Posture Control (ZPC)
About Vulnerability Integrations
A security vulnerability is a misconfiguration or security flaw in the cloud infrastructure that is a potential risk for cyber threats. It is crucial for organizations to implement a standard process for monitoring and identifying such vulnerabilities and taking the necessary remediation steps to maintain the security posture of their cloud infrastructure.
Zscaler Posture Control (ZPC) offers a robust vulnerability management feature that enables you to secure your cloud assets and protect your organization from cyber threats. You can integrate your cloud workloads and container registries with ZPC and enable specific accounts for vulnerability scanning. ZPC continuously scans your cloud resources for known vulnerabilities, generates alert notifications, and displays the vulnerability details on the ZPC dashboard, so you can prioritize the risk and take the necessary remediation steps.
ZPC correlates the detected vulnerabilities with common vulnerabilities and exposure (CVE) defined in the national vulnerability database (NVD) database and prioritizes the vulnerabilities and their associated risk based on the common vulnerability scoring system (CVSS) score.
ZPC supports the vulnerability scanning of Linux workloads that are created using Marketplace image, except appliance image.
Configuring vulnerability integration for your cloud resources includes the following benefits and enables you to:
- Continuously monitor the cloud resources for known vulnerabilities.
- Scan specific cloud accounts in the required cloud service provider (CSP).
- Schedule and automate vulnerability scanning.
- Correlate the detected vulnerabilities with the CVEs and CVSS defined in the NVD.
- Use the dashboard that displays comprehensive information about the impacted accounts along with the severity of the vulnerability, so you can take immediate action.
Vulnerability Integration Options
You can configure and manage vulnerability integrations and scanning for:
- Cloud Container Registries: Integrate the Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) container registries and enable them for vulnerability scanning. ZPC scans the container images within the registries.
- Cloud Workloads: Integrate the AWS, Azure, and GCP cloud workloads and enable them for vulnerability scanning.
After integrating ZPC with your container registries and workloads, you can:
- Configure the vulnerability scanning rules. ZPC scans your cloud resources based on the scan schedule and displays the list of resources that contain vulnerabilities. To learn more, see About Vulnerability Scanning and Adding a Vulnerability Scanning Rule.
- Configure the alert rules, so ZPC can send alert notifications. To learn more about alerts, see About Alerts and About Alert Rules.
- Configure the integration with an SIEM or ITSM tool to transfer the alert data to the required system. To learn more, see About Third-Party Integrations.
About the Container Registries & Workloads Page
On the Container Registries & Workloads page (Administration > Container Registries & Workloads), you can:
- View the list of accounts and organizations (in AWS, Azure, and GCP) under container registries that are integrated for vulnerability management. For each account or organization, you can see the following details:
- Account Name: The name of the account.
- Account ID: The unique identification number of this account.
- Registry Count: The number of container registries within this account or organization.
- Add a vulnerability integration.
- View the list of accounts and organizations under cloud workloads that are integrated for vulnerability management.
- Search for an account.
- Sort the column data.
- View the repositories and images present in the account.
Empty repositories (which don't have any container images) in the Azure Container Registry and Google Container Registry are not displayed.
- Delete an account.
