Detect vulnerabilities and malware in your cloud environment.
Important
This is a pre-release sub-feature and is not part of the existing features of an official
commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
Agentless Vulnerability & Threat Detection is a serverless scanner in your cloud account.
You can use the scanner to scan your resources in your cloud accounts for vulnerabilities
and malware without impact to other resources or running applications.
You can specify which resource types to include in scans when you add your AWS account in Cloud Accounts. Three AWS resource types are currently supported: EBS (Elastic
Block Store), ECR (Elastic Container Registry), and Lambda. All resources are included
in vulnerability scanning by default. Anti-malware scanning is disabled by default
but may be enabled at any time.
Important
In EBS volumes, scans may fail due to memory limitations if the total file count across
EBS volumes exceeds 250,000. There is no file type limitation.
Scans in ECR have storage size limitations that might lead to failures when scanning
ECR images larger than 1 GB.
Lambda layers not attached to any Lambda functions are not scanned for vulnerabilities.
Anti-malware scans do not currently support scanning Lambda layers.
Feature
Description
Vulnerability Scanning
Inspects the following AWS resources to identify CVEs:
EBS volumes attached to EC2 instances
ECR images with the "latest" tag
Lambda functions and their attached Lambda layers
Anti-Malware Scanning
Scans the following AWS resources to identify potential malware, including viruses,
Trojans, spyware, and more:
EBS volumes attached to EC2 instances
Container images in ECR repositories
Serverless Lambda functions
Agentless Vulnerability & Threat Detection works by taking a snapshot of EBS volumes
and collecting ECR images, Lambda function zip archives, and Lambda layers. The collected
resources are then scanned for vulnerabilities or malware. Lambda functions deployed
with container images are covered by ECR image scanning.
Scan results are sent to Trend Vision One for review. If vulnerabilities or malware are detected, suggested remediation options
are available in Attack Surface Risk Management → Operations Dashboard.
Agentless Vulnerability & Threat Detection is a serverless function. The engine only
activates during a scan and scales dynamically to meet the needs of the scanning process
within a set resource limit. All collected data is analyzed within the serverless
function, and only metadata is sent to Trend Vision One. Your data does not leave your cloud account.
