You monitor the health, capacity, and performance of Oracle Vulnerability Scanning Service by using metrics, alarms, and notifications.
This topic describes the metrics emitted by the metric namespace
Metrics help you monitor the vulnerabilities that the Vulnerability Scanning service detects in your cloud resources.
- A namespace is a container for metrics. The namespace identifies the service sending the
metrics. The namespace for the Scanning
- Metrics are the fundamental concept in telemetry and monitoring. Metrics define a time-series set of datapoints. Each metric has a namespace, metric name, compartment identifier, one or more dimensions, and a unit of measure. Each datapoint has a timestamp, value, and count associated with it.
- A dimension is a key-value pair that defines the characteristics associated with the metric.
resourceIdis the OCID of the resource that was scanned.
- Statistics are metric data aggregations over specified periods of time. Aggregations are done using the namespace, metric name, dimensions, and the data point unit of measure within the time period specified.
- Alarms are used to automate operations monitoring and performance. An alarm tracks changes that occur over a specific time period and performs one or more defined actions, based on the rules defined for the metric.
Required IAM Policy
To monitor resources in Oracle Cloud Infrastructure, you must be given the required type of access in a policy written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool.
The policy must give you access to the monitoring services and the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you were granted and which compartment you are supposed to work in.
Scanning metrics include the following dimensions:
resourceId: The OCID of the cloud resource that was scanned, such as a compute instance .
resultId: The OCID of the host scan in the Scanning service.
riskLevel: The risk level of the cloud resource that was scanned.
The Scanning service categorizes problems by these risk levels.
- Critical - the most serious problems detected, which should be your highest priority to resolve.
- High - the next most serious problems.
- Medium - problems that are a bit less serious.
- Low - problems that are still less serious.
- Minor - the least serious problems detected; they still need be resolved eventually, but can be your lowest priority.
|Metric||Metric Display Name||Unit||Description|
||Security Vulnerability||count||Total number of vulnerabilities found in a scan of a cloud resource.|
Using the Console
View the metric charts for the Scanning service.
- In the Console, open the navigation menu. Under Solutions and Platform, go to Monitoring and click Service Metrics.
- For Compartment, select the compartment that contains the Scanning target that you're interested in.
- For Metric Namespace, select oci_vss.
The Service Metrics page dynamically updates to show charts for each metric that is emitted by the selected metric namespace.
Using the API
Use the following APIs for monitoring.
For information about SDKs, see Software Development Kits and Command Line Interface.