Compute Targets
Use Oracle Cloud Infrastructure Vulnerability Scanning Service to create and manage compute (host) targets and to assign them to Compute scan recipes. A target is a collection of instances that you want routinely scanned for security vulnerabilities.
The Vulnerability Scanning service detects vulnerabilities in the following platforms and using the following vulnerability sources.
Platform | National Vulnerability Database (NVD) | Open Vulnerability and Assessment Language (OVAL) | Center for Internet Security (CIS) |
---|---|---|---|
Oracle Linux | Yes | Yes | Yes |
CentOS | Yes | Yes | Yes |
Ubuntu | Yes | Yes | Yes |
Windows | Yes | No | No |
You have two options when selecting the Compute instances for a target.
- Scan one or more specific instances within a compartment.
- Scan all instances within a compartment and its subcompartments.
If you create a target for the root compartment, then all Compute instances in the entire tenancy are scanned.
The Vulnerability Scanning service saves the results for a Compute instance in the same compartment as the instance's Vulnerability Scanning target.
Consider the following example.
- The Compute instance
MyInstance
is inCompartmentA
. MyInstance
is specified inTarget1
.Target1
is inCompartmentB
.- All reports related to
MyInstance
are inCompartmentB
.
Cloud Guard targets are separate resources from Vulnerability Scanning targets. To use Cloud Guard to detect problems in Vulnerability Scanning reports, the Vulnerability Scanning target compartment must be the same as the Cloud Guard target compartment, or be a subcompartment of the Cloud Guard target compartment.
This section contains the following topics: