It is a vulnerability management service that simplifies compliance by running assessments that check for security exposures and vulnerabilities in EC2 instances (but also on Lambda functions and container images in ECR).
Assessments produce Findings that describe the vulnerability and rates its severity, identify the affected resources, and provides remediation guidance.
Host Assessments: check for vulnerable software (SSM Agent is necessary)
Network Assessments: check configuration for ports reachable from outside the VPC (agentless with Network Reachability rules package but if done through an Inspector Agent installed on your EC2 instances, it is also possible to find out reachable processes)