Agentless Assessment

Agentless Assessment allows you to scan and analyze short-lived cloud instances on your cloud environments. You can scan both online and offline systems with Agentless Assessment. Agentless Assessment relies on API data and snapshots and does not depend on data from Tenable or other cloud-vendor agents.

Agentless Assessment supports the following:

AWS EC2 Instances.
Azure Virtual Machines.

The following are the key benefits of vulnerability scanning using Agentless Assessment:

No need for any software installation on scan targets.
No impact on system resources.
No need for any system credentials to perform the scans. Agentless Assessment requires read-only access to your AWS EBS.
Live Results feature that always give you the latest Tenable threat updates.

Agentless Assessment is based on Amazon EBS snapshots of your workload EC2 instances. For Azure, Agentless assessment is based on snapshots of your virtual machines. When you trigger a cloud scan in Tenable Cloud Security, along with detecting your cloud resources and misconfigurations, Tenable Cloud Security also detects vulnerabilities in your AWS EC2 workload instances and Azure virtual machines. You can view these vulnerabilities on the Vulnerabilities page in Tenable Cloud Security and the Findings page in Tenable Vulnerability Management.

Note: Agentless Assessment scans AWS Instance snapshots, and not AWS volume snapshots.

The following image shows a high-level overview of Agentless Assessment:

Note: Agentless Assessment supports only root volume scanning and scans software installed at the operating system level.

To configure an Agentless Assessment, see the following topics: