Build Cloud Security Explorer queries to identify vulnerabilities in Kubernetes clusters

Use Cloud Security Explorer to identify vulnerabilities in your Kubernetes clusters. The following examples show how to build queries to investigate container images and cluster nodes, and can be adapted to filter results based on your requirements.

For an introduction to Cloud Security Explorer queries, see Build queries with Cloud Security Explorer.

Create a query to identify software vulnerabilities in container images

1. Sign in to the Azure portal.

2. Go to Microsoft Defender for Cloud > Cloud Security Explorer.

3. In Query builder, select Select resource types.

4. Select Container Images.

5. Select +.

6. Select condition.

7. In Application, select Has installed software.

   

8. Select Search.

9. Select View details > for the relevant container image.

10. In the Result details pane, review Insights - Has installed software.

    

Create a query to identify vulnerabilities in cluster nodes

1. Sign in to the Azure portal.

2. Go to Microsoft Defender for Cloud > Cloud Security Explorer.

3. In Query builder, select Select resource types.

4. Under Kubernetes clusters, select Azure Kubernetes Service.

5. Select Done.

6. Select +.

7. Select condition.

8. In Application, select Maintains.

9. Select Select resource types > Kubernetes Node Pools.

10. Select Done.

11. Select +.

12. Select condition.

13. Select Maintains.

14. Select Select resource types > Virtual machines clusters.

15. Select Done.

16. Select +.

17. Select condition.

18. In Vulnerabilities, select All vulnerabilities.

    

19. Select Search.

20. Select View details > for the relevant Kubernetes node pool.

    

21. In the Result details pane, select the Virtual machine scale set icon to view vulnerabilities.