Can Evident detect if an agent is deployed in an EC2 / VM instance?

Can Evident detect if an agent is deployed in an EC2 / VM instance?

None of Evident's built-in signatures detect resources within EC2 / VM instances.  In general, Evident's built-in signature will only detect and report resources within the infrastructure level.

Evident itself cannot detect resources within an instance either; however, custom signatures, in conjunction with AWS Lambda function, could allow Evident to generate alerts based on information retrieved from within an EC2 instance.  Here is a broad overview of how the steps:

1. Create an IAM role with basic AWSLambdaBasicExecutionRole and relevant EC2 role 
2. Create Lambda Function with the IAM role created previously. This Lambda code will pull EC2 data and pass it on to Evident.
3. Add extra permission to the existing Evident Service Role role so that it can invoke the Lambda code. This is done by creating a managed policy with Lambda invoke access and attach it to the existing Evident Service Role.
4. Modify the Lambda Function to retrieve relevant information from target EC2 instances.
5. Create Custom Signature to invoke the Lambda Function and generate alerts based on the results