Configure Vulnerability Scan

Part of maintaining a secure environment is regularly conducting vulnerability scans. Vulnerability scans help identify potential weaknesses and vulnerabilities that could be exploited by unauthorized individuals or entities.

To view all the accounts that have vulnerability scanning enabled, complete the following steps:

1. In the left main menu, click Spot Security and click Administration.
2. Click the Cloud Accounts tab. You can view all the onboarded accounts.

There are 3 states of the vulnerability scan configuration in an account:

• The vulnerability scan is not configured: the toggle in the Vulnerability Enabled column is off and can not be turned on.
• The vulnerability scan is configured and running: the toggle in the Vulnerability Enabled column is on.
• The vulnerability scan is configured but temporarily disabled: the toggle in the Vulnerability Enabled column will be off but you can turn it on.

Prerequisites

The account must be onboarded on Spot Security and the data collection must be complete.

Configure a Vulnerability Scan

Complete the following steps to configure a vulnerability scan:

1. Under the Cloud Accounts tab, click Cloud Account on the top right and click Configure Vulnerability.

   

2. You can configure the vulnerability scan for both AWS and Azure Account:

   • Configure the vulnerability scan for AWS
   • Configure the vulnerability scan for Azure

Managing the Vulnerability Scan

In the Cloud Accounts tab in the Administration page you can edit, disable/enable, and delete the vulnerability scan.

Edit the Vulnerability Scan

1. Under the Cloud Accounts tab, click the edit icon (pencil) of the account you want to edit.

   

2. You can update the existing value Role ARN, Subnet ID, and Region columns wherever applicable and update the new configuration.

   

Disable/ Enable the Vulnerability Scan

You can disable the vulnerability scan by turning the toggle off in the Vulnerability Enabled column. Disabling the scan pauses the scan for that account until the toggle is turned back on. The last scanned data remains in the system.

Delete the Vulnerability Scan

You can delete the vulnerability scan for any account by selecting one of the accounts:

1. In the top right, click Actions and then click Delete Vulnerability Configuration.

   

2. Confirm that you agree to deleting all the vulnerability scans permanently from the Spot Security console. Spot Security deletes the scan and the data within 24 to 48 hours.