Cloud Guard Concepts

Compare the concepts and features of the Vulnerability Scanning service with Cloud Guard.

Like the Vulnerability Scanning service, Cloud Guard supports recipes and targets.

• A Cloud Guard recipe defines the types of resources and problems that you want to monitor
• A Cloud Guard target defines one or more compartments that you want to monitor, and is associated with a Cloud Guard recipe.

A configuration detector recipe consists of detector rules. The default Cloud Guard configuration detector recipe includes rules that check for vulnerabilities and open ports found in reports created by Vulnerability Scanning. You can use this Oracle-managed configuration detector recipe or clone it to create a custom recipe.

You can also change the default settings for the Vulnerability Scanning detector rules.

• Disallowed port numbers that Cloud Guard reports as a problem
• Allowed port numbers that Cloud Guard ignores
• Vulnerability risk levels (Low, Medium, High, Critical) that Cloud Guard reports as a problem