What’s new: NSAuditor AI EE 0.6.1 ships with a NEW plugin (1200) that audits AWS managed-threat-detection: GuardDuty and Inspector2. Plugin count grows 21 → 22. The release is a paired trio across EE + CE 0.1.55 + agent-skill 0.1.22.
The audit gap this fills
Most SOC 2 readiness teams enable GuardDuty in production. Fewer enable the optional protection features (S3 data events, EKS audit logs, EBS malware protection, RDS login events, Lambda network logs, runtime monitoring) — and fewer still have attestable evidence those features are on, in every audited region. Same for Inspector2 across EC2 AMIs, ECR images, and Lambda functions. Plugin 1200 fills that gap.
What plugin 1200 checks
- GuardDuty Detector enablement — flags any audited region with no Detector configured (HIGH).
- GuardDuty protection-feature coverage — MEDIUM on missing baseline features.
- Inspector2 enablement — flags accounts where Inspector2 is not enabled / suspended / disabled (HIGH).
- Inspector2 scan-target coverage — HIGH on zero coverage, MEDIUM on partial (with the explicit disabled-resource-types list).
Unambiguous remediation
The plugin distinguishes auditor-side IAM gaps (your auditor role lacks the read permission) from genuine service-side absence — so the next step is always clear: either grant the read permission, or enable the service. Findings are routed to SOC 2 CC7.1 (detection procedures) and CC7.2 (monitoring of system components).
Also in this release
The 14-day Pro trial program is retired. Community Edition (free, MIT) is now the evaluation path — install CE, run scans, see the platform in action, upgrade to Pro when CVE matching / verification probes / risk scoring become a fit.
Install
npm install -g nsauditor-ai@0.1.55 @nsasoft/nsauditor-ai-ee@0.6.1
npm install nsauditor-ai-agent-skill@0.1.22
