Edit

Agentless container posture

  • Article

Agentless container posture provides a holistic approach to improving your container posture within Defender CSPM (Cloud Security Posture Management). You can visualize and hunt for risks and threats to Kubernetes environments with attack path analysis and the cloud security explorer, and leverage agentless discovery and visibility within Kubernetes components.

Learn more about CSPM.

Capabilities

For support and prerequisites for agentless containers posture, see Support and prerequisites for agentless containers posture.

Agentless container posture provides the following capabilities:

  • Agentless discovery and visibility within Kubernetes components.
  • Container registry vulnerability assessment provides vulnerability assessment for all container images, with near real-time scan of new images and daily refresh of results for maximum visibility to current and emerging vulnerabilities, enriched with exploitability insights, and added to Defender CSPM security graph for contextual risk assessment and calculation of attack paths.
  • Using Kubernetes attack path analysis to visualize risks and threats to Kubernetes environments.
  • Using cloud security explorer for risk hunting by querying various risk scenarios, including viewing security insights, such as internet exposure, and other predefined security scenarios. For more information, search for Kubernetes in the list of Insights.

All of these capabilities are available as part of the Defender CSPM plan.

Agentless discovery and visibility within Kubernetes components

Agentless discovery for Kubernetes provides API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. For more information, see Agentless discovery for Kubernetes.

What's the refresh interval?

Agentless information in Defender CSPM is updated through a snapshot mechanism. It can take up to 24 hours to see results in attack paths and the cloud security explorer.

Next steps