Listing Problems and Getting Their Details

View, sort, and filter the list of detected problems in Cloud Guard.

The way that you access the Problems page determines what problems are listed there:

  • Directly: Open the navigation menu and click Identity & Security. Under Cloud Guard, click Alerts. On the Alerts page, click Problems. All problems are listed.
  • Indirectly: Click an option on the Overview page or elsewhere, which automatically filters the problems list to display a subset of problems.

After you're on the Problems page, all the same options are available.

The Problems page displays the following information for each problem listed:

  • Problem name: Text that identifies the problem.
  • Risk level: The severity of the risk associated with the problem (Critical, High, Medium, Low, Minor).

    For definitions of these severity levels, see Viewing Problems from the Problems Snapshot.

  • Detector type: Activity, Configuration, or Threat.
  • Resource: An identifier for the resource affected by the problem.
  • Target: The target in which the problem was detected.
  • Region: The region in which the problem was detected.
  • Labels: Any labels associated with the problem.
  • First detected: The date and time when the problem was first detected.
  • Last Detected: The date and time when the problem was last detected.
  • To view and filter problems, follow these steps:

    1. Open the navigation menu and click Identity & Security. Under Cloud Guard, click Alerts.
    2. On the Alerts page, click Problems.

      You can also go to the Problems page automatically, when you click through from summary information displayed on the Overview page. In this case, the Problems page is automatically filtered to show the subset of problems that was summarized on the Overview page.

      Note

      The retention period for problems is 90 days, after which problems are deleted.
    3. To filter the list for specific date ranges, enter dates in the fields at the top.
    4. To filter the list for specific detectors, set Filters to Detector Type, then select one of the following options:
      • Activity for Activity Detector.
      • Configuration for Configuration Detector.
      • Instance Security for Instance Security Detector.
      • Threat for Threat Monitoring.
    5. To filter the list for specific categories, set Filters to Problem category, then select:
      • Security Zone for Security Zones.
    6. To filter the list by Compartment, Status, or Resource type, select values in the fields under Scope on the lower left side of the page.
      If you also want to see problems in compartments below the selected compartment, select Include child compartments.
    7. To filter by tags, follow these steps:
      1. To the right of Tag filters in the lower-left side of the page, click the add link.
      2. In the Apply tag filter dialog box, select a Tag namespace. If you want to manually enter a tag, select None (free-form tag).
      3. Select or enter a Tag key.
      4. For Tag value, select one of the following options:
        • Select Match any value if you want any tag value to count as a match.
        • Select Specify matching values and manually enter values, separated by commas, if you want only the values that you enter to count as a match.
        • To add more values for this tag, click the plus sign (+).
      5. Click Apply filter.
    8. To switch the sort order for the problems, click the Last detected column header.
      The default order is descending (most recently detected at the top).
    9. To control which columns are displayed, click Manage columns, clear check boxes for columns to hide, and select check boxes for columns to display. Click Save.
    10. To view details for a specific problem, click the link in the Problem name column.

      The problem details page shows impacted resources by default.

    11. Under Resources, select one of the following options to see more information,
      • Problem History displays a list of events and findings related to the problem.
      • Responder Activity displays a list of any responders that have been triggered for the problem.
  • For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

    Problems

    Use the oci cloud-guard problem get command and required parameters to get a specific problem:

    oci cloud-guard problem get --problem-id <problem_ocid> [OPTIONS]

    Use the oci cloud-guard problem list command and required parameters to list all problems in a compartment:

    oci cloud-guard problem list --compartment-id, -c <comparment_ocid> [OPTIONS]

    Use the oci cloud-guard problem list-problem-entities command and required parameters to list all entities for a problem:

    oci cloud-guard problem list-problem-entities --problem-id <problem_ocid> [OPTIONS]

    Use the oci cloud-guard problem list-problem-histories command and required parameters to list all actions taken on a problem:

    oci cloud-guard problem list-problem-histories --compartment-id, -c <comparment_ocid> --problem-id <problem_ocid> [OPTIONS]

    Responder Executions

    Use the oci cloud-guard responder-execution execute command and required parameters to execute a responder execution:

    oci cloud-guard responder-execution execute --compartment-id, -c <comparment_ocid> -- responder-execution-id <responder_execution_identifier> [OPTIONS]

    Use the oci cloud-guard responder-execution get command and required parameters to get a responder execution:

    oci cloud-guard responder-execution get -- responder-execution-id <responder_execution_identifier> [OPTIONS]
  • Problems

    Run the GetProblem operation to get a specific problem.

    Run the ListProblems operation to list all problems in a compartment.

    Run the ListProblemEntities operation to list all entities for a problem.

    Run the ListProblemHistories operation to list all actions taken on a problem.

    Responder Executions

    Run the ExecuteResponderExecution operation to to execute a responder execution.

    Run the GetResponderExecution operation to get a responder execution.