Scanning Metrics

You monitor the health, capacity, and performance of Oracle Vulnerability Scanning Service by using metrics, alarms, and notifications.

This topic describes the metrics emitted by the metric namespace oci_vss.

Overview

Metrics help you monitor the vulnerabilities that the Vulnerability Scanning service detects in your cloud resources.

Namespace
A namespace is a container for metrics. The namespace identifies the service sending the metrics. The namespace for the Scanning service is oci_vss.
Metrics
Metrics are the fundamental concept in telemetry and monitoring. Metrics define a time-series set of datapoints. Each metric has a namespace, metric name, compartment identifier, one or more dimensions, and a unit of measure. Each datapoint has a timestamp, value, and count associated with it.
Dimensions
A dimension is a key-value pair that defines the characteristics associated with the metric. For example, resourceId is the OCID of the resource that was scanned.
Statistics
Statistics are metric data aggregations over specified periods of time. Aggregations are done using the namespace, metric name, dimensions, and the data point unit of measure within the time period specified.
Alarms
Alarms are used to automate operations monitoring and performance. An alarm tracks changes that occur over a specific time period and performs one or more defined actions, based on the rules defined for the metric.

Required IAM Policy

To monitor resources in Oracle Cloud Infrastructure, you must be given the required type of access in a policy  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool.

The policy must give you access to the monitoring services and the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you were granted and which compartment  you are supposed to work in.

For more information on user authorizations for monitoring, see the Authentication and Authorization section for the related service: Monitoring or Notifications.

Available Metrics

Scanning metrics include the following dimensions:

  • resourceId: The OCID of the cloud resource that was scanned, such as a compute instance .
  • resultId: The OCID of the host scan   in the Scanning service.
  • riskLevel: The risk level of the cloud resource that was scanned.

    The Scanning service categorizes problems by these risk levels.

    • Critical - the most serious problems detected, which should be your highest priority to resolve.
    • High - the next most serious problems.
    • Medium - problems that are a bit less serious.
    • Low - problems that are still less serious.
    • Minor - the least serious problems detected; they still need be resolved eventually, but can be your lowest priority.
Metric Metric Display Name Unit Description
SecurityVulnerability Security Vulnerability count Total number of vulnerabilities found in a scan of a cloud resource.

Using the Console

View the metric charts for the Scanning service.

  1. In the Console, open the navigation menu. Under Solutions and Platform, go to Monitoring and click Service Metrics.
  2. For Compartment, select the compartment that contains the Scanning target  that you're interested in.
  3. For Metric Namespace, select oci_vss.

The Service Metrics page dynamically updates to show charts for each metric that is emitted by the selected metric namespace.