Start scanning for vulnerabilities across your EBS volumes, ECR images, and serverless Lambda functions on AWS cloud accounts.
To start scanning for vulnerabilities, enroll your AWS cloud account with Trend Vision One and enable Agentless Vulnerability & Threat
Detection. You can add new cloud accounts using the Cloud
Accounts app. For detailed instructions, see Adding an AWS account.
Agentless Vulnerability & Threat Detection scans for vulnerabilities on the following
AWS
resource types:
-
EBS volumes attached to EC2 instances
-
ECR images that have the "latest" tag
-
Lambda functions and attached Lambda layers
![]() |
ImportantAgentless Vulnerability & Threat Detection only supports scanning EBS volumes attached
to supported Linux instances. Scans performed on EBS volumes that are attached to
instances with unsupported platforms (like Windows) use resources, but do not provide
vulnerability information.
|
![]() |
NoteIf the limit for pending EBS snapshots in your AWS account is reached, you may encounter
one or more "PendingSnapshotLimitExceeded" errors when the scan begins. This may cause
the scanning process to take longer than usual.
|
Agentless Vulnerability & Threat Detection scans once per day, starting upon first
deployment of the CloudFormation template. The time the scan takes place is not configurable
after deployment. The scan results are sent to Executive Dashboard when the scan is complete. Patched vulnerabilities for EBS volumes, Lambda functions,
and Lambda layers no longer appear after the next daily scan results are available.
ECR images will remain in the Images with Highly Exploitable CVEs table for seven days after their vulnerabilities are patched.
Supported Operating Systems
Distribution
|
Operating System
|
Amazon Linux
|
|
CentOS
|
|
Red Hat Enterprise Linux
|
|
Ubuntu
|
|
Supported AWS regions
Region code
|
Region name (Location)
|
us-east-1
|
US East (N. Virginia)
|
us-east-2
|
US East (Ohio)
|
us-west-1
|
US West (N. California)
|
us-west-2
|
US West (Oregon)
|
af-south-1
|
Africa (Cape Town)
|
ap-east-1
|
Asia Pacific (Hong Kong)
|
ap-northeast-1
|
Asia Pacific (Tokyo)
|
ap-northeast-2
|
Asia Pacific (Seoul)
|
ap-northeast-3
|
Asia Pacific (Osaka)
|
ap-south-1
|
Asia Pacific (Mumbai)
|
ap-southeast-1
|
Asia Pacific (Singapore)
|
ap-southeast-2
|
Asia Pacific (Sydney)
|
ca-central-1
|
Canada (Central)
|
eu-central-1
|
Europe (Frankfurt)
|
eu-north-1
|
Europe (Stockholm)
|
eu-west-1
|
Europe (Ireland)
|
eu-west-2
|
Europe (London)
|
eu-west-3
|
Europe (Paris)
|
sa-east-1
|
South America (São Paulo)
|
me-central-1
|
Middle East (UAE)
|
Unsupported AWS Regions
Region code
|
Region name (Location)
|
ap-southeast-3
|
Asia Pacific (Jakarta)
|
eu-south-1
|
Europe (Milan)
|
me-south-1
|
Middle East (Bahrain)
|