Document custom vuln matching. (#109)

Author: iansk

admin_guide/vulnerability_management/detect_vulns_unpackaged_software.adoc

@@ -1,19 +1,29 @@
 == Detect vulnerabilities in unpackaged software
 
-Typically, software in images is added through a package manager, such as apt, yum, npm.
-Prisma Cloud has a diverse set of upstream vulnerability data sources covering many different package managers across operating systems, including coverage for Node, Python, Java, and Ruby components.
-In these cases, Prisma Cloud typically uses the package manager’s metadata to discover the installed components and versions and compares this data to the realtime CVE data feed provided via the intelligence stream.
-However, sometimes you may install software into images without using a package manager, by just having a line in a Dockerfile to ADD the binary to the image or building it via a configure, make, install approach.
+Typically, software is added to container images and hosts with a package manager, such as apt, yum, npm.
+Prisma Cloud has a diverse set of upstream vulnerability data sources covering many different package managers across operating systems, including coverage for Go, Java, Node.js, Python, and, Ruby components.
+Prisma Cloud typically uses the package manager’s metadata to discover installed components and versions, comparing this data to the data in the Intelligence Stream's realtime CVE feed.
+
+Sometimes, you might install software without a package manager.
+For example, software might be built from source and then added to an image with the Dockerfile `ADD` instruction.
 In these cases, there is no package manager data associated with the application.
 
-Prisma Cloud uses a variety of advanced analysis techniques to detect metadata about software not installed via packages managers.
-This analysis then feeds our existing vulnerability detection and blocking mechanisms, continuing to give you a single view of all the vulnerabilities within a given image, regardless of whether they’re from the distribution layer, an app package manager, or added independently.
+Prisma Cloud uses a variety of analysis techniques to detect metadata about software not installed by packages managers.
+This analysis augments existing vulnerability detection and blocking mechanisms, giving you a single view of all vulnerabilities, regardless of it how the software is installed (distro's package manage, language runtime package manager, or without a package manager).
 
 [.section]
 === Supported apps
 
-The following apps are currently supported. But with future requests from customers on additional support this list may be extended.
+The following list shows examples of the apps currently supported.
 
+* Kubernetes
+* OpenShift
+* Jenkins
+* Envoy
+* CRIO
+* Hashicorp Vault
+* Hashicorp Consul
+* WordPress
 * Redis
 * Nginx
 * Mongo
@@ -30,8 +40,11 @@ The following apps are currently supported. But with future requests from custom
 Nothing is required to enable the functionality described in this article.
 It is enabled by default.
 
-The following screenshot shows what a vulnerability scan report looks like when a vulnerability is discovered in a binary that was not installed into the image with a package manager:
+When vulnerabilities are detected in an unpackaged app, scan repots list the *Type* as *Application*.
+
+image::unpackaged-sw-app-vulns.png[width=750]
 
-image::detect_vulns_unpackaged_software_730511.png[width=800]
+Vulnerabilities of typei *Application* are carried in the Intelligence Stream's *app* feed.
+Go to the CVE statistics section on the *Manage > System > Intelligence* page for more information.
 
-Customers can open support tickets to request support for additional binaries apart from those aforementioned.
+image::unpackaged-sw-cve-stats.png[width=750]