Compute Scan Recipes
Use Oracle Cloud Infrastructure Vulnerability Scanning Service to create and manage recipes that scan target compute instances (hosts) for potential security vulnerabilities.
A recipe determines which types of security issues that you want scanned:
- Port scanning: check for open ports using a network mapper that searches your public IP addresses
- Agent-based scanning:
- Check for open ports on all attached VNICs , including VNICs for both public and private IP addresses
- Check for OS vulnerabilities like missing patches
- Check for compliance with industry-standard benchmarks published by the Center for Internet Security (CIS)
- Check for vulnerabilities in third-party application files
The Vulnerability Scanning service checks hosts for compliance with the section 5 (Access, Authentication, and Authorization) benchmarks defined for Distribution Independent Linux.
A host scan recipe also defines a schedule, or how often scanning is performed.
This section contains the following topics:
- Creating a Compute Scan Recipe
- Creating a Compute Scan Recipe with an OCI Agent
- Creating a Compute Scan Recipe with a Qualys Agent
- Listing Compute Scan Recipes
- Getting a Compute Scan Recipe's Details
- Editing a Compute Scan Recipe
- Defining a Secret for a Compute Scan Recipe
- Moving a Compute Scan Recipe Between Compartments
- Deleting a Compute Scan Recipe