TotalAssessmentRunsNumber of assessment runs for this targetCountSumRegion, AssessmentTargetArn, AssessmentTargetName
TotalAssessmentRunsCountSumAssessmentTemplateArn, AssessmentTemplateNameApplicable
TotalFindingsNumber of findings for this templateCountSumRegion, AssessmentTargetArn, AssessmentTargetName
TotalFindingsCountSumAssessmentTemplateArn, AssessmentTemplateNameApplicable
TotalHealthyAgentsNumber of agents that match this target that are healthyCountSumRegion, AssessmentTargetArn, AssessmentTargetName
TotalHealthyAgentsCountSumAssessmentTemplateArn, AssessmentTemplateNameApplicable
TotalMatchingAgentsNumber of agents that match this templateCountSumRegion, AssessmentTargetArn, AssessmentTargetName
TotalMatchingAgentsCountSumAssessmentTemplateArn, AssessmentTemplateNameApplicable
Related tags
Infrastructure Observability