This is a pre-release sub-feature and is not part of the existing features of an official
commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
Agentless Vulnerability & Threat Detection is a serverless scanner in your cloud account.
You can use it to scan your cloud account for vulnerabilities, without impact to other
resources
and running applications.
Feature
Description
Vulnerability Scan
Inspects the EBS volumes attached to your EC2 instances and ECR images with the "latest"
tag to identify highly exploitable CVEs.
Note
You can to specify which resource types to include in scans
when you add your
AWS account in Cloud Accounts. Two AWS resource types are currently supported: EBS
(Elastic Block Store) and ECR (Elastic Container Registry). (AWS Lambda is coming
soon.)
Important
In EBS volumes, the vulnerability scan may fail due to memory limitations if the total
file count across the EBS volumes exceeds 250,000. There is no file type limitation.
Vulnerability scans in ECR have storage size limitations that might lead to failures
when
scanning ECR images larger than 1 GB.
Agentless Vulnerability & Threat Detection works by taking a snapshot of EBS volumes
and
collecting ECR images. The collected resources are then scanned for vulnerabilities.
The results
are sent to Trend Vision One for review, where you can see the
suggested remediation options from Attack Surface Risk Management → Operations Dashboard. All collected data is analyzed within the serverless function, and only metadata
is sent to Trend Vision One.
Agentless Vulnerability & Threat Detection is a serverless function. The engine only
activates during a scan and scales dynamically to meet the needs of the scanning process,
within a set resource limit.
