Onboard Azure Accounts for Agentless Scanning
Table of Contents
Onboard Azure Accounts for Agentless Scanning
Agentless scanning lets you inspect the risks and vulnerabilities of a cloud workload without having to install an agent or affecting the execution of the workload. Prisma Cloud gives you the flexibility to choose between agentless and agent-based security using Defenders. Currently, Prisma Cloud supports agentless scanning on Azure hosts, containers, and clusters for vulnerabilities and compliance. To learn more about how agentless scanning works, refer to our article on Agentless scanning architecture.
To enable agentless scanning for Prisma Cloud Enterprise Edition (PCEE or SaaS) in Azure, complete the following tasks.
- Onboard the Azure Cloud account you want to use for agentless scanning in Prisma Cloud.
- Configure the onboarded account in Prisma Cloud.
Start an Agentless Scan
Agentless scans start immediately after onboarding the cloud account.
By default, agentless scans are performed every 24 hours, but you can change the interval on the
Manage > System > Scan
page under Scheduling > Agentless
.
To manually start a scan, complete the following steps.
- Go toCompute > Manage > Cloud accounts.
- Click the scan icon on the top right corner of the accounts table.
- ClickStart Agentless scan.
- Click the scan icon in the top right corner of the console to view the scan status.
- View the results.
- Go toCompute > Monitor > Vulnerabilities > HostsorCompute > Monitor > Vulnerabilities > Images.
- Click on theFilter hoststext bar.
- Select theScanned byfilter.
- Select theAgentlessfilter.
