Compute Scan Recipes

Use Oracle Cloud Infrastructure Vulnerability Scanning Service to create and manage recipes that scan target compute instances  (hosts) for potential security vulnerabilities.

A recipe determines which types of security issues that you want scanned:

• Port scanning: check for open ports using a network mapper that searches your public IP addresses 
• Agent-based scanning:
  • Check for open ports on all attached VNICs , including VNICs for both public and private IP addresses
  • Check for OS vulnerabilities like missing patches
  • Check for compliance with industry-standard benchmarks published by the Center for Internet Security (CIS)
  • Check for vulnerabilities in third-party application files

The Vulnerability Scanning service checks hosts for compliance with the section 5 (Access, Authentication, and Authorization) benchmarks defined for Distribution Independent Linux.

A host scan recipe also defines a schedule, or how often scanning is performed.

This section contains the following topics:

• Creating a Compute Scan Recipe
• Creating a Compute Scan Recipe with an OCI Agent
• Creating a Compute Scan Recipe with a Qualys Agent
• Listing Compute Scan Recipes
• Getting a Compute Scan Recipe's Details
• Editing a Compute Scan Recipe
• Defining a Secret for a Compute Scan Recipe
• Moving a Compute Scan Recipe Between Compartments
• Deleting a Compute Scan Recipe