Skip to content

Commit 7ad1c8e

Browse files
ttorblettorble
authored
Merge pull request #269252 from dcurwin/wi-214630-agent-to-sensor-march17-2024
Replace Defender agent with Defender sensor
2 parents c1306c5 + 2402b6d commit 7ad1c8e

36 files changed

+168
-168
lines changed

articles/defender-for-cloud/agentless-vulnerability-assessment-aws.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.topic: how-to
99

1010
# Vulnerability assessments for AWS with Microsoft Defender Vulnerability Management
1111

12-
Vulnerability assessment for AWS, powered by Microsoft Defender Vulnerability Management, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any agents.
12+
Vulnerability assessment for AWS, powered by Microsoft Defender Vulnerability Management, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any sensors.
1313

1414
> [!NOTE]
1515
> This feature supports scanning of images in the ECR only. Images that are stored in other container registries should be imported into ECR for coverage. Learn how to [import container images to a container registry](../container-registry/container-registry-import-images.md).
@@ -47,7 +47,7 @@ The triggers for an image scan are:
4747
- **Re-scan** is performed once a day for:
4848
- Images pushed in the last 90 days.
4949
- Images pulled in the last 30 days.
50-
- Images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or the [Defender agent](defender-for-containers-enable.md#enablement-method-per-capability)).
50+
- Images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or the [Defender sensor](defender-for-containers-enable.md#enablement-method-per-capability)).
5151

5252
## How does image scanning work?
5353

@@ -58,9 +58,9 @@ A detailed description of the scan process is described as follows:
5858
- Once a day, and for new images pushed to a registry:
5959

6060
- All newly discovered images are pulled, and an inventory is created for each image. Image inventory is kept to avoid further image pulls, unless required by new scanner capabilities.​
61-
- Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) and [inventory collected via the Defender agent running on EKS nodes](defender-for-containers-enable.md#enablement-method-per-capability)
61+
- Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) and [inventory collected via the Defender sensor running on EKS nodes](defender-for-containers-enable.md#enablement-method-per-capability)
6262
- Vulnerability reports for registry container images are provided as a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/AwsContainerRegistryRecommendationDetailsBlade/assessmentKey/c27441ae-775c-45be-8ffa-655de37362ce).
63-
- For customers using either [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or [inventory collected via the Defender agent running on EKS nodes](defender-for-containers-enable.md#enablement-method-per-capability), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an EKS cluster. For customers using only [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability), the refresh time for inventory in this recommendation is once every seven hours. Clusters that are also running the [Defender agent](defender-for-containers-enable.md#enablement-method-per-capability) benefit from a two hour inventory refresh rate. Image scan results are updated based on registry scan in both cases, and are therefore only refreshed every 24 hours.
63+
- For customers using either [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or [inventory collected via the Defender sensor running on EKS nodes](defender-for-containers-enable.md#enablement-method-per-capability), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an EKS cluster. For customers using only [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability), the refresh time for inventory in this recommendation is once every seven hours. Clusters that are also running the [Defender sensor](defender-for-containers-enable.md#enablement-method-per-capability) benefit from a two hour inventory refresh rate. Image scan results are updated based on registry scan in both cases, and are therefore only refreshed every 24 hours.
6464

6565
> [!NOTE]
6666
> For [Defender for Container Registries (deprecated)](defender-for-container-registries-introduction.md), images are scanned once on push, on pull, and rescanned only once a week.

articles/defender-for-cloud/agentless-vulnerability-assessment-azure.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ The triggers for an image scan are:
4646
- **Re-scan** is performed once a day for:
4747
- Images pushed in the last 90 days.
4848
- Images pulled in the last 30 days.
49-
- Images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or the [Defender agent](defender-for-containers-enable.md#enablement-method-per-capability)).
49+
- Images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or the [Defender sensor](defender-for-containers-enable.md#enablement-method-per-capability)).
5050

5151
## How does image scanning work?
5252

@@ -58,9 +58,9 @@ A detailed description of the scan process is described as follows:
5858
- Once a day, and for new images pushed to a registry:
5959

6060
- All newly discovered images are pulled, and an inventory is created for each image. Image inventory is kept to avoid further image pulls, unless required by new scanner capabilities.​
61-
- Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) and [inventory collected via the Defender agent running on AKS nodes](defender-for-containers-enable.md#enablement-method-per-capability)
61+
- Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) and [inventory collected via the Defender sensor running on AKS nodes](defender-for-containers-enable.md#enablement-method-per-capability)
6262
- Vulnerability reports for registry container images are provided as a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/AzureContainerRegistryRecommendationDetailsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5).
63-
- For customers using either [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or [inventory collected via the Defender agent running on AKS nodes](defender-for-containers-enable.md#enablement-method-per-capability), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an AKS cluster. For customers using only [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability), the refresh time for inventory in this recommendation is once every seven hours. Clusters that are also running the [Defender agent](defender-for-containers-enable.md#enablement-method-per-capability) benefit from a two hour inventory refresh rate. Image scan results are updated based on registry scan in both cases, and are therefore only refreshed every 24 hours.
63+
- For customers using either [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or [inventory collected via the Defender sensor running on AKS nodes](defender-for-containers-enable.md#enablement-method-per-capability), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an AKS cluster. For customers using only [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability), the refresh time for inventory in this recommendation is once every seven hours. Clusters that are also running the [Defender sensor](defender-for-containers-enable.md#enablement-method-per-capability) benefit from a two hour inventory refresh rate. Image scan results are updated based on registry scan in both cases, and are therefore only refreshed every 24 hours.
6464

6565
> [!NOTE]
6666
> For [Defender for Container Registries (deprecated)](defender-for-container-registries-introduction.md), images are scanned once on push, on pull, and rescanned only once a week.

articles/defender-for-cloud/agentless-vulnerability-assessment-gcp.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.topic: how-to
99

1010
# Vulnerability assessments for GCP with Microsoft Defender Vulnerability Management
1111

12-
Vulnerability assessment for GCP, powered by Microsoft Defender Vulnerability Management, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any agents.
12+
Vulnerability assessment for GCP, powered by Microsoft Defender Vulnerability Management, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in Linux container images, with zero configuration for onboarding, and without deployment of any sensors.
1313

1414
In every account where enablement of this capability is completed, all images stored in Google Registries (GAR and GCR) that meet the criteria for scan triggers are scanned for vulnerabilities without any extra configuration of users or registries. Recommendations with vulnerability reports are provided for all images in Google Registries (GAR and GCR), images that are currently running in GKE that were pulled from Google Registries (GAR and GCR) or any other Defender for Cloud supported registry (ACR or ECR). Images are scanned shortly after being added to a registry, and rescanned for new vulnerabilities once every 24 hours.
1515

@@ -44,7 +44,7 @@ The triggers for an image scan are:
4444
- **Re-scan** is performed once a day for:
4545
- Images pushed in the last 90 days.
4646
- Images pulled in the last 30 days.
47-
- Images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or the [Defender agent](defender-for-containers-enable.md#enablement-method-per-capability)).
47+
- Images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or the [Defender sensor](defender-for-containers-enable.md#enablement-method-per-capability)).
4848

4949
## How does image scanning work?
5050

@@ -55,9 +55,9 @@ A detailed description of the scan process is described as follows:
5555
- Once a day, and for new images pushed to a registry:
5656

5757
- All newly discovered images are pulled, and an inventory is created for each image. Image inventory is kept to avoid further image pulls, unless required by new scanner capabilities.​
58-
- Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) and [inventory collected via the Defender agent running on GKE nodes](defender-for-containers-enable.md#enablement-method-per-capability)
58+
- Using the inventory, vulnerability reports are generated for new images, and updated for images previously scanned which were either pushed in the last 90 days to a registry, or are currently running. To determine if an image is currently running, Defender for Cloud uses both [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) and [inventory collected via the Defender sensor running on GKE nodes](defender-for-containers-enable.md#enablement-method-per-capability)
5959
- Vulnerability reports for registry container images are provided as a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/GcpContainerRegistryRecommendationDetailsBlade/assessmentKey/5cc3a2c1-8397-456f-8792-fe9d0d4c9145).
60-
- For customers using either [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or [inventory collected via the Defender agent running on GKE nodes](defender-for-containers-enable.md#enablement-method-per-capability), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/GcpContainersRuntimeRecommendationDetailsBlade/assessmentKey/e538731a-80c8-4317-a119-13075e002516) for remediating vulnerabilities for vulnerable images running on a GKE cluster. For customers using only [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability), the refresh time for inventory in this recommendation is once every seven hours. Clusters that are also running the [Defender agent](defender-for-containers-enable.md#enablement-method-per-capability) benefit from a two hour inventory refresh rate. Image scan results are updated based on registry scan in both cases, and are therefore only refreshed every 24 hours.
60+
- For customers using either [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability) or [inventory collected via the Defender sensor running on GKE nodes](defender-for-containers-enable.md#enablement-method-per-capability), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/GcpContainersRuntimeRecommendationDetailsBlade/assessmentKey/e538731a-80c8-4317-a119-13075e002516) for remediating vulnerabilities for vulnerable images running on a GKE cluster. For customers using only [Agentless discovery for Kubernetes](defender-for-containers-enable.md#enablement-method-per-capability), the refresh time for inventory in this recommendation is once every seven hours. Clusters that are also running the [Defender sensor](defender-for-containers-enable.md#enablement-method-per-capability) benefit from a two hour inventory refresh rate. Image scan results are updated based on registry scan in both cases, and are therefore only refreshed every 24 hours.
6161

6262
> [!NOTE]
6363
> For [Defender for Container Registries (deprecated)](defender-for-container-registries-introduction.md), images are scanned once on push, on pull, and rescanned only once a week.

articles/defender-for-cloud/alert-validation.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ You can simulate alerts for both of the control plane, and workload alerts with
9999
**Prerequisites**
100100

101101
- Ensure the Defender for Containers plan is enabled.
102-
- **Arc only** - Ensure the [Defender agent](defender-for-cloud-glossary.md#defender-agent) is installed.
102+
- **Arc only** - Ensure the [Defender sensor](defender-for-cloud-glossary.md#defender-sensor) is installed.
103103
- **EKS or GKE only** - Ensure the default audit log collection autoprovisioning options are enabled.
104104

105105
**To simulate a Kubernetes control plane security alert**:
@@ -123,7 +123,7 @@ You can simulate alerts for both of the control plane, and workload alerts with
123123
**Prerequisites**
124124
125125
- Ensure the Defender for Containers plan is enabled.
126-
- Ensure the [Defender agent](defender-for-cloud-glossary.md#defender-agent) is installed.
126+
- Ensure the [Defender sensor](defender-for-cloud-glossary.md#defender-sensor) is installed.
127127
128128
**To simulate a Kubernetes workload security alert**:
129129

articles/defender-for-cloud/common-questions-microsoft-defender-vulnerability-management.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,10 @@ No. The cost of the vulnerability assessment scanning is included in Defender fo
2424

2525
No. Each unique image is billed once according to the pricing of the Defender plan enabled, regardless of scanner.
2626

27-
## Does container vulnerability assessment powered by Microsoft Defender Vulnerability Management require an agent?
27+
## Does container vulnerability assessment powered by Microsoft Defender Vulnerability Management require a sensor?
2828

2929
Vulnerability assessment for container images in the registry is agentless.
30-
Vulnerability assessment for runtime supports both agentless and agent-based deployment. This approach allows us to provide maximum visibility when vulnerability assessment is enabled, while providing improved refresh rate for image inventory on clusters running our agent.
30+
Vulnerability assessment for runtime supports both agentless and sensor-based deployment. This approach allows us to provide maximum visibility when vulnerability assessment is enabled, while providing improved refresh rate for image inventory on clusters running our sensor.
3131

3232
## How complicated is it to enable container vulnerability assessment powered by Microsoft Defender Vulnerability Management?
3333

articles/defender-for-cloud/concept-agentless-containers.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
title: Agentless container posture in Defender CSPM
3-
description: Learn how agentless container posture offers discovery, visibility, and vulnerability assessment for containers without installing an agent on your machines.
3+
description: Learn how agentless container posture offers discovery, visibility, and vulnerability assessment for containers without installing a sensor on your machines.
44
ms.service: defender-for-cloud
55
ms.topic: conceptual
66
ms.date: 12/12/2023

0 commit comments

Comments
 (0)