Using Managed Lists

You can create, modify, and delete your own managed lists as needed to meet your specific security needs.

About Managed Lists

A managed list is a reusable list of parameters that makes it easier to set the scope for detector and responder rules.

A managed list is a tool that can be used to apply certain configurations to detectors.

A predefined "Trusted Oracle IP address space" list contains all the Oracle IP addresses that you want to regard as trusted when you define rules for detectors and responders.

Cloud Guard also lets you define your own managed lists as needed. For example, you can define lists of states or provinces, zip or postal codes, OCIDs, or whatever else you may need.

Examples of specific use cases for custom managed lists:

Manage List Content Use
Trusted IP addresses Exempt listed IP addresses from triggering alerts that should be triggered from IP addresses that are not trusted.
Resources that should be public Exempt listed resources from all detectors related to identifying public configurations.
Groups of users with specific authorizations

Exempt listed groups or users from triggering alerts on activities users are authorized to perform.

Viewing Details for a Managed List

You can view the details for a managed list anytime you need to check the list of items that's included.

  1. From the Cloud Guard options panel on the left, select Managed Lists.

    The Managed Lists page lists all managed lists that are currently defined.

    Note

    Initially, the list shows only the Oracle Cloud Guard CIDR Managed List.

    The column headers provide summary information for the managed lists:

    • List Name - the name of the managed list.
    • Type - the type of item in the list (for example, CIDR Block, Country, Users).
    • Total Entries - the total number of entries currently in the list.
    • Feed Provider - the original source of list items, Oracle or Customer.
    • Created - when the list was first created.
  2. To filter the list of managed lists, you can:
    • Start typing in the Filter by... box at the top right.
    • Under Scope at lower left, select a different Compartment.
    • To right of Tag Filters at lower left:
      1. Click the add link.
      2. In the Apply tag filter dialog box, select a Tag Namespace .

        Select None (free-form tag) if you want to manually enter the Tag Key.

      3. Select a Tag Key.

        Manually enter the Tag Key if you selected None (free-form tag) for the Tag Namespace.

      4. For Value:
        • Select Match any value if you want any tag value to count as a match.
        • Select Match any of the following and manually enter values, separated by commas, if you want only the values you enter to count as a match.
        • To add more values for this tag, click the plus sign (+) at the lower right.
      5. Click Apply Filter.
  3. To view details for a particular managed list, click the name in the List Name column.
  4. In the Template Details tab, OCID row:
    • Click the Show link to show the full OCID.
    • Click the Copy link to copy the full OCID to the clipboard.
  5. If the feed for this managed list is user-provided, you can view tags that have been assigned:
    1. Click the Tags tab.
    2. View the tags that have been assigned.
      If no tags have been assigned, you see "There are no Tags associated with this resource."
  6. In the Entries section, view the individual items in the list.
    To filter the list, start typing in the Filter by name box.

Creating a Managed List

Create your own managed lists, anytime you see the need to reuse the same list of items to define a detector or responder rule.

  1. From the Cloud Guard options panel on the left, select, select Managed Lists.
  2. On the Managed Lists page, click Create New Managed List above the column headers.
  3. On the first, Basic Information page of the Create Managed List dialog box, enter a Name.
    Avoid entering confidential information.
  4. (Optional) Enter a Description.
    Avoid entering confidential information.
  5. Select a List Type.
  6. Click Next.
    A box appears on the second, List Entries page of the dialog box where you can enter the value for the first item in the list.
  7. Enter the text for an item in the box.
  8. To enter text for another item, click Additional List Item.
  9. Repeat the previous two steps until you have finished entering items,
    If you want to remove an item from the list, click the "X" to the right of the item.
  10. Click Submit.
    Your list now appears in the list on the Managed Lists page.

Cloning a Managed List

Clone managed lists as needed to fine-tune the selection of managed lists available to use in your environment.

When you want to create a managed list that is similar to one that exists, you can save time by cloning the existing list. You can clone any managed list that appears on the Managed Lists page.
  1. From the Cloud Guard options panel on the left, select Managed Lists.
  2. (Optional) In the Scope section at lower left, set parameters to filter what appears in the list:
    • Set Compartment to display only managed lists attached to a specific compartment.
    • If you also want managed lists attached to compartments below the selected compartment to appear in the list, select Include Child Compartments.
  3. Click Clone at the top of the list.
  4. In the Clone Managed List panel, select the managed list to clone from the Cloning list.
    A default List Name and Description appear.
  5. (Optional) Edit the default List Name and Description entries.
    Avoid entering confidential information.
  6. (Optional) Select a different Compartment Assignment.
    The default is the tenancy root.
  7. Click Next.
  8. (Optional) On the Clone Managed List panel's List Entries page, modify list entries:
    • To change the value for an existing entry, edit the entry directly in its text box
    • To delete an unwanted entry, click the “X” on the right end of the entry.
    Note

    To add new entries, or to delete or edit more existing entries, complete the next step to finish cloning the managed list, then see Modifying a Managed List.
  9. Click Submit.
    The cloned managed list appears in the list on the Managed Lists page.

Modifying a Managed List

You can modify a managed list anytime you need to add or delete items to the list.

When you modify managed lists, the entry in the Feed Provider column for the managed list on the Managed Lists page determines what you can change:

  • When Oracle provides the feed for the managed list, Oracle controls the list content and you can't add tags.

  • When Customer provides the feed for the managed list, you are in complete control of the list content, you can change whatever you want to, and you can add tags.

  1. From the Cloud Guard options panel on the left, select Managed Lists.
  2. Locate the managed list you want to modify and click the name in the List Name column.
  3. To see tags that have been added to the managed list, click the Tags tab below the detector recipe's name on the details page.
  4. If the feed for the managed list is customer-provided, you can add tags:
    1. Click Add Tags below the managed list's name on the details page.
    2. In the Add Tags dialog box, select a Tag Namespace, then enter a Tag Key and a Value.
    3. To add another tag, click + Another Tag, then repeat the previous step.
    4. When you finish adding tags, click Add Tags.
  5. If the Feed Provider for the managed list is Customer:
    • To attach the managed list to a different compartment:
      1. Click Move Resource below the managed list name at the top.
      2. In the Move Resource to a Different Compartment dialog box, select the new compartment from the Choose New Compartment list, then click Move Resource.
    • To add one or more entries to the list:
      1. in the Entries section, click Add Entry.
      2. In the Add Entry dialog box, enter the text for the first entry you want to add.
      3. To add another entry, click Additional List Item and enter the text.
      4. Repeat the previous two steps until you are done adding entries, then click Save.
    • To modify an entry in the list:
      1. Locate the entry that you want to modify, open the Actions menu Image of Action menu, and select Edit.
      2. In the Update Entry panel, edit the entry and click Save.
    • To edit the entire list:
      1. Click Edit below the managed list name at the top.
      2. In the Update Entry dialog box, edit the text for any of the items listed, then click Save.
      3. To add a new entry to the list, click Additional List Item at the bottom.
      4. To delete in item, click the "X" to right of its box.
      5. When done editing the list, click Save.
    • To delete entries from the list on the list details page:
      1. Select the check box for each entry you want to delete.
      2. Click Delete at the top of the list.
      3. In the Delete List dialog box, click Yes.
    • To delete the entire list:
      1. Click Delete below the list name on the list details page.
      2. In the Delete List dialog box, click Yes.

Deleting a User-Managed List

You can also delete a user-managed list that you no longer need directly from the Managed Lists page.

  1. From the Cloud Guard options panel on the left, select Managed Lists.
  2. Locate the managed list you want to delete, open the Actions menu Image of Action menu, and select Delete.
  3. Click Yes to confirm the deletion.