1. Overview

Prisma Cloud can scan the virtual machine (VM) images in your AWS environment for the following types of vulnerabilities:

  • Host configuration: Vulnerabilities in the VM image setup.

  • Docker daemon configuration: Vulnerabilities that stem from misconfiguring your Docker daemon. The Docker daemon derives its configuration from various files, including /etc/sysconfig/docker or /etc/default/docker.

  • Docker daemon configuration files: Vulnerabilities that arise from setting incorrect permissions on critical configuration files.

  • Docker security operations: Recommendations and reminders for extending your current security best practices to include containers.

  • Linux configuration: Compliance of Linux hosts. For example, ensure mounting of the hfs filesystem is disabled.

You can scope access to Prisma Cloud by cloud account ID. Prisma Cloud automatically puts cloud account resources (e.g., containers, clusters, serverless functions, etc) into collections so that when users log in, they can see data for just the resources in the cloud account. Currently, VM scan results aren’t added to per-cloud account collections. Only Prisma Cloud roles with read-write access (System Admins) can view VM image scan reports. Primsa Cloud roles with read-only access can’t view VM image scan reports. This issue will be resolved in an upcoming release.

2. Reviewing VM image scan reports

To view the health of the VM images in your environment:

  1. Open Console, then go to Monitor > Compliance > Hosts > VM images.

  2. Click on a VM image on the list.

    A report for the compliance issues on the VM image is shown.

    vm image scanning report

    All compliance issues identified in the latest VM image scan can be exported to a CSV file by clicking on the CSV button in the top right of the table.