VM image scanning

Prisma Cloud can scan the virtual machine (VM) images in your AWS environment for the following types of vulnerabilities:
  • Host configuration
    : Vulnerabilities in the VM image setup.
  • Docker daemon configuration
    : Vulnerabilities that stem from misconfiguring your Docker daemon. The Docker daemon derives its configuration from various files, including /etc/sysconfig/docker or /etc/default/docker.
  • Docker daemon configuration files
    : Vulnerabilities that arise from setting incorrect permissions on critical configuration files.
  • Docker security operations
    : Recommendations and reminders for extending your current security best practices to include containers.
  • Linux configuration
    : Compliance of Linux hosts. For example, ensure mounting of the hfs filesystem is disabled.

Reviewing VM image scan reports

To view the health of the VM images in your environment:
  1. Open Console, then go to
    Monitor > Compliance > Hosts > VM images
    .
  2. Click on a VM image on the list.
    A report for the compliance issues on the VM image is shown.
    All compliance issues identified in the latest VM image scan can be exported to a CSV file by clicking on the
    CSV
    button in the top right of the table.

Recommended For You