Get started with CNVM

Set up cloud native vulnerability management.

This page explains how to set up Cloud Native Vulnerability Management (CNVM).


  • CNVM only works in the Default Kibana space. Installing the CNVM integration on a different Kibana space will not work.
  • Requires Elastic Agent version 8.8 or higher.
  • CNVM can only be deployed on ARM-based VMs.
  • To view vulnerability scan findings, you need the appropriate user role to read the following indices:
    • logs-cloud_security_posture.vulnerabilities-*
    • logs-cloud_security_posture.vulnerabilities_latest-*
  • You need an AWS user account with permissions to perform the following actions: run CloudFormation templates, create IAM Roles and InstanceProfiles, and create EC2 SecurityGroups and Instances.


CNVM currently only supports AWS EC2 Linux workloads.

Set up CNVM for AWS

To set up the CNVM integration for AWS, install the integration on a new Elastic Agent policy, sign into the AWS account you want to scan, and run the CloudFormation template.


Do not add the integration to an existing Elastic Agent policy. It should always be added to a new policy since it should not run on VMs with existing workloads. For more information, refer to How CNVM works.

Step 1: Add the CNVM integration

  1. In the Elastic Security app, go to the Get started page, then click Add security integrations.

  2. Search for Cloud Native Vulnerability Management, then click on the result.

  3. Click Add Cloud Native Vulnerability Management.

  4. Give your integration a name that matches its purpose or the AWS account region you want to scan for vulnerabilities (for example, uswest2-aws-account.)

  5. Click Save and continue. The integration will create a new Elastic Agent policy.

  6. Click Add Elastic Agent to your hosts.

Step 2: Sign in to the AWS management console

  1. Open a new browser tab and use it to sign into your AWS management console.
  2. Switch to the cloud region with the workloads that you want to scan for vulnerabilities.


The integration will only scan VMs in the region you select. To scan multiple regions, repeat this setup process for each region.

Step 3: Run the CloudFormation template

  1. Switch back to the tab with Elastic Security.

  2. Click Launch CloudFormation. The CloudFormation page appears.

  3. Click Create stack. To avoid authentication problems, you can only make configuration changes to the VM InstanceType, which you could make larger to increase scanning speed.

  4. Wait for the confirmation that Elastic Agent was enrolled.

  5. Your data will start to appear on the Vulnerabilities tab of the Findings page.

On this page