Agentless Vulnerability & Threat Detection

Agentless Vulnerability & Threat Detection is a serverless function enabled in your connected cloud accounts. The function scans supported cloud resources for vulnerabilities and malware without impact to other resources or running applications. The function only activates during a scan and scales dynamically to meet the needs of the scanning process within a set resource limit. All collected data is analyzed within the serverless function, and only metadata is sent to Trend Vision One. Your data does not leave your cloud account.

Agentless Vulnerability & Threat Detection currently supports the following cloud providers:

• AWS
• Google Cloud
• Microsoft Azure

Vulnerability scanning inspects your cloud resources for known CVEs. Anti-malware scanning scans your cloud resources to identify potential malware, including viruses, Trojans, spyware, and more. Scans occur once per day, starting when you first connect your cloud account and enable the feature. Scan times are not configurable after deployment.

Scan results are sent to Trend Vision One for review. If results contain vulnerabilities or malware, suggested remediation options are displayed for the associated risk event in Attack Surface Risk Management → Operations Dashboard.

The following table lists the cloud provider resources that Agentless Vulnerability & Threat Detection supports.

Vulnerability detections are available in the following locations in the Trend Vision One console:

• Cloud Posture → Cloud Overview
• Executive Dashboard → Risk Overview → Cloud Assets → Risk Factors
• Executive Dashboard → Exposure Overview → Vulnerabilities
• Operations Dashboard → Risk Reduction Measures
• Operations Dashboard → All Risk Events
• Operations Dashboard → Vulnerabilities
• Cloud asset profile screens in Attack Surface Discovery → Cloud Assets → Cloud Asset List

When viewing vulnerability detections, expand the associated risk event on the list to see available remediation or mitigation options and metadata associated with the detection. Use the provided metadata to execute a query in the Search app and learn more about the detection.

Once remediated or mitigated, risk events associated with most cloud resource vulnerability detections no longer appear in Attack Surface Risk Management after the next daily scan. Vulnerabilities in container images remain visible in Operations Dashboard → Vulnerabilities for seven days after patching.

Malware detections are available in the following locations in the Trend Vision One console:

• Cloud Posture → Cloud Overview
• Operations Dashboard → All Risk Events
• Operations Dashboard → Risk Reduction Measures
• Operations Dashboard → Threat Detection
• Cloud asset profile screens in Attack Surface Discovery → Cloud Assets → Cloud Asset List

When viewing malware detections, expand the associated risk event to see metadata associated with the detection. Use the metadata to execute queries in the Search app and further investigate the threat. To learn about available remediation options, click View options under the risk event.

Once remediated, risk events associated with most cloud resource malware detections no longer appear in Attack Surface Risk Management after the next daily anti-malware scan. Malware detections in container images remain in Operations Dashboard → All Risk Events for seven days after remediation.