You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

Cloud Native Vulnerability Management (CNVM)

Scan for cloud workload vulnerabilities

Version
1.8.1 (View all)
Compatible Kibana version(s)
8.13.0 or higher
Supported Serverless project types

Security
Observability
Subscription level
Basic

Cloud Native Vulnerability Management (CNVM) allows you to identify vulnerabilities in your cloud workloads. It accomplishes this by periodically taking a snapshot of the running cloud workloads and scanning those snapshots for vulnerabilities. As vulnerabilities are discovered, they appear in the vulnerabilities tab of the findings page in the security solution. Please refer to Cloud Native Vulnerability Management documentation for further information.

We recommend reading through this entire readme before getting started with CNVM.

Getting started with CNVM

For in-depth, step-by-step instructions to help you get started with CNVM, please read through our getting started guide.

Using CNVM

As soon as you install this integration, the pages described in the table below will begin to populate with vulnerability data.

PageDescription
Vulnerabilities tab in Findings
Lists the vulnerabilities discovered in your cloud workloads. The most recent vulnerabilities discovered from the last scan will always be displayed on this page. You can access this page by clicking on the Findings subsection in the main navigation pane of the security solution. Please read the vulnerabilities findings page documentation to learn more.

Compatibility

The integration only supports vulnerability management for Amazon EC2 cloud workloads.

Container workloads (Amazon EKS) and other public cloud providers such as Google Cloud Platform (GCP) and Microsoft Azure are not currently supported.

A version of elastic agent 8.8 or higher is required for integration.

Integration Requirements

The user must log in to their cloud console in the same browser where Kibana is launched. They must also ensure that necessary permissions are in place for their cloud user account to launch Infrastructure as a Code template.

As questions come up, check out the CNVM FAQ or reach out to use directly in our community slack workspace in the #security or #cloud-security channels.

Changelog

VersionDetailsKibana version(s)

1.8.1

Bug fix View pull request
Remove cloud.account.name null fields, Set cloud.account.id for azure and gcp when not available, fix cluster_id missing pipeline error

8.13.0 or higher

1.8.0

Enhancement View pull request
Bump up version

Enhancement View pull request
Add cloudsecurity_cdr sub category label.

Enhancement View pull request
Add missing CIS Azure rule templates

Bug fix View pull request
Rollback CIS Azure Rules 9.3,9.10

Bug fix View pull request
Rollback secrets adoption

Enhancement View pull request
Add CIS Azure Rules 6.1,.6.2,6.3,6.4

Enhancement View pull request
Add missing ECS orchestrator fields

Enhancement View pull request
Adopt Secrets

Enhancement View pull request
Bump version

8.13.0 or higher

1.7.1

Bug fix View pull request
Remove disabled fields.

8.12.0 or higher

1.7.0

Enhancement View pull request
8.12 version bump

Enhancement View pull request
Azure rule templates update

Enhancement View pull request
Bump Azure template branch

Enhancement View pull request
Support Azure Management groups

Enhancement View pull request
Add CIS Azure 5.3.1

Bug fix View pull request
Update all CSPM providers to run every 24h

Enhancement View pull request
Azure credentials configuration

Enhancement View pull request
CloudFormation version hardening

8.12.0 or higher

1.6.5

Bug fix View pull request
GCP Organization Id as string

8.11.0 or higher

1.6.4

Bug fix View pull request
Assign default GCP account type

Enhancement View pull request
Base CloudFormation url only on version

8.11.0 or higher

1.6.3

Bug fix View pull request
Update URL for AWS

8.11.0 or higher

1.6.2

Enhancement View pull request
Change the format_version in the package manifest to 3.0.0. Remove dotted YAML keys from package manifest. Add owner.type elastic to package manifest. Add missing object_type fields. Add security capability.

8.11.0 or higher

1.6.1

Enhancement View pull request
Update ARM link for Azure

8.11.0 or higher

1.6.0

Enhancement View pull request
Support multiple installations on the same agent policy

Enhancement View pull request
Add support for Azure benchmark

Enhancement View pull request
Add support for GCP organizations

8.11.0 or higher

1.5.2

Enhancement View pull request
Refactor GCP credentials

Enhancement View pull request
Validate OrganizationalUnitIds in CloudFormation

8.10.0 or higher

1.5.1

Enhancement View pull request
Bump version to 1.5.1

Bug fix View pull request
Remove capitalization and change type for tags

8.10.0 or higher

1.5.0

Enhancement View pull request
Add CIS GCP rule templates

Bug fix View pull request
Remove default value for project id

Enhancement View pull request
Add vulnerability mappings

Enhancement View pull request
Ensure event.kind is correctly set for pipeline errors.

Enhancement View pull request
Add a cloudshell url for the GCP CSPM integration

Enhancement View pull request
Added ingest processor to copy cluster_id to orchestrator.cluster.id

Enhancement View pull request
Seperate KSPM and CSPM cloudformation templates

Enhancement View pull request
Modify CIS GCP config

Enhancement View pull request
Support AWS Organization onboarding option

Enhancement View pull request
Update CloudFormation template to use al2023 AMI and increased EBS volume size

8.10.0 or higher

1.4.0

Enhancement View pull request
Populate new CloudFormation param ElasticArtifactServer

Enhancement View pull request
Send short notation of ElasticAgentVersion

Bug fix View pull request
Fix CIS 1.1.19 rule

8.9.0 or higher

1.3.0

Enhancement View pull request
New vulnerability management integration

Enhancement View pull request
Support ECS orchestrator.cluster.id field

Enhancement View pull request
Added categories and/or subcategories.

Enhancement View pull request
Added vulnerability management period and removing region

Enhancement View pull request
Change CSPM resource collection period

Enhancement View pull request
Update CNVM index mapping

Enhancement View pull request
Add CIS AWS rules 1.16, 1.17, 1.19, 1.20, 2.1.5, 2.3.3

8.8.0 or higher

1.2.11

Enhancement View pull request
Fixed readme

8.7.0 or higher

1.2.10

Bug fix View pull request
Add GCP/Azure streams

Bug fix View pull request
Fix beta version

Bug fix View pull request
Add GCP/Azure streams

Enhancement View pull request
Add CSPM/KSPM icons

Enhancement View pull request
move rule_number field to benchmark.rule_number

Enhancement View pull request
Add RDS fetcher to the AWS CSPM hbs file

8.7.0 or higher

1.2.9

Enhancement View pull request
Add monitoring fetcher to the aws cspm hbs file

8.7.0 or higher

1.2.8

Enhancement View pull request
Add cloud fields to mapping

8.7.0 or higher

1.2.7

Enhancement View pull request
Add a cloudtrail fetcher to the aws cspm hbs file

8.7.0 or higher

1.2.6

Enhancement View pull request
Add posture_type field to mapping

8.7.0 or higher

1.2.5

Enhancement View pull request
Add S3 fetcher to the AWS CSPM hbs file

8.7.0 or higher

1.2.4

Enhancement View pull request
Remove state from csp rule template

8.7.0 or higher

1.2.3

Enhancement View pull request
Add a network fetcher to the aws cspm hbs file

8.7.0 or higher

1.2.2

Enhancement View pull request
Update cspm hbs file

8.7.0 or higher

1.2.1

Enhancement View pull request
Update CSP mapping

8.7.0 or higher

1.2.0

Enhancement View pull request
CSPM support spaces for 8.7.0

8.7.0 or higher

1.1.2

Enhancement View pull request
CSPM support spaces for 8.7.0

8.7.0 or higher

1.1.1

Enhancement View pull request
CSPM support spaces for 8.6 - fix

8.6.0 or higher

1.0.9

Enhancement View pull request
CSPM support spaces for 8.6

8.6.0 or higher

1.1.0

Enhancement View pull request
Introduce CSPM

8.7.0 or higher

1.0.8

Enhancement View pull request
Update screenshots and icon

8.6.0 or higher

1.0.7

Enhancement View pull request
Add KSPM to integration name

8.6.0 or higher

1.0.6

Enhancement View pull request
Removing the rule data yaml

8.6.0 or higher

1.0.5

Bug fix View pull request
Documentation bugfix

8.5.0 or higher

1.0.4

Enhancement View pull request
Updated mapping to include orchastrator.cluster.name.

8.5.0 or higher

1.0.3

Enhancement View pull request
Updated the readme to remove the broken internal link

8.5.0 or higher

1.0.2

Enhancement View pull request
Add AWS EKS documentation for KSPM

8.5.0 or higher

1.0.1

Enhancement View pull request
Add security category to package metadata.

8.5.0 or higher

1.0.0

Enhancement View pull request
Cloud Security Posture integration is now GA.

8.5.0 or higher

0.0.33

Enhancement View pull request
Remove unconfigurable default fields from hbs files

—

0.0.32

Enhancement View pull request
Add event property to finding, this event match the event spec of the ECS .
cycle_id mapping is removed as it is no longer reported by the Cloudbeat.

—

0.0.31

Enhancement View pull request
Store beat configuration file to be propagated to cloudbeat

—

0.0.30

Enhancement View pull request
Add AWS additional auth to KSPM integration

—

0.0.29

Enhancement View pull request
Update min age for delete to 180 days

—

0.0.28

Enhancement View pull request
Add ILM policy for the findings data stream

—

0.0.27

Enhancement View pull request
Update input types and var name to support runtime config

—

0.0.26

Enhancement View pull request
Version bump

Enhancement View pull request
Updates to KSPM Integration README

—

0.0.25

Bug fix View pull request
Remove unimplemented EKS rules from template

—

0.0.24

Enhancement View pull request
Updated release tag to beta

—

0.0.23

Bug fix View pull request
Fix rule id typo

—

0.0.22

Enhancement View pull request
Adjust findings data-stream mappings to fit ECS conventions

Enhancement View pull request
Turned off dynamic mappings of findings data-stream

Enhancement View pull request
Added default pipeline to findings data-stream

—

0.0.21

Enhancement View pull request
Update package display name

—

0.0.20

Enhancement View pull request
Remove Kibana configuration section from README

—

0.0.19

Enhancement View pull request
Adding EKS rule templates

Enhancement View pull request
Added date time field to index patterns

Enhancement View pull request
Update rule benchmark field to include an id

—

0.0.18

Enhancement View pull request
enhance integration to support eks

—

0.0.17

Enhancement View pull request
Refactored csp-rule-template metadata field to fit 8.4.0 schema

—

0.0.16

Enhancement View pull request
update resource id keyword mapping

—

0.0.15

Enhancement View pull request
update resource id mapping

—

0.0.14

Enhancement View pull request
Add mapping for rule id and resource id and revert Kibana version constrain

—

0.0.13

Enhancement View pull request
Update Kibana version constrain

—

0.0.12

Enhancement View pull request
Add new rule templates

—

0.0.11

Enhancement View pull request
Update elastic-agent deployment instructions

—

0.0.10

Enhancement View pull request
Update CSP rules configuration template

—

0.0.9

Enhancement View pull request
Update csp rule template

—

0.0.8

Enhancement View pull request
Send dataYaml (Rules Activation YAML) to cloudbeat

—

0.0.7

Enhancement View pull request
Add rule template assets

—

0.0.6

Enhancement View pull request
Update findings template asset

—

0.0.5

Enhancement View pull request
Add CSP rule template asset

—

0.0.4

Enhancement View pull request
Add latest findings data view

—

0.0.3

Enhancement View pull request
Change README

—

0.0.2

Enhancement View pull request
Change README

—

0.0.1

Enhancement View pull request
Initial draft of the package

—

On this page