Scan manually for vulnerabilities and malware

Views:

Use Agentless Vulnerability & Threat Detection to scan manually for vulnerabilities and malware in your connected AWS, Google Cloud, and Microsoft Azure cloud accounts.

You can use Agentless Vulnerability & Threat Detection to scan your connected cloud accounts manually for vulnerabilities and malware outside of scheduled times. Scan types and resources available for scanning depend on the configuration you applied when you connected your cloud account in Cloud Accounts.

Important

You must have sufficient asset visibility scope to scan cloud assets. The manual scanning feature requires the latest stack versions. If the Scan action is disabled, update your stacks in Cloud Accounts.

The following scan types and resources are available for each supported cloud provider.

Scan type and cloud resource availability for Agentless Vulnerability & Threat Detection manual scanning

Cloud provider	Scan type and resource availability
AWS	Scan type availability Vulnerabilities: Enabled by default, configure in Cloud Accounts Anti-malware: Disabled by default, configure in Cloud Accounts Resource type availability: Cloud VMs: EBS volumes Container images: ECR images Serverless functions: Lambda functions, Lambda layers
Google Cloud	Scan type availability Vulnerabilities: Enabled by default, not configurable Anti-malware: Enabled by default, not configurable Resource type availability: Cloud VMs: Hyperdisks, Persistent Disks Container images: Artifact Registry images
Microsoft Azure	Scan type availability Vulnerabilities: Enabled by default, not configurable Anti-malware: Enabled by default, not configurable Resource type availability: Cloud VMs: Premium and Standard SSDs, Standard HDDs Container images: Container Registry images

To manually scan your cloud resources for vulnerabilities and malware:

Procedure

Go to Cyber Risk Exposure Management → Security Posture Management → Cloud Security Posture or Cloud Security → Cloud Risk Management → Cloud Security Posture.
Select a connected account under the desired cloud provider to view Cloud Overview for the account.
In the Account details widget, click Scan next to the entry for Agentless Vulnerability & Threat Detection.

Tip

If Agentless Vulnerability & Threat Detection isn't displayed in the widget, enable the feature for the account in Cloud Accounts.
Select one or more available regions and click Start scanning. Only regions where Agentless Vulnerability & Threat Detection is deployed are available.
The scan status for the region changes to Scanning. Scan times depend on the number of resources in your cloud account and the number of regions you have selected.
After the scan is complete, view any detected vulnerabilities or malware in the following locations:
- Cyber Risk Exposure Management → Continuous Threat Management → Threat and Exposure Management → All risk events filtered by asset type: cloud assets
- Asset profile screens for scanned cloud assets
- Search results in Search queried by productCode: sss (Cloud Sentry)