Get started with CNVM

edit

This page explains how to set up Cloud Native Vulnerability Management (CNVM).

CNVM currently only supports AWS EC2 Linux workloads.

Set up CNVM for AWS

edit

To set up the CNVM integration for AWS, install the integration on a new Elastic Agent policy, sign into the AWS account you want to scan, and run the CloudFormation template.

Do not add the integration to an existing Elastic Agent policy. It should always be added to a new policy since it should not run on VMs with existing workloads. For more information, refer to How CNVM works.

Step 1: Add the CNVM integration
edit
  1. In the Elastic Security app, go to the Get started page, then click Add security integrations.
  2. Search for Cloud Native Vulnerability Management, then click on the result.
  3. Click Add Cloud Native Vulnerability Management.
  4. Give your integration a name that matches its purpose or the AWS account region you want to scan for vulnerabilities (for example, uswest2-aws-account.)

    The CNVM integration setup page
  5. Click Save and continue. The integration will create a new Elastic Agent policy.
  6. Click Add Elastic Agent to your hosts.
Step 2: Sign in to the AWS management console
edit
  1. Open a new browser tab and use it to sign into your AWS management console.
  2. Switch to the cloud region with the workloads that you want to scan for vulnerabilities.

The integration will only scan VMs in the region you select. To scan multiple regions, repeat this setup process for each region.

Step 3: Run the CloudFormation template
edit
  1. Switch back to the tab where you have Kibana open.
  2. Click Launch CloudFormation. The CloudFormation page appears.

    The cloud formation template
  3. Click Create stack. To avoid authentication problems, you can only make configuration changes to the VM InstanceType, which you could make larger to increase scanning speed.
  4. Wait for the confirmation that Elastic Agent was enrolled.
  5. Your data will start to appear on the Vulnerabilities tab of the Findings page.