Skip to main content
McAfee MVISION Cloud

Vulnerability Assessment on VMs

Once the VM workloads are turned into managed state, we can run the Vulnerability scans on the VMs (Virtual Machine) and see the results in MVISION Cloud. 

Vulnerability Scans scan your container repository service images or Virtual Machine (VM) instances. MVISION Cloud scans your services to identify the software stored in the container images or running on the VMs. If MVISION Cloud detects vulnerabilities for the supported software, they are reported as incidents.

Vulnerability Scans are based on the Common Vulnerability Scoring System (CVSS), which assigns industry-standard scores to vulnerabilities. MVISION Cloud uses CVSSv2 and CVSSv3, defaulting to CVSSv3 when there are differences.

KNOWN ISSUE: You might notices changes in the reported Vulnerability Severity as MVISION Cloud upgrades from CVSSv2 to CVSSv3.

Vulnerability Scans appears as an option while creating an on-demand scan. They can be configured to run on-demand or scheduled to run daily, or weekly. 

Vulnerability Scans are available for:

When you configure your Vulnerability Scan, you will select if you want to scan Container Images or VM instances:

  • Container Images. Scans container repository services, including Amazon Elastic Container Registry (ECR), Azure Container Registry (ACR), and Google Container Registry (GCR).
  • VM Instances. Scans virtual machines, including Amazon Elastic Compute Cloud (EC2), Azure Virtual Machines (VMs), and Google VM instances. You can also scan containers within a VM for vulnerabilities. (This only identifies vulnerabilities that are introduced into the runtime containers in comparison to what is identified in the image.)

Create and manage your Vulnerability Policies on the Vulnerability Policies Page

Prerequisites

Before you can create a Vulnerability Scan for VMs, you must install McAfee Cloud Workload Protection Platform (CWPP) PoPs and CWPP Agents on the endpoints. The agents discover applications on the endpoints and send this data to MVISION Cloud to build the app inventory. Currently, only Linux is supported. 

CWPP PoPs and Agents are not required for container images. 

Supported Operating Systems

The following operating systems are supported for Vulnerability Scans:

  • Alpine. v3.2, v3.3, v3.4 to v3.12
  • Amazon Linux. 2, 2018.03
  • Centos/RHEL. 5, 6, 7, 8
  • Debian. 9, 10, 11
  • Oracle Linux. 5, 6, 7, 8
  • Ubuntu. 12.04, 12.10, 13.04, 14.04, 14.10, 15.04, 15.10,16.04, 16.10, 17.04, 17.10, 18.04, 18.10, 19.04, 19.10, 20.04

Supported Container Platforms

MVISION Cloud relies on the National Vulnerability Database (NVD) to provide the latest Common Vulnerability and Exposures (CVEs). Currently, the CVE database includes the following versions:

  • Docker. CVEs for all versions up to 20.10 
  • Kubernetes. CVEs for all versions up to v1.20 

 

  • Was this article helpful?