What’s new: Nsasoft US LLC released NSAuditor AI Enterprise Edition v0.6.3 today, closing a significant gap in AWS cloud security auditing. The update targets a false-PASS scenario where GuardDuty and Inspector2 could be running in an AWS account with a clean audit verdict while their findings were never being sent anywhere — no alerts, no paging, no SOC 2 evidence trail.
Why this matters
AWS GuardDuty detects threats like credential exfiltration, crypto-mining activity, and malicious IP communication. AWS Inspector2 surfaces CVEs in EC2 AMIs, container images, and Lambda functions. Both services generate findings — but those findings don’t automatically reach operators. They need a routing path: either an EventBridge rule that forwards events to SNS, Lambda, or PagerDuty, or a SecurityHub integration that aggregates them. Without it, the service is technically enabled but operationally silent.
What the new dimension audits
EE 0.6.3 adds an alerting-destination audit dimension to plugin 1200 that checks per service per region:
- PASS — An EventBridge rule is routing findings from
aws.guarddutyoraws.inspector2 - MEDIUM — Only SecurityHub is connected; no EventBridge forwarding (findings aggregate but may not trigger paging)
- HIGH — No routing path at all; findings are visible only in the AWS console
- LOW — Routing APIs were inaccessible; conservative verdict
Also included: critical ARN-collision fix
A code review caught that the SecurityHub subscription check used a substring that could confuse deprecated Amazon Inspector Classic with modern Inspector2 — a stale Classic subscription would have returned a false PASS for the Inspector2 alerting-destination check. EE 0.6.3 uses precise boundary-anchored matching to prevent this.
Plugin count unchanged
EE 0.6.3 is a depth extension — plugin count stays at 49 (27 Community + 22 Enterprise). The update deepens evidence-acquisition on CC7.1 and CC7.2 SOC 2 controls already in scope.
npm install -g nsauditor-ai@0.1.57 @nsasoft/nsauditor-ai-ee@0.6.3
