Host Vulnerabilities Reports

Oracle Vulnerability Scanning Service scans your targets based on the schedule and scanning properties in the recipe assigned to each target. Use vulnerabilities reports to identify security issues in your compute instances  like critical OS patches.

At least one host target must exist before any vulnerabilities reports are created. See Managing Host Targets.

Common Vulnerabilities and Exposures (CVE) numbers are used by Oracle to identify security vulnerabilities for operating systems and other software, including Critical Patch Updates and Security Alert advisories. CVE numbers are unique, common identifiers for publicly known information about security vulnerabilities.

The Scanning service saves the results for a compute instance in the same compartment as the instance's Scanning target.

Consider the following example.

  • The compute instance MyInstance is in CompartmentA.
  • MyInstance is specified in Target1.
  • Target1 is in CompartmentB.
  • All reports related to MyInstance are in CompartmentB.

The Scanning service categorizes problems by these risk levels.

  • Critical - the most serious problems detected, which should be your highest priority to resolve.
  • High - the next most serious problems.
  • Medium - problems that are a bit less serious.
  • Low - problems that are still less serious.
  • Minor - the least serious problems detected; they still need be resolved eventually, but can be your lowest priority.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted the required type of access in a policy (IAM)  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool.

If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you were granted and which compartment  you are supposed to work in.

For example, to allow users in the group SecurityAdmins to create, update, and delete all Vulnerability Scanning resources in the compartment SalesApps:

Allow group SecurityAdmins to manage vss-family in compartment SalesApps

See Scanning IAM Policies.

Viewing Host Vulnerabilities Reports

Use the Console to browse and search for vulnerabilities reports.

  1. Open the navigation menu and click Identity & Security. Under Scanning, click Vulnerability Reports.
  2. Select the Compartment in which you created the target.
  3. (Optional) Click the table columns to sort the reports by:
    • Risk Level
    • Issue Title
    • Last Detected
    • First Detected
    • Hosts Impacted
  4. To view details about a vulnerability, click a report's CVE ID.

A vulnerabilities report includes details about the affected hosts and CVEs.

Viewing the Affected Hosts in a Vulnerabilities Report

Use the Console to view details about the compute instances on which a specific vulnerability was detected.

  1. Open the navigation menu and click Identity & Security. Under Scanning, click Vulnerability Reports.
  2. Select the Compartment in which you created the target.
  3. To view details about a vulnerability, click a report's CVE ID.

    The Hosts section lists the compute instances that are affected by the selected vulnerability.

  4. To view more details about the compute instance, click the name of a host scan report.

    The Scanning service creates a separate report for each compute instance that you added to your target configurations. The report has the same name as the compute instance.

A host scan includes metrics, open ports, and benchmarks for a specific compute instance.

Viewing the CVE in a Vulnerabilities Report

Use the Console to learn more information about a specific vulnerability, such as the affected OS packages.

  1. Open the navigation menu and click Identity & Security. Under Scanning, click Vulnerability Reports.
  2. Select the Compartment in which you created the target.
  3. To view details about a vulnerability, click a report's CVE ID.
  4. From the report's details, click the CVE ID or Related CVE ID.

Exporting a Vulnerabilities Report

Use the Console to export all vulnerabilities reports as a file in comma-separated value (CSV) format for offline analysis.

Example output:

resultId,compartmentId,cveId,severity,state,title,lastDetected,firstDetected,hostCount
1234,ocid1.compartment.example123,CVE-2018-12345,HIGH,OPEN,CVE-2018-12345,2020-12-22T12:47:18Z,2020-12-21T16:47:25Z,3
  1. Open the navigation menu and click Identity & Security. Under Scanning, click Vulnerability Reports.
  2. Select the Compartment in which you created the target.
  3. Click Export.

Using the CLI

For information about using the CLI, see Command Line Interface (CLI). For a complete list of flags and options available for CLI commands, see CLI Help.

To list all vulnerabilities reports in a compartment:

oci vulnerability-scanning host vulnerability list --compartment-id <compartment_ocid>

For example:

oci vulnerability-scanning host vulnerability list --compartment-id ocid1.compartment.oc1..exampleuniqueID

To view the details of a specific vulnerability report:

oci vulnerability-scanning host vulnerability get --host-vulnerability-id <vulnerability_ocid>

For example:

oci vulnerability-scanning host vulnerability get --host-vulnerability-id ocid1.vsshostvulnerability.oc1..exampleuniqueID