Cloud Native Vulnerability Management (CNVM)
Scan for cloud workload vulnerabilities
What is an Elastic integration?
This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.
Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.
See the integrations quick start guides to get started:
Cloud Native Vulnerability Management (CNVM) allows you to identify vulnerabilities in your cloud workloads. It accomplishes this by periodically taking a snapshot of the running cloud workloads and scanning those snapshots for vulnerabilities. As vulnerabilities are discovered, they appear in the vulnerabilities tab of the findings page in the security solution. Please refer to Cloud Native Vulnerability Management documentation for further information.
We recommend reading through this entire readme before getting started with CNVM.
Getting started with CNVM
For in-depth, step-by-step instructions to help you get started with CNVM, please read through our getting started guide.
Using CNVM
As soon as you install this integration, the pages described in the table below will begin to populate with vulnerability data.
| Page | Description |
|---|---|
Vulnerabilities tab in Findings | Lists the vulnerabilities discovered in your cloud workloads. The most recent vulnerabilities discovered from the last scan will always be displayed on this page. You can access this page by clicking on the Findings subsection in the main navigation pane of the security solution. Please read the vulnerabilities findings page documentation to learn more. |
Compatibility
The integration only supports vulnerability management for Amazon EC2 cloud workloads.
Container workloads (Amazon EKS) and other public cloud providers such as Google Cloud Platform (GCP) and Microsoft Azure are not currently supported.
A version of elastic agent 8.8 or higher is required for integration.
Integration Requirements
The user must log in to their cloud console in the same browser where Kibana is launched. They must also ensure that necessary permissions are in place for their cloud user account to launch Infrastructure as a Code template.
As questions come up, check out the CNVM FAQ or reach out to use directly in our community slack workspace in the #security or #cloud-security channels.
Changelog
| Version | Details |
|---|---|
1.5.3 | Enhancement View pull request CloudFormation support multiple linux distributions |
1.5.2 | Enhancement View pull request Refactor GCP credentials Enhancement View pull request Validate OrganizationalUnitIds in CloudFormation |
1.5.1 | Enhancement View pull request Bump version to 1.5.1 Bug fix View pull request Remove capitalization and change type for tags |
1.5.0 | Enhancement View pull request Add CIS GCP rule templates Bug fix View pull request Remove default value for project id Enhancement View pull request Add vulnerability mappings Enhancement View pull request Ensure event.kind is correctly set for pipeline errors. Enhancement View pull request Add a cloudshell url for the GCP CSPM integration Enhancement View pull request Added ingest processor to copy cluster_id to orchestrator.cluster.id Enhancement View pull request Seperate KSPM and CSPM cloudformation templates Enhancement View pull request Modify CIS GCP config Enhancement View pull request Support AWS Organization onboarding option Enhancement View pull request Update CloudFormation template to use al2023 AMI and increased EBS volume size |
1.4.0 | Enhancement View pull request Populate new CloudFormation param ElasticArtifactServer Enhancement View pull request Send short notation of ElasticAgentVersion Bug fix View pull request Fix CIS 1.1.19 rule |
1.3.0 | Enhancement View pull request New vulnerability management integration Enhancement View pull request Support ECS orchestrator.cluster.id field Enhancement View pull request Added categories and/or subcategories. Enhancement View pull request Added vulnerability management period and removing region Enhancement View pull request Change CSPM resource collection period Enhancement View pull request Update CNVM index mapping Enhancement View pull request Add CIS AWS rules 1.16, 1.17, 1.19, 1.20, 2.1.5, 2.3.3 |
1.2.11 | Enhancement View pull request Fixed readme |
1.2.10 | Bug fix View pull request Add GCP/Azure streams Bug fix View pull request Fix beta version Bug fix View pull request Add GCP/Azure streams Enhancement View pull request Add CSPM/KSPM icons Enhancement View pull request move rule_number field to benchmark.rule_number Enhancement View pull request Add RDS fetcher to the AWS CSPM hbs file |
1.2.9 | Enhancement View pull request Add monitoring fetcher to the aws cspm hbs file |
1.2.8 | Enhancement View pull request Add cloud fields to mapping |
1.2.7 | Enhancement View pull request Add a cloudtrail fetcher to the aws cspm hbs file |
1.2.6 | Enhancement View pull request Add posture_type field to mapping |
1.2.5 | Enhancement View pull request Add S3 fetcher to the AWS CSPM hbs file |
1.2.4 | Enhancement View pull request Remove state from csp rule template |
1.2.3 | Enhancement View pull request Add a network fetcher to the aws cspm hbs file |
1.2.2 | Enhancement View pull request Update cspm hbs file |
1.2.1 | Enhancement View pull request Update CSP mapping |
1.2.0 | Enhancement View pull request CSPM support spaces for 8.7.0 |
1.1.2 | Enhancement View pull request CSPM support spaces for 8.7.0 |
1.1.1 | Enhancement View pull request CSPM support spaces for 8.6 - fix |
1.0.9 | Enhancement View pull request CSPM support spaces for 8.6 |
1.1.0 | Enhancement View pull request Introduce CSPM |
1.0.8 | Enhancement View pull request Update screenshots and icon |
1.0.7 | Enhancement View pull request Add KSPM to integration name |
1.0.6 | Enhancement View pull request Removing the rule data yaml |
1.0.5 | Bug fix View pull request Documentation bugfix |
1.0.4 | Enhancement View pull request Updated mapping to include orchastrator.cluster.name. |
1.0.3 | Enhancement View pull request Updated the readme to remove the broken internal link |
1.0.2 | Enhancement View pull request Add AWS EKS documentation for KSPM |
1.0.1 | Enhancement View pull request Add security category to package metadata. |
1.0.0 | Enhancement View pull request Cloud Security Posture integration is now GA. |
0.0.33 | Enhancement View pull request Remove unconfigurable default fields from hbs files |
0.0.32 | Enhancement View pull request Add event property to finding, this event match the event spec of the ECS . |
cycle_id mapping is removed as it is no longer reported by the Cloudbeat. | |
0.0.31 | Enhancement View pull request Store beat configuration file to be propagated to cloudbeat |
0.0.30 | Enhancement View pull request Add AWS additional auth to KSPM integration |
0.0.29 | Enhancement View pull request Update min age for delete to 180 days |
0.0.28 | Enhancement View pull request Add ILM policy for the findings data stream |
0.0.27 | Enhancement View pull request Update input types and var name to support runtime config |
0.0.26 | Enhancement View pull request Version bump Enhancement View pull request Updates to KSPM Integration README |
0.0.25 | Bug fix View pull request Remove unimplemented EKS rules from template |
0.0.24 | Enhancement View pull request Updated release tag to beta |
0.0.23 | Bug fix View pull request Fix rule id typo |
0.0.22 | Enhancement View pull request Adjust findings data-stream mappings to fit ECS conventions Enhancement View pull request Turned off dynamic mappings of findings data-stream Enhancement View pull request Added default pipeline to findings data-stream |
0.0.21 | Enhancement View pull request Update package display name |
0.0.20 | Enhancement View pull request Remove Kibana configuration section from README |
0.0.19 | Enhancement View pull request Adding EKS rule templates Enhancement View pull request Added date time field to index patterns Enhancement View pull request Update rule benchmark field to include an id |
0.0.18 | Enhancement View pull request enhance integration to support eks |
0.0.17 | Enhancement View pull request Refactored csp-rule-template metadata field to fit 8.4.0 schema |
0.0.16 | Enhancement View pull request update resource id keyword mapping |
0.0.15 | Enhancement View pull request update resource id mapping |
0.0.14 | Enhancement View pull request Add mapping for rule id and resource id and revert Kibana version constrain |
0.0.13 | Enhancement View pull request Update Kibana version constrain |
0.0.12 | Enhancement View pull request Add new rule templates |
0.0.11 | Enhancement View pull request Update elastic-agent deployment instructions |
0.0.10 | Enhancement View pull request Update CSP rules configuration template |
0.0.9 | Enhancement View pull request Update csp rule template |
0.0.8 | Enhancement View pull request Send dataYaml (Rules Activation YAML) to cloudbeat |
0.0.7 | Enhancement View pull request Add rule template assets |
0.0.6 | Enhancement View pull request Update findings template asset |
0.0.5 | Enhancement View pull request Add CSP rule template asset |
0.0.4 | Enhancement View pull request Add latest findings data view |
0.0.3 | Enhancement View pull request Change README |
0.0.2 | Enhancement View pull request Change README |
0.0.1 | Enhancement View pull request Initial draft of the package |