Views:

Scan your AWS EBS, ECR, and Lambda resources for vulnerabilities to help prioritize and remediate issues and proactively identify zero-day exploits.

Agentless Vulnerability & Threat Detection provides vulnerability scanning in order to identify security vulnerabilities in your AWS EBS, ECR, and Lambda resources. Scans occur daily from the time you first enable the feature for your AWS account. Scan times are not configurable.
To enable vulnerability scanning on a new AWS account:
  1. Go to Service ManagementCloud AccountsAWS and click Add Account.
  2. Choose CloudFormation as the deployment method, select Single AWS Account, and click Next.
  3. Enter the required information and click Next. For more detailed instructions, see Adding an AWS account using CloudFormation.
  4. In Features and Permissions, enable Agentless Vulnerability & Threat Detection and select the deployment regions.
    Note
    Note
    Selected regions are the regions where Agentless Vulnerability & Threat Detection is deployed, not necessarily the region of your AWS account. You may select multiple deployment regions.
  5. Click Scanner Settings and select the resource types you wish to include in vulnerability scans. All supported resource types are selected by default.
  6. Click Save Changes and continue configuring the CloudFormation template.
You may also enable vulnerability scanning on connected accounts by selecting the account from the list and going to the Stack Update tab.
Once the feature is enabled and the first scan is complete, you may view any vulnerability detections in the following locations in the Trend Vision One console:
  • Cloud PostureCloud Overview
  • Executive DashboardRisk OverviewCloud AssetsRisk Factors
  • Executive DashboardExposure OverviewVulnerabilities
  • Operations DashboardRisk Reduction Measures
  • Operations DashboardAll Risk Events
  • Operations DashboardVulnerabilities
  • Cloud asset profile screens in Attack Surface DiscoveryCloud AssetsCloud Asset List
When viewing vulnerability detections, expand the associated risk event on the list to see available remediation or mitigation options as well as metadata associated with the detection. Use the provided metadata to perform a query in the Search app and learn more about the detection.
Once remediated or mitigated, risk events associated with vulnerability detections in EBS volumes, Lambda functions, and Lambda layers no longer appear in Attack Surface Risk Management after the next daily scan. Vulnerabilities in ECR images remain in Operations DashboardVulnerabilities for seven days after patching.