Views:

Learn how to enable Agentless Vulnerability & Threat Detection in your Microsoft Azure subscriptions and understand provider-specific feature requirements and limitations.

To start scanning for vulnerabilities and malware in your cloud resources, connect your Azure subscription to Trend Vision One in Cloud Accounts using the Terraform template. Enable Agentless Vulnerability & Threat Detection in Features and Permissions.
Important
Important
Before enabling Agentless Vulnerability & Threat Detection for your Azure subscription, you must:
  • Ensure your subscription has Azure Storage enabled
  • Ensure quotas are sufficient for the following services in all regions to which you are deploying Agentless Vulnerability & Threat Detection:
    • Standard DSv2 Family vCPUs
    • Total Regional vCPUs
    • Virtual Machines
    • Standard Storage Managed Disks
    • StandardStorageSnapshots
Agentless Vulnerability & Threat Detection scans the following Azure resource types:
  • Managed disks that support use as an OS disk and are attached to VMs
  • Container Registry container images
Important
Important
Agentless Vulnerability & Threat Detection vulnerability and anti-malware scanning options are enabled by default for all supported Azure resources. Scan settings are not currently configurable. For detailed instructions, see Adding an Azure subscription.
Agentless Vulnerability & Threat Detection works in Azure as a resource group within your subscription that takes snapshots of disks and collects container images. The collected resources are then scanned for vulnerabilities or malware. Disk scan results are stored in Azure Blob Storage while container images are stored in Azure Files. Results are forwarded to Trend Vision One for analysis.
Agentless Vulnerability & Threat Detection architecture diagram for Microsoft Azure deployments
Scan results can be seen in the Trend Vision One console in Cloud Posture, Executive Dashboard, Operations Dashboard, and asset profile screens in Attack Surface Discovery. After you patch vulnerabilities or remediate malware in disks, the detections no longer appear after the next daily scan. Vulnerability detections in container images remain visible in Operations DashboardVulnerabilities for seven days after mitigation. Malware detections in container images remain visible in Operations DashboardAll Risk Events for seven days after remediation.
The following table lists scanning limitations that apply to each supported Azure resource type.

Azure resource
Limitations
Disks
  • Only disk types that can serve as an OS disk are supported for scans. Supported disk types include:
    • Premium SSDs
    • Standard SSDs
    • Standard HDDs
    The following disk types are data only and therefore not supported:
    • Ultra Disks
    • Premium SSD v2
  • Only disks attached to a VM are scanned.
  • Agentless Vulnerability & Threat Detection does not currently support scans of disks that are part of a single file system, such as RAID or LVM.
Container images
  • Agentless Vulnerability & Threat Detection does not scan container images larger than 1 GB.
  • Only container images from registries in the same region as the Agentless Vulnerability & Threat Detection resource group are scanned.
  • Container images must be in the same subscription as the Agentless Vulnerability & Threat Detection resource group to be scanned.
Agentless Vulnerability & Threat Detection only supports the following operating system instances for vulnerability scanning in Azure subscriptions.
Distribution
Versions
Amazon Linux
  • Amazon Linux (AMI)
  • Amazon Linux 2
  • Amazon Linux 2023
CentOS
  • CentOS Linux 7
Debian
  • Debian 8
  • Debian 9
  • Debian 10
  • Debian 11
  • Debian 12
Red Hat Enterprise Linux
  • RHEL 6
  • RHEL 7
  • RHEL 8
  • RHEL 9
Ubuntu
  • Ubuntu 16.04
  • Ubuntu 18.04
  • Ubuntu 20.04
  • Ubuntu 22.04
SUSE Linux Enterprise Server
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 15
Oracle Linux Server
  • Oracle Linux Server 6
  • Oracle Linux Server 7
  • Oracle Linux Server 8
  • Oracle Linux Server 9
Rocky Linux
  • Rocky Linux 8
  • Rocky Linux 9
The following table lists the Azure regions supported for Agentless Vulnerability & Threat Detection deployment.

Supported Azure regions

Region code
Region name
westus
West US
eastus
East US
southcentralus
South Central US
westus2
West US 2
westus3
West US 3
australiaeast
Australia East
southeastasia
Southeast Asia
northeurope
North Europe
swedencentral
Sweden Central
uksouth
UK South
westeurope
West Europe
centralus
Central US
southafricanorth
South Africa North
centralindia
Central India
eastasia
East Asia
japaneast
Japan East
koreacentral
Korea Central
canadacentral
Canada Central
francecentral
France Central
germanywestcentral
Germany West Central
norwayeast
Norway East
switzerlandnorth
Switzerland North
uaenorth
UAE North
brazilsouth
Brazil South
eastus2
East US 2
northcentralus
North Central US
japanwest
Japan West
centraluseuap
Central US Early Updates Access Program (EUAP)
eastus2euap
East US 2 Early Updates Access Program (EUAP)
westcentralus
West Central US
australiasoutheast
Australia Southeast
southindia
South India
westindia
West India
canadaeast
Canada East
ukwest
UK West