Vulnerability Findings (Image Assurance)
CloudGuard creates Vulnerability findings for Container A lightweight and portable executable image that contains software and all of its dependencies. Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling. images based on the assigned policy.
CloudGuard automatically creates a policy with a default Image Assurance ruleset for applicable clusters. If the default policy is sufficient, no more actions are necessary. If the onboarded environments is part of an Organizational Unit with an Image Assurance policy, no default policy is associated with the environment.
To see the findings in the CloudGuard portal:
-
Navigate to Workload Protection > Containers Assets > Images.
-
Select an image. Use Environment, Asset Type, or other criteria to filter images.
-
Go to the Posture Findings tab. Make sure you set the period selector to All to see all findings for the image.
-
To see the findings on the All Events, click Show in alerts page.
To see the vulnerability findings for all clusters and images in the account, navigate to Workload Protection > Vulnerabilities > Findings.
CloudGuard creates the findings when it scans the image for the first time. Afterward, the CloudGuard portal checks it (one time) in several hours for changes or newly discovered vulnerabilities.
To see findings for your AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. ECS Amazon Elastic Container Service (ECS) - a fully managed container orchestration service that helps you deploy, manage, and scale Docker containers running applications, services, and batch processes. images, use the filter for the AWS Platform and AwsEcsImage Entity Type. In addition, see the vulnerabilities in the AWS ECS image object.
On this page, use the Filter and Search toolbar to select parameters to filter out from the Findings table.
Use these preconfigured filters:
-
Environment or OU - Select one or more cluster environments or organizational units.
-
Severity - Select from the available alert severity objects.
-
Ruleset - Select from the available rulesets.
To see the workloads that use vulnerable images:
-
Navigate to Workload Protection > Vulnerabilities > Findings.
-
Select one of the findings. On the right, the entity card shows information about the image.
-
Click the image link. CloudGuard redirects you to the asset page of the image.
-
The Overview page shows workloads that contain this image. For more information about Overview, see Asset Details.
Categories of Findings
Image Assurance finds different types of findings grouped in the categories:
-
CVE - Common Vulnerabilities and Exposures
-
MaliciousURL
-
MaliciousIP - For more details, see Malicious IP Classification
-
MaliciousFile - Malware
-
InsecureCode
-
InsecureContent - Credential leakage
Note - This feature is in Early Availability.
-
ImageScan - Indicates that the number of issues or severity of the issues found on an image exceeds a preconfigured threshold. See Image Scan Findings
-
Package - Package license, package info, and CVEs
Details of Findings
The fields in Image Assurance findings are almost the same as other fields in the finding details (see Events).
Fields for Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. images:
-
Title - The specific ID or type for which the finding is created based on the finding category.
-
ImageScan findings have the title with the name of the image
-
Common Vulnerabilities and Exposures (CVE The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.) findings have the title with the CVE ID
-
-
Description - The issue description, for example, the CVE description as it appears in the National Vulnerability Database (NVD).
-
Environment - The Kubernetes cluster that contains the image with the finding.
More Links