Get started with Agentless Vulnerability & Threat Detection in Google Cloud

To start scanning for vulnerabilities and malware in your cloud resources, connect your Google Cloud project to Trend Vision One in Cloud Accounts using the Terraform template. Enable Agentless Vulnerability & Threat Detection in Features and Permissions.

Agentless Vulnerability & Threat Detection scans the following Google Cloud resource types:

• Hyperdisks and Persistent Disks attached to Compute Engine instances
• Artifact Registry container images

Agentless Vulnerability & Threat Detection works in Google Cloud by taking a snapshot of disks and collecting container images. The collected resources are then scanned for vulnerabilities or malware. You can deploy Agentless Vulnerability & Threat Detection in your Google Cloud project using one of two methods:

• Traditional: Agentless Vulnerability & Threat Detection is deployed directly into your project. The function runs using your project's cloud resources, which increases the costs associated with your cloud project. Using the traditional deployment method, you might not be able to differentiate between your direct cloud resource usage and Agentless Vulnerability & Threat Detection resource usage.
  
• Sidecar: Agentless Vulnerability & Threat Detection runs in a separate project in your organization for each project you wish to scan. Only the resource collecting component of the function runs directly in your project. Sidecar deployment allows you to have separate resource quotas for your project and Agentless Vulnerability & Threat Detection, so resource usage is easier to monitor. You can initiate sidecar deployment in one of three ways:
  • Allow Agentless Vulnerability & Threat Detection to automatically find and use your Google Cloud billing information to create the sidecar project.
  • Manually specify your Google Cloud billing information when enabling Agentless Vulnerability & Threat Detection and then allow Agentless Vulnerability & Threat Detection to automatically create the sidecar project.
  • Manually create the sidecar project before deploying Agentless Vulnerability & Threat Detection and specify the created sidecar project during deployment.
  

Scan results are sent to Trend Vision One and can be seen in Cloud Posture, Executive Dashboard, Operations Dashboard, and asset profile screens in Attack Surface Discovery. After you patch vulnerabilities or remediate malware in disks, the detections no longer appear after the next daily scan. Vulnerability detections in container images remain visible in Operations Dashboard → Vulnerabilities for seven days after mitigation. Malware detections in container images remain visible in Operations Dashboard → All Risk Events for seven days after remediation.

The following table lists scanning limitations that apply to each supported Google Cloud resource type.

Agentless Vulnerability & Threat Detection only supports the following operating system instances for vulnerability scanning in Google Cloud projects.

Agentless Vulnerability & Threat Detection supports all Google Cloud regions, but only regions where Google Cloud Scheduler is available can serve as primary deployment regions. Your primary deployment region is the region you selected when adding your Google Cloud project in Cloud Accounts. Agentless Vulnerability & Threat Detection deploys to and scans your primary region by default in addition to any selected regions. The following regions are supported as primary deployment regions.