Amazon Inspector now provides enhanced vulnerability intelligence as a part of its findings. The enhanced vulnerability intelligence includes names of known malware kits used to exploit a vulnerability, mapping to MITRE ATT&CK® framework, the date Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to Known Exploited Vulnerabilities Catalog (KVEC), Exploit Prediction Scoring System (EPSS) score, and evidence of public events associated with a vulnerability. This expands the currently provided vulnerability intelligence such as Common Vulnerability Scoring System (CVSS) score and known public exploit information. Inspector collects this information from internal Amazon research, CISA, and our partner, Recorded Future. You can access the enhanced vulnerability intelligence in the finding details within in the Amazon Inspector console
Source:: Amazon AWS