VMClarity: What Happens During a Scan?

shmcfarl

Shannon McFarland

Posted on April 18, 2023

VMClarity: What Happens During a Scan?

I recently posted on the VMClarity open source project and a couple of quick videos on what the project is about and how you can get started. If you missed that post, check it out here: VMClarity: Virtual Machine Security

A Reminder of how VMClarity Works

In the previous videos, I walked through the basics of how VMClarity works and the major components. As you recall, today, VMClarity is deployed in an AWS VPC. In that VPC, the VMClarity server is deployed as an AWS EC2 instance. You then configure VMClarity to scan specific 'scopes' inside of AWS. You can scan for all AWS EC2 instances your AWS account has access to or filter down that scope (recommended). The scan scope can filter on:

  • All AWS regions
  • AWS region
  • AWS region + VPC
  • AWS region + VPC + security group(s)
  • AWS region + instance tags (or within a specific VPC)

Once a VMClarity scan identifies the target assets (instances), it triggers an AWS snapshot of those assets, launches a new AWS EC2 instance, and attaches the snapshot to that instance. VMClarity then configures the scanner types (e.g., exploits, misconfigurations, malware, etc..) based on the scanner types you configured in the scanner configuration.

Behind the Scenes

In this post, I am sharing more information about what happens behind the scenes when VMClarity scans a 'target' asset (e.g., an AWS EC2 instance).

Here is a quick demo of accessing the VMClarity server instance and checking the real-time scanner virtual machine.


Learn More & Join the Community!

Learn more about VMClarity and join the community! https://github.com/openclarity/vmclarity

I will be back with more posts on understanding how VMClarity works, and how you can contribute to it!

You can also learn more about the other Clarity projects, such as (API security) and KubeClarity (K8s SBOM/Supply chain security) here:

And several blogs about both projects are here:
https://techblog.cisco.com/


Shannon McFarland is a Distinguished Engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization. You can follow him on Twitter @eyepv6.

💖 💪 🙅 🚩
shmcfarl
Shannon McFarland

Posted on April 18, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related