Cloud Scans

To run a cloud scan after onboarding your cloud accounts, you must select and run a scan profile. Tenable Cloud Security provides a default scan profile for each cloud provider. You can also create your custom scan profiles. After creating a scan profile, you can run the following types of cloud scans:

  • Misconfiguration Scan: Scans for policy violations in IaC repositories and cloud resources. You can view the scan results on the Findings > Misconfigurations page. The Misconfigurations Scan is supported for all cloud providers - AWS, Azure, and GCP.

  • Vulnerability Scan: Scans for known vulnerabilities (CVEs) in workloads, such as operating systems, images, containers, and software based on plugins. Currently, Tenable Cloud Security supports vulnerability scans only for AWS EC2 instances. You can view these vulnerabilities on the Findings > Vulnerabilities page in Tenable Cloud Security and the Findings page in Tenable Vulnerability Management. For more information, see Configure Vulnerability Scan using Agentless Assessment for AWS.

To configure and run a cloud scan:

  1. Create a Scan Profile.

  2. (Optional) Schedule a Scan.

  3. Run a Cloud Scan.