Detect vulnerabilities in your cloud environment.

This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.
Agentless Vulnerability & Threat Detection is a serverless scanner in your cloud account. You can use it to scan your cloud account for vulnerabilities, without impact to other resources and running applications.
Vulnerability Scan
Inspects the EBS volumes attached to your EC2 instances and ECR images with the latest tag to identify highly exploitable CVEs.
In EBS volumes, the vulnerability scan may fail due to memory limitations if the total file count across the EBS volumes exceeds 250,000. There is no limitation on file type.
Vulnerability scans in ECR have storage size limitations that might lead to failures when scanning ECR images larger than 1 GB.
Agentless Vulnerability & Threat Detection works by taking a snapshot of EBS volumes and collecting ECR images. The collected resources are then scanned for vulnerabilities. The results are sent to Trend Vision One for review, where you can see the suggested remediation options from Attack Surface Risk ManagementOperations Dashboard. All collected data is analyzed within the serverless function, and only metadata is sent to Trend Vision One.
Agentless Vulnerability & Threat Detection is a serverless function. The engine only activates during a scan and scales dynamically to meet the needs of the scanning process, within a set resource limit.
Agentless Vulnerability & Threat Detection network diagram