Scan your AWS EBS, ECR, and Lambda resources for vulnerabilities to help prioritize and remediate issues and proactively identify zero-day exploits.
Agentless Vulnerability & Threat Detection provides vulnerability scanning in order
to identify security vulnerabilities in your AWS EBS, ECR, and Lambda resources. Scans
occur daily from the time you first enable the feature for your AWS account. Scan
times are not configurable.
To enable vulnerability scanning on a new AWS account:
-
Go toand click Add Account.
-
Choose CloudFormation as the deployment method, select Single AWS Account, and click Next.
-
Enter the required information and click Next. For more detailed instructions, see Adding an AWS account using CloudFormation.
-
In Features and Permissions, enable Agentless Vulnerability & Threat Detection and select the deployment regions.
Note
Selected regions are the regions where Agentless Vulnerability & Threat Detection is deployed, not necessarily the region of your AWS account. You may select multiple deployment regions. -
Click Scanner Settings and select the resource types you wish to include in vulnerability scans. All supported resource types are selected by default.
-
Click Save Changes and continue configuring the CloudFormation template.
You may also enable vulnerability scanning on connected accounts by selecting the
account from the list and going to the Stack Update tab.
Once the feature is enabled and the first scan is complete, you may view any vulnerability
detections in the following locations in the Trend Vision One console:
-
-
-
-
-
-
-
Cloud asset profile screens in
When viewing vulnerability detections, expand the associated risk event on the list
to see available remediation or mitigation options as well as metadata associated
with the detection. Use the provided metadata to perform a query in the Search app and learn more about the detection.
Once remediated or mitigated, risk events associated with vulnerability detections
in EBS volumes, Lambda functions, and Lambda layers no longer appear in Attack Surface Risk Management after the next daily scan. Vulnerabilities in ECR images remain in
for seven days after patching.