Creating a Compute Target
Create a Compute (host) scan target.
-
At least one Compute scan recipe must be in the tenancy before creating a target. See Compute Scan Recipes.
-
If the Compute scan recipe is configured for Agent Based Scanning, you must give the Vulnerability Scanning service permission to deploy the agent before creating a target. See Required IAM Policy for Compute Scanning Recipes.
-
A Compute instance is associated with a virtual cloud network (VCN) and a subnet . If an instance in the target is on a private subnet or has no public IP address, the VCN must include a service gateway and a route rule for the service gateway. See Access to Oracle Services: Service Gateway.
To create a Compute target, complete the following steps:
After creating a target, Vulnerability Scanning checks the instances for security vulnerabilities and open ports based on the parameters and schedule that's configured in the recipe. You can view the results of these scans in the following reports:
You can also use Cloud Guard to view the results of the scans. See Scanning with Cloud Guard.
Use the oci vulnerability-scanning host scan target create command and required parameters to create a new compute (host) target:
oci vulnerability-scanning host scan target create --display-name <name> --description "<description>" --compartment-id <create_in_compartment_ocid> --host-scan-recipe-id <recipe_ocid> --target-compartment-id <target_compartment_ocid> --instance-ids <compute_instance_ocids>
For example, to scan all Compute instances in a compartment:
oci vulnerability-scanning host scan target create --display-name MyTarget --description "All instances in compartment ABC" --compartment-id ocid1.compartment.oc1..exampleuniqueID1 --host-scan-recipe-id ocid1.vsshostscanrecipe.oc1..exampleuniqueID --target-compartment-id ocid1.compartment.oc1..exampleuniqueID2
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Run the CreateHostScanTarget operation to create a new compute (host) target.