Views:

Enable Agentless Vulnerability & Threat Detection to start scanning for vulnerabilities and malware across your EBS volumes, ECR images, and serverless Lambda functions in AWS cloud accounts.

To start scanning for vulnerabilities and malware in your cloud resources, add your AWS account to Trend Vision One in Cloud Accounts using the CloudFormation template. Enable Agentless Vulnerability & Threat Detection, and then click Scanner Settings to choose the resource types to scan and whether to scan for vulnerabilities, malware, or both. Vulnerability scanning is enabled by default. You can change the scanning configuration at any time. For detailed instructions, see Adding an AWS account using CloudFormation.
Agentless Vulnerability & Threat Detection scans the following AWS resource types:
  • EBS volumes attached to EC2 instances
  • ECR images that have the "latest" tag
  • Lambda functions and attached Lambda layers
Important
Important
  • Agentless Vulnerability & Threat Detection only supports scanning EBS volumes attached to supported Linux instances. Scans performed on EBS volumes attached to unsupported platform instances such as Windows still use resources, but the scans do not provide detection information.
  • Anti-malware scans do not currently support scanning Lambda layers.
  • If you reach the limit for pending EBS snapshots in your AWS account, you may receive one or more "PendingSnapshotLimitExceeded" errors when the scan begins. This may cause the scanning process to take longer than usual.
Agentless Vulnerability & Threat Detection scans once per day, starting when you first deploy the CloudFormation template. Anti-malware scans begin at the next daily scan after you enable the feature. Scan times are not configurable after deployment.
Scan results are sent to Trend Vision One when the scan is complete and can be seen in Cloud Posture, Executive Dashboard, Operations Dashboard, and asset profile screens in Attack Surface Discovery. After you patch vulnerabilities or remediate malware in EBS volumes, Lambda functions, or Lambda layers, the detections no longer appear after the next daily scan. Vulnerability detections in ECR images remain in Operations DashboardVulnerabilities for seven days after patching. Malware detections in ECR images remain in Operations DashboardAll Risk Events for seven days after remediation.

Supported Operating Systems

Distribution
Operating system
Amazon Linux
  • Amazon Linux (AMI)
  • Amazon Linux 2
  • Amazon Linux 2023
CentOS
  • CentOS Linux 7
Red Hat Enterprise Linux
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
Ubuntu
  • Ubuntu 16.04
  • Ubuntu 18.04
  • Ubuntu 20.04

Supported AWS regions

Region code
Region name (Location)
us-east-1
US East (N. Virginia)
us-east-2
US East (Ohio)
us-west-1
US West (N. California)
us-west-2
US West (Oregon)
af-south-1
Africa (Cape Town)
ap-east-1
Asia Pacific (Hong Kong)
ap-northeast-1
Asia Pacific (Tokyo)
ap-northeast-2
Asia Pacific (Seoul)
ap-northeast-3
Asia Pacific (Osaka)
ap-south-1
Asia Pacific (Mumbai)
ap-southeast-1
Asia Pacific (Singapore)
ap-southeast-2
Asia Pacific (Sydney)
ca-central-1
Canada (Central)
eu-central-1
Europe (Frankfurt)
eu-north-1
Europe (Stockholm)
eu-west-1
Europe (Ireland)
eu-west-2
Europe (London)
eu-west-3
Europe (Paris)
sa-east-1
South America (São Paulo)
me-central-1
Middle East (UAE)

Unsupported AWS Regions

Region code
Region name (Location)
ap-southeast-3
Asia Pacific (Jakarta)
eu-south-1
Europe (Milan)
me-south-1
Middle East (Bahrain)
Related information