oci_vulnerability_scanning_host_scan_recipe

This resource provides the Host Scan Recipe resource in Oracle Cloud Infrastructure Vulnerability Scanning service. Api doc link for the resource: https://docs.oracle.com/iaas/api/#/en/scanning/latest/HostScanRecipe

Example terraform configs related to the resource : https://github.com/oracle/terraform-provider-oci/tree/master/examples/vulnerability_scanning_service

Creates a new HostScanRecipe. A recipe determines the types of security issues that you want scanned, and how often to scan.

Example Usage

resource "oci_vulnerability_scanning_host_scan_recipe" "test_host_scan_recipe" {
	#Required
	agent_settings {
		#Required
		scan_level = var.host_scan_recipe_agent_settings_scan_level

		#Optional
		agent_configuration {
			#Required
			vendor = var.host_scan_recipe_agent_settings_agent_configuration_vendor

			#Optional
			cis_benchmark_settings {

				#Optional
				scan_level = var.host_scan_recipe_agent_settings_agent_configuration_cis_benchmark_settings_scan_level
			}
			endpoint_protection_settings {

				#Optional
				scan_level = var.host_scan_recipe_agent_settings_agent_configuration_endpoint_protection_settings_scan_level
			}
			should_un_install = var.host_scan_recipe_agent_settings_agent_configuration_should_un_install
			vault_secret_id = oci_vault_secret.test_secret.id
			vendor_type = var.host_scan_recipe_agent_settings_agent_configuration_vendor_type
		}
	}
	compartment_id = var.compartment_id
	port_settings {
		#Required
		scan_level = var.host_scan_recipe_port_settings_scan_level
	}
	schedule {
		#Required
		type = var.host_scan_recipe_schedule_type

		#Optional
		day_of_week = var.host_scan_recipe_schedule_day_of_week
	}

	#Optional
	application_settings {
		#Required
		application_scan_recurrence = var.host_scan_recipe_application_settings_application_scan_recurrence
		folders_to_scan {
			#Required
			folder = var.host_scan_recipe_application_settings_folders_to_scan_folder
			operatingsystem = var.host_scan_recipe_application_settings_folders_to_scan_operatingsystem
		}
		is_enabled = var.host_scan_recipe_application_settings_is_enabled
	}
	defined_tags = {"foo-namespace.bar-key"= "value"}
	display_name = var.host_scan_recipe_display_name
	freeform_tags = {"bar-key"= "value"}
}

Argument Reference

The following arguments are supported:

• agent_settings - (Required) (Updatable) Agent scan settings for a host scan
  • agent_configuration - (Optional) (Updatable) Agent configuration for host scan agent settings. This model is polymorphic, presenting different configuration options based on selected agent vendor.
    • cis_benchmark_settings - (Applicable when vendor=OCI) (Updatable) CIS (Center for Internet Security) Benchmark scan settings for a host scan
      • scan_level - (Applicable when vendor=OCI) (Updatable) The level of strictness to apply for CIS Benchmarks. Use ‘NONE’ to disable CIS Benchmark checks entirely.
    • endpoint_protection_settings - (Applicable when vendor=OCI) (Updatable) Endpoint Protection scan settings for a host scan
      • scan_level - (Applicable when vendor=OCI) (Updatable) The scan level. Use ‘NONE’ to disable Endpoint Protection checks entirely.
    • should_un_install - (Required when vendor=QUALYS) (Updatable) Boolean flag letting agent know if it should un-install the Qualys agent when it is stopped.
    • vault_secret_id - (Required when vendor=QUALYS) (Updatable) Vault secret OCID which stores license information. Content inside this secret in vault would be base64 string containing information about customer’s Qualys susbcription license.
    • vendor - (Required) (Updatable) Vendor to use for the host scan agent.
    • vendor_type - (Optional) (Updatable) Vendor to use for the host scan agent.
  • scan_level - (Required) (Updatable) The scan level
• application_settings - (Optional) (Updatable) Agent scan settings for an application scan (as a part of a host scan)
  • application_scan_recurrence - (Required) (Updatable) Scan recurrences in RFC-5545 section 3.3.10 format. Only supported input are weekly, biweekly, monthly listed below FREQ=WEEKLY;WKST=;INTERVAL=1 - This weekly scan on the specified weekday (e.g. SU for Sunday) FREQ=WEEKLY;WKST=;INTERVAL=2 - This bi-weekly scan on the specified weekday (e.g. SU for Sunday) FREQ=MONTHLY;WKST=;INTERVAL=1 - This monthly scan on the specified weekday (e.g. SU for Sunday, starting from the next such weekday based on the time of setting creation)
  • folders_to_scan - (Required) (Updatable) List of folders selected for scanning
    • folder - (Required) (Updatable) Folder to be scanned in the corresponding operating system
    • operatingsystem - (Required) (Updatable) Operating system type
  • is_enabled - (Required) (Updatable) Enable or disable application scan
• compartment_id - (Required) (Updatable) Compartment ID of the scanning config. If no individual hosts are specified, all hosts in this compartment are scanned
• defined_tags - (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
• display_name - (Optional) (Updatable) Recipe identifier, which can be renamed. If not present, it will be auto-generated. Avoid entering confidential information.
• freeform_tags - (Optional) (Updatable) Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
• port_settings - (Required) (Updatable) Port scan settings for a host scan
  • scan_level - (Required) (Updatable) The scan level
• schedule - (Required) (Updatable) A scanning schedule
  • day_of_week - (Optional) (Updatable) Day of week the scheduled scan occurs (not applicable for DAILY type)
  • type - (Required) (Updatable) How often the scan occurs

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

• agent_settings - Agent scan settings for a host scan
  • agent_configuration - Agent configuration for host scan agent settings. This model is polymorphic, presenting different configuration options based on selected agent vendor.
    • cis_benchmark_settings - CIS (Center for Internet Security) Benchmark scan settings for a host scan
      • scan_level - The level of strictness to apply for CIS Benchmarks. Use ‘NONE’ to disable CIS Benchmark checks entirely.
    • endpoint_protection_settings - Endpoint Protection scan settings for a host scan
      • scan_level - The scan level. Use ‘NONE’ to disable Endpoint Protection checks entirely.
    • should_un_install - Boolean flag letting agent know if it should un-install the Qualys agent when it is stopped.
    • vault_secret_id - Vault secret OCID which stores license information. Content inside this secret in vault would be base64 string containing information about customer’s Qualys susbcription license.
    • vendor - Vendor to use for the host scan agent.
    • vendor_type - Vendor to use for the host scan agent.
  • scan_level - The scan level
• application_settings - Agent scan settings for applicaiton scan
  • application_scan_recurrence - Scan recurrences in RFC-5545 section 3.3.10 format. Only supported input are weekly, biweekly, monthly listed below FREQ=WEEKLY;WKST=;INTERVAL=1 - This weekly scan on the specified weekday (e.g. Sunday) FREQ=WEEKLY;WKST=;INTERVAL=2 - This bi-weekly scan on the specified weekday (e.g. Sunday) FREQ=MONTHLY;WKST=;INTERVAL=1 - This monthly scan on the specified weekday (e.g. Sunday, starting from the next such weekday based on the time of setting creation)
  • folders_to_scan - List of folders selected for scanning
    • folder - Folder to be scanned in the corresponding operating system
    • operatingsystem - Operating system type
  • is_enabled - Enable or disable application scan
• compartment_id - Compartment ID of the scan recipe
• defined_tags - Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
• display_name - Recipe identifier, which can be renamed
• freeform_tags - Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
• id - Unique identifier of the config that is immutable on creation
• port_settings - Port scan settings for a host scan
  • scan_level - The scan level
• schedule - A scanning schedule
  • day_of_week - Day of week the scheduled scan occurs (not applicable for DAILY type)
  • type - How often the scan occurs
• state - The current state of the config.
• system_tags - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
• time_created - Date and time the recipe was created, format as described in RFC 3339
• time_updated - Date and time the recipe was last updated, format as described in RFC 3339

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the Host Scan Recipe * update - (Defaults to 20 minutes), when updating the Host Scan Recipe * delete - (Defaults to 20 minutes), when destroying the Host Scan Recipe

Import

HostScanRecipes can be imported using the id, e.g.

$ terraform import oci_vulnerability_scanning_host_scan_recipe.test_host_scan_recipe "id"