Agentless Assessment FAQ
The following are some of the FAQs about Agentless Assessment:
What are the supported operating systems for EC2 workload VM?
- Amazon Linux 2
-
CentOS 7
-
Red Hat Enterprise Linux (RHEL)
-
SUSE Linux Enterprise Server (SLES) 11.4 to 15.2
-
Ubuntu
-
Debian
What are the supported operating systems for Azure virtual machines?
-
Red Hat Enterprise Linux (RHEL)
-
SUSE Linux Enterprise Server (SLES) 11.4 to 15.2
-
Ubuntu
-
Debian
Why are my scans not updating?
Make sure that a newly created snapshot is scanned. For more information, see Create AWS Snapshot and Create an Azure Virtual Machine Snapshot.
Do cloud instances need to be running for Tenable Cloud Security Agentless Assessment scans to work?
Cloud instances do not need to be running at the time of a Tenable Cloud Security Agentless Assessment cloud scan, but you must have at least one snapshot of an instance’s primary volume for Agentless Assessment to see data.
What if my volumes are encrypted?
For AWS, you can use encrypted EBS snapshots with Agentless Assessment. In AWS, you have access to the default encryption keys unless you have an IAM policy that explicitly denies it. You can use your own KMS Key or the default EBS Key. For example, if you are using a KMS Customer Managed Key (CMK), add the read-only role as a “Key User” under the Key Policy, or add the necessary KMS permissions to the role for which the key would be used. If you are using the default EBS key to handle encryption, Agentless Assessment uses that key for decryption prior to gathering the EBS data.
For Azure, the virtual disk snapshots must be encrypted with the Platform-managed key.