Getting a CIS Benchmark's Details

• Console
• CLI
• API

• The Center for Internet Security (CIS) publishes best practices for devices and operating systems, which result from the collaboration of cybersecurity professionals and subject matter experts. The Vulnerability Scanning service checks hosts for compliance with the section 5 (Access, Authentication, and Authorization) benchmarks defined for Distribution Independent Linux.

  To get a CIS Benchmark's details, complete the following steps:

  1. Open the navigation menu and click Identity & Security. Under Scanning, click Scanning Reports.
  2. Select the compartment in which you created the target.
  3. Click the Hosts tab if not already selected.
  4. (Optional) Select dates in Scan start date and Scan end date.

     By default, only the most recent scan reports are displayed. To view older reports, choose specific start and end dates.

     Or, click Scan start date and click either Past 7 Days or Past 30 Days.

     Click Reset at any time to set the risk level and date ranges back to the default values.

  5. Click the name of the host scan.

     From the Metrics page, find the number of CIS benchmarks passed.

  6. Click CIS benchmarks.

     The following details are shown for each CIS benchmark that the Vulnerability Scanning service tested on this Compute instance:

     • Benchmark ID
     • Result- pass or fail
     • Summary

  Learn about a specific benchmark by downloading the document for Distribution Independent Linux.

• Use the oci vulnerability-scanning host scan result cis-benchmark get command and required parameters to retrieve a host CIS benchmark scan result identified by the benchmark scan result ID:

  oci vulnerability-scanning host scan result cis-benchmark get [OPTIONS]

  For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

• Run the GetHostCisBenchmarkScanResult operation to retrieve a host CIS benchmark scan result identified by the benchmark scan result ID.