Oracle Cloud Infrastructure Documentation

Updating the Vulnerability Scanning Detector Rules

In Cloud Guard recipes, you can change the default settings for the Vulnerability Scanning detector rules. These settings control which vulnerabilities are reported as problems in Cloud Guard.

For example, you can configure which vulnerability risk levels are problems, or configure which TCP or UDP open ports are problems.

You can change some rule settings in an Oracle-managed detector recipe such as OCI Configuration Detector Recipe, and you can change all rule settings in a custom recipe. You can't disable rules in Oracle-managed recipes.

  1. From the Cloud Guard console, click Detector Recipes.
  2. Click your configuration detector recipe.
  3. Under Detector Rules, in the Filter by detector rule field, enter scan.
  4. Click the Actions icon for the rule Scanned host has vulnerabilities, and then select Edit.
  5. After updating the rule's settings, click Save.
  6. Repeat this step on the remaining scan rules.
    • Scanned container image has vulnerabilities
    • Scanned host has open ports

For more information, see Modifying Rule Settings in a Detector Recipe.