Learn how to enable Agentless Vulnerability & Threat Detection in your AWS account and understand provider-specific feature requirements and limitations.
To start scanning for vulnerabilities and malware in your cloud resources, add your
AWS account to Trend Vision One in Cloud Accounts using the CloudFormation template. Enable Agentless Vulnerability & Threat Detection, and then click Scanner Settings to choose the resource types to scan and whether to scan for vulnerabilities, malware,
or both. Vulnerability scanning is enabled for all supported resources by default.
Anti-malware scanning is disabled by default. You can change the scanning configuration
at any time. For detailed instructions, see Adding an AWS account using CloudFormation.
Agentless Vulnerability & Threat Detection scans the following AWS resource types:
-
EBS volumes attached to EC2 instances
-
ECR images that have the "latest" tag
-
Lambda functions and attached Lambda layers
Agentless Vulnerability & Threat Detection works in AWS by taking a snapshot of EBS volumes and collecting ECR images, Lambda
function zip archives, and Lambda layers. The collected resources are then scanned
for vulnerabilities or malware. Lambda functions deployed with container images are
covered by ECR image scanning.
Scan results are sent to Trend Vision One and can be seen in Cloud Posture, Executive Dashboard, Operations Dashboard, and asset profile screens in Attack Surface
Discovery. After you patch vulnerabilities or remediate malware in EBS volumes, Lambda functions,
or Lambda layers, the detections no longer appear after the next daily scan. Vulnerability
detections in ECR images remain visible in for seven days after patching. Malware detections in ECR images remain visible in
for seven days after remediation.
The following table lists scanning limitations that apply to each supported AWS resource
type.
For estimated costs of deploying Agentless Vulnerability & Threat Detection in your AWS accounts, see Agentless Vulnerability & Threat Detection estimated deployment costs for AWS
|
AWS resource
|
Limitations
|
|
EBS volumes
|
|
|
ECR images
|
|
|
Lambda functions and layers
|
|
Agentless Vulnerability & Threat Detection supports the following operating system instances for AWS accounts.
Supported AWS Operating Systems
|
Distribution
|
Operating system
|
|
Amazon Linux
|
|
|
CentOS
|
|
|
Red Hat Enterprise Linux
|
|
|
Ubuntu
|
|
Agentless Vulnerability & Threat Detection supports the following AWS regions.
Supported AWS regions
|
Region code
|
Region name (Location)
|
|
us-east-1
|
US East (N. Virginia)
|
|
us-east-2
|
US East (Ohio)
|
|
us-west-1
|
US West (N. California)
|
|
us-west-2
|
US West (Oregon)
|
|
af-south-1
|
Africa (Cape Town)
|
|
ap-east-1
|
Asia Pacific (Hong Kong)
|
|
ap-northeast-1
|
Asia Pacific (Tokyo)
|
|
ap-northeast-2
|
Asia Pacific (Seoul)
|
|
ap-northeast-3
|
Asia Pacific (Osaka)
|
|
ap-south-1
|
Asia Pacific (Mumbai)
|
|
ap-southeast-1
|
Asia Pacific (Singapore)
|
|
ap-southeast-2
|
Asia Pacific (Sydney)
|
|
ca-central-1
|
Canada (Central)
|
|
eu-central-1
|
Europe (Frankfurt)
|
|
eu-north-1
|
Europe (Stockholm)
|
|
eu-west-1
|
Europe (Ireland)
|
|
eu-west-2
|
Europe (London)
|
|
eu-west-3
|
Europe (Paris)
|
|
sa-east-1
|
South America (São Paulo)
|
|
me-central-1
|
Middle East (UAE)
|
|
me-south-1
|
Middle East (Bahrain)
|
Unsupported AWS Regions
|
Region code
|
Region name (Location)
|
|
ap-southeast-3
|
Asia Pacific (Jakarta)
|
|
eu-south-1
|
Europe (Milan)
|