- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Get started with CNVM
editGet started with CNVM
editThis page explains how to set up Cloud Native Vulnerability Management (CNVM).
Requirements
-
CNVM only works in the
DefaultKibana space. Installing the CNVM integration on a different Kibana space will not work. - Requires Elastic Agent version 8.8 or higher.
- CNVM can only be deployed on ARM-based VMs.
-
To view vulnerability scan findings, you need the appropriate user role to read the following indices:
-
logs-cloud_security_posture.vulnerabilities-* -
logs-cloud_security_posture.vulnerabilities_latest-*
-
- You need an AWS user account with permissions to perform the following actions: run CloudFormation templates, create IAM Roles and InstanceProfiles, and create EC2 SecurityGroups and Instances.
CNVM currently only supports AWS EC2 Linux workloads.
Set up CNVM for AWS
editTo set up the CNVM integration for AWS, install the integration on a new Elastic Agent policy, sign into the AWS account you want to scan, and run the CloudFormation template.
Do not add the integration to an existing Elastic Agent policy. It should always be added to a new policy since it should not run on VMs with existing workloads. For more information, refer to How CNVM works.
Step 1: Add the CNVM integration
edit- Find Integrations in the navigation menu or use the global search field.
- Search for Cloud Native Vulnerability Management, then click on the result.
- Click Add Cloud Native Vulnerability Management.
-
Give your integration a name that matches its purpose or the AWS account region you want to scan for vulnerabilities (for example,
uswest2-aws-account.)
- Click Save and continue. The integration will create a new Elastic Agent policy.
- Click Add Elastic Agent to your hosts.
Step 2: Sign in to the AWS management console
edit- Open a new browser tab and use it to sign into your AWS management console.
- Switch to the cloud region with the workloads that you want to scan for vulnerabilities.
The integration will only scan VMs in the region you select. To scan multiple regions, repeat this setup process for each region.
Step 3: Run the CloudFormation template
edit- Switch back to the tab with Elastic Security.
-
Click Launch CloudFormation. The CloudFormation page appears.
- Click Create stack. To avoid authentication problems, you can only make configuration changes to the VM InstanceType, which you could make larger to increase scanning speed.
- Wait for the confirmation that Elastic Agent was enrolled.
- Your data will start to appear on the Vulnerabilities tab of the Findings page.
On this page