Get started with Agentless Vulnerability & Threat Detection for Oracle Cloud Infrastructure (OCI)

Views:

Learn how to enable Agentless Vulnerability & Threat Detection in your Oracle Cloud Infrastructure (OCI) compartment and understand provider-specific feature requirements and limitations.

Important

This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.

To start scanning for vulnerabilities and malware in your cloud resources, connect your Oracle Cloud Infrastructure (OCI) compartment to Trend Vision One in Cloud Accounts using the Terraform template. Enable Agentless Vulnerability & Threat Detection in Features and Permissions.

Agentless Vulnerability & Threat Detection scans the following OCI resource types:

OCI block volumes
OCI boot volumes attached to compute instances
OCI Container Registry images

Important

Agentless Vulnerability & Threat Detection vulnerability and anti-malware scanning options are enabled by default for all supported OCI resources. Scan settings are not currently configurable. For detailed instructions, see Add an Oracle Cloud Infrastructure (OCI) compartment.
Follow the Agentless Vulnerability & Threat Detection pre-deployment steps for Oracle Cloud Infrastructure (OCI) before deployment to ensure successful deployment

Agentless Vulnerability & Threat Detection works in OCI by creating and collecting backups of block and boot volumes and collecting Container Registry images. The collected resources are then scanned for vulnerabilities and malware.

Important

Agentless Vulnerability & Threat Detection creates and collects backups of your OCI block and boot volumes prior to scanning and tags the backups with the tag trend-micro-product:avtd. Use the tag to identify backups waiting to be scanned and to exclude the backups from any automated deletion processes you have configured. Backups are automatically deleted from your OCI compartment after the scan completes.

Agentless Vulnerability & Threat Detection architecture diagram for OCI compartment deployments

Note

If you remove the Agentless Vulnerability & Threat Detection stack from a compartment, Agentless Vulnerability & Threat Detection automatically deletes all deployed resources. If a scan is in progress during removal, the Agentless Vulnerability & Threat Detection compute instance, volume, or volume backups may not be deleted. If the resources are not automatically deleted, you must delete them manually.

Scan results are sent to Trend Vision One and can be seen in Cloud Risk Management, Cyber Risk Overview, Threat and Exposure Management, and asset profile screens in Attack Surface Discovery. After you patch vulnerabilities or remediate malware in volumes, the detections no longer appear after the next daily scan. Vulnerability detections in images remain visible in Threat and Exposure Management → Vulnerabilities for seven days after mitigation. Malware detections in images remain visible in Threat and Exposure Management → All Risk Events for seven days after remediation.

The following table lists scanning limitations that apply to each supported OCI resource type.

OCI resource scanning limitations

OCI resource	Limitations
Volumes	Only volumes attached to VMs are supported. Supported volume types include: Block volumes Boot volumes
Container Registry images	Vulnerability scans of images larger than 20 GB in size might fail due to OCI container instance size limitations. Only images from Container Registries in the same region as the Agentless Vulnerability & Threat Detection stack are scanned. Images must be in the same compartment as the Agentless Vulnerability & Threat Detection stack to be scanned.

For a list of operating systems supported by Agentless Vulnerability & Threat Detection see Agentless Vulnerability & Threat Detection supported operating systems.

The following OCI regions are supported for Agentless Vulnerability & Threat Detection deployment.

OCI Region Identifiers and Names

Region Identifier	Region Name
af-johannesburg-1	South Africa Central (Johannesburg)
ap-batam-1	Indonesia North (Batam)
ap-chuncheon-1	South Korea North (Chuncheon)
ap-hyderabad-1	India South (Hyderabad)
ap-melbourne-1	Australia Southeast (Melbourne)
ap-mumbai-1	India West (Mumbai)
ap-osaka-1	Japan Central (Osaka)
ap-seoul-1	South Korea Central (Seoul)
ap-singapore-1	Singapore (Singapore)
ap-singapore-2	Singapore West (Singapore)
ap-sydney-1	Australia East (Sydney)
ap-tokyo-1	Japan East (Tokyo)
ca-montreal-1	Canada Southeast (Montreal)
ca-toronto-1	Canada Southeast (Toronto)
eu-amsterdam-1	Netherlands Northwest (Amsterdam)
eu-frankfurt-1	Germany Central (Frankfurt)
eu-madrid-1	Spain Central (Madrid)
eu-marseille-1	France South (Marseille)
eu-milan-1	Italy Northwest (Milan)
eu-paris-1	France Central (Paris)
eu-stockholm-1	Sweden Central (Stockholm)
eu-zurich-1	Switzerland North (Zurich)
il-jerusalem-1	Israel Central (Jerusalem)
me-abudhabi-1	UAE Central (Abu Dhabi)
me-dubai-1	UAE East (Dubai)
me-jeddah-1	Saudi Arabia West (Jeddah)
me-riyadh-1	Saudi Arabia Central (Riyadh)
mx-monterrey-1	Mexico Northeast (Monterrey)
mx-queretaro-1	Mexico Central (Queretaro)
sa-bogota-1	Colombia Central (Bogota)
sa-santiago-1	Chile Central (Santiago)
sa-saopaulo-1	Brazil East (Sao Paulo)
sa-valparaiso-1	Chile West (Valparaiso)
sa-vinhedo-1	Brazil Southeast (Vinhedo)
uk-cardiff-1	UK West (Newport)
uk-london-1	UK South (London)
us-ashburn-1	US East (Ashburn)
us-chicago-1	US Midwest (Chicago)
us-phoenix-1	US West (Phoenix)
us-sanjose-1	US West (San Jose)