The Security Reports area of Workload Protection comprises these screens:

  • Vulnerabilities
  • Audit
  • CIS Benchmarks
  • DISA STIG Benchmarks


Vulnerabilities


The Vulnerabilities screen:

  • Lists all (or selected) vulnerabilities that Aqua has found during scanning of your images
  • Allows you to access summary and detailed information on the status of each vulnerability
  • Enables you to perform operations related to Reactive Risk Management:
    • Apply a Vulnerability Shield (vShield) to an image
    • Acknowledge or unacknowledge the vulnerability, or change the expiration of an existing acknowledgement


For a broad understanding of Aqua Image Assurance and protection of your workloads from vulnerabilities, it is recommended that you read the Image Assurance Overview. The topic Vulnerabilities Screen: Operations provides more specific information on what you can do on the Vulnerabilities page.


Audit


Aqua maintains an audit log of several kinds of events: both normal and those indicating security exposures. Reviewing the audit log is often essential for understanding and mitigating security problems in your environment.  Refer to View Audit Events for more information.


CIS Benchmarks


The Center for Internet Security (CIS) maintains several sets of benchmarks to help organizations assess cyber-security threats. These benchmarks are based on an industry consensus of well-defined best practices. Refer to CIS Benchmarks for more information.


DISA STIG Benchmarks


The Security Technical Implementation Guide (STIG) maintains several sets of benchmarks to help US Federal and government organizations assess cyber-security threats.


The Aqua KubeEnforcer will check the compliance of STIG benchmarks on Kubernetes nodes (hosts) when Aqua users deploy or start the KubeEnforcer again or rescan the nodes manually from UI. Refer to DISA STIG Benchmarks for more information.