The Carbon Black Cloud Workload Protection capabilities expand to the Public Cloud workloads (AWS EC2 instances, Azure VM instances, and Google Cloud instances). After deploying sensors on your instances, you can view the vulnerability data in the Carbon Black Cloud console. You can review security vulnerabilities and use this information to schedule maintenance windows for patches or updates.

To take advantage of the vulnerability assessment capabilities for your Public Cloud resources, you must enable the Carbon Black Public Cloud service for your organization.

You view all vulnerabilities for your instances while in the Vulnerabilities > Public Cloud tab.

The Inventory > Public Cloud > AWS/Azure/GCP > Enabled tab provides a quick view of AWS/Azure/GCP instance vulnerabilities as well. Double-click a row and view all of the vulnerable processes running on the selected public cloud instance in the Vulnerability section, part of the details panel.

EC2 instances can have multiple vulnerabilities, each with different CVSS score. Based on this score, vulnerabilities are filtered on the level of severity - critical, important, moderate, or low. The higher the score, the higher the severity.

Critical severity is the default filter. To view all vulnerabilities irrespective of their severity, click All. This view shows the count of all vulnerabilities across all assets and products - operating systems (OS), apps, and versions.

Depending on how you want to view the vulnerability data, you can select either the Instances view or the Vulnerabilities view from the View by drop-down menu.

Instances View

After you navigate to the Vulnerabilities > Public Cloud tab, the Instances view is available by default. Here you can filter the data by OS (Windows or Linux) and manage the data the sensors gather from all Public Cloud instances in your environment or from a specific Cloud provider (AWS, Azure, or GCP). Double-click an asset row or click the > icon to view more information on related vulnerabilities in the expanded Vulnerabilities details panel. To view the updated vulnerability data immediately, click Reassess from the Vulnerabilities details panel.

Vulnerabilities View

While on the Vulnerabilities > Public Cloud tab, select Vulnerabilities from the View by drop-down menu. In the Vulnerabilities view, you can use the Type drop-down menu to filter data based on App or OS. Use the OS drop-down menu to filter data based on Windows or Linux. Select the Cloud provider drop-down menu to filter data based on the type of public workloads - AWS, Azure, or GCP.

App-level and OS-level vulnerabilities for Windows instances are discovered through the OS details and security patches applied on each public cloud instance. OS- level and App-level vulnerabilities for Linux instances are discovered through the OS details and the list of all installed packages. When the security patch associated with vulnerability is not applied or the package installed is detected to be vulnerable, the system flags the EC2 instance as vulnerable. For details on how to remediate a vulnerability, see Resolve Vulnerabilities.