Processing and Resolving Problems on the Problems Page

View, sort, and filter the list of problems detected. View details for individual problems, and take actions on problems individually or in groups.

Overview of Problems

  • A problem is action or setting on a resource that could potentially cause a security problem.

  • Problems are triggered through detectors.

  • The Problems page displays information about each problem, including:
    • Problem Name
    • Risk Level
    • Detector Type
    • Resource affected
    • Target
    • Region
    • Labels
    • Date Last Detected
  • Within the Problems page you can filter problems by Compartment, Status, Date, Risk Level, Resource Type, Detector Type, and Region.
  • You can click an individual problem to:
    • Learn more about that problem
    • View problem history
    • Take action to resolve or dismiss the problem

Problem Lifecycle

Here is how Cloud Guard manages problems as they occur, are processed, and reoccur.

  • Problems can be:
    • Remediated – Fix using Cloud Guard responder
    • Resolved – Fixed by other process
    • Dismissed – Ignore and close
  • If Cloud Guard detects an issue again for:
    • An Open (unresolved) problem, it updates the problem history, but doesn't create a new problem.
    • A previously solved problem, it reopens the issue and updates the history.
    • A previously dismissed problem, it updates the history.

Taking Actions on Problems

You can take the following actions on problems:

  • Remediate: When you remediate a problem, you're telling Cloud Guard to do one of two things:

    • Either execute a responder to fix something in your environment so that the problem doesn't happen again.
    • Or automatically resolve future instances that do occur, by executing the same responder.
  • Mark as Resolved: When you mark a problem as resolved, you're telling Cloud Guard that it was in fact a problem, but you've taken an action that handled it. If another instance of this same problem occurs, it's detected again.

  • Dismiss: When you dismiss a problem, you're telling Cloud Guard to ignore this instance of the problem for that resource, and simply ignore it if it happens in the future. Only the problem history of the dismissed problem is updated.

The following table summarizes the differences between the three problem actions.

RemediateMark as ResolvedDismiss
Number of problems resolved at one timeCurrent problem onlyCurrent problem or all selected problemsCurrent problem or all selected problems
Same problem occurring laterCan be automatically resolved in same way; future instances appear in Responder Status tile in Overview page, but still appear in Problems page list. Automatically resolved problems can also be viewed from the Problems page by choosing the Resolved filter. Will be detected and reported again; future instances appear in Problems page list.Will not be detected as a new problem. Problem history's last detected time will be updated.
Implementing resolutionExecutes a Cloud Guard responder.Whatever action you decide to take.Ignore the problem.

Viewing the Problems List

View, sort, and filter the list of problems detected.

The way that you access the Problems page determines what problems are listed there:

  • Directly - by clicking Problems in the Cloud Guard options panel on the left. All problems are listed.
  • Indirectly - by clicking an option on the Overview page or elsewhere, that automatically filters the problems list to display a subset of problems. Only that subset of problems is displayed.

Once you are on the Problems page, all the same options are available.

The Problems page displays this information for each problem listed:

  • Problem Name - text identifying the problem.
  • Risk Level - the severity of the risk associated with the problem (Critical, High, Medium, Low, Minor).

    For definitions of these severity levels, see Processing Problems from the Problems Snapshot.

  • Detector Type - Activity or Configuration.
  • Resource - an identifier for the resource affected by the problem.
  • Target - the target in which the problem was detected.
  • Region - the region in which the problem was detected.
  • Labels - any labels associated with the problem.
  • Last Detected - the date and time at which the problem was last detected.
  1. From the Cloud Guard options panel on the left, select Problems.

    You also go to the Problems page automatically, when you click through from summary information displayed on the Overview page. In this case, the Problems page is automatically filtered to show the subset of problems that was summarized on the Overview page.

    Note

    The retention period for problems is 90, days after which problems are deleted.
  2. To change the scope for which problems are included, in the Scope section, below the Cloud Guard options panel on the left select a different:
    • Compartment.

      The compartment you select, and all compartments below it, are included in the scope.

    • Status.

      By default, only Open problems are listed. You can also choose to list only Resolved or Dismissed problems.

    • Resource Type.
  3. To filter the list within the selected scope, make selections from the lists at the top of the page.
    To use the Filters box:
    1. Click in the Filters box.
    2. Select a parameter from the list.
    3. Click the equal sign that appears below the parameter.
    4. Select a value from the list.

      The list is immediately filtered to display only items that match your filter.

    5. To specify more filters, repeat the last four steps as needed.

      Multiple filters are ANDed.

    Note

    When the parameter you select is Labels:
    • Type values to be matched.
    • Separate multiple values with commas.
    • Multiple values are ORed.
  4. To switch the sort order for the problems, click the Last Detected column header.
    The default order is descending (most recently detected at top).
  5. To control which columns are displayed, click Manage Columns, then:
    • Deselect columns you want to hide.
    • Select columns you want to display.
    • Click Save.
  6. To view details for a specific problem, click the link in the Problem Name column or open the Actions menu Image of Action menu, and select View Details.

    On the Details tab, select from the Resources panel on the left:

    • Problem History to see a list of events and findings related to the problem.
    • Responder Activity to see a list of any responders that have been triggered for the problem.

Resolving Problems

After you determine how you want to handle a particular problem, you can implement the resolution from the problem details page or the Problems page.

  1. From the Cloud Guard options panel on the left, select Problems.

    You can also reach the Problems page by clicking through from summary information on the Overview page. See Getting Summary Information on the Overview Page.

    If you click through from summary information on the Overview page, the problems list is automatically filtered to show only the problems represented in the summary information.

  2. First view the details for a particular problem to determine how you want to resolve it.
    Click the link in the Problem Name column, or open the Actions menu Image of Action menu, and select View Details.
  3. To remediate one or more problems from the Problems page:
    1. Select the check box foe each problem to be remediated.
    2. Click Remediate near the top of the page.
    3. In the Remediate confirmation, click Remediate.
  4. To remediate a single problem from the Problems page, you can also:
    1. Open the Actions menu Image of Action menu and select Remediate to open the Remediate dialog box.
    2. If you see policies listed in a Policy Required to Execute section, click the Enable link for each policy listed.
    3. Click Save, at the bottom of the Remediate dialog box.
    4. Confirm that you want to execute the responder to remediate the problem.
  5. To mark one or more problems as resolved from the Problems page:
    1. Select the check box foe each problem to be resolved.
    2. Click Mark as Resolved near the top of the page.
    3. In the Mark as Resolved confirmation, click Mark as Resolved.
  6. To mark a single problem as resolved from the Problems page, you can also:
    1. Open the Actions menu Image of Action menu and select Mark as Resolved.
    2. In the Mark as Resolved dialog box, enter Comments indicating how the problem was resolved.
      Note

      While this comment is not required, it's a best practice to make a note here as an audit trail for future reference.
    3. Click Mark as Resolved.
  7. To mark a single problem as resolved from the problem's detail page:
    1. From the Problems page, click the link in the Problem Name column or open the Actions menu Image of Action menu, and select View Details.
    2. On the problem's detail page, click Mark as Resolved near the top.
    3. In the Mark as Resolved dialog box, enter Comments indicating how the problem was resolved.
      Note

      While this comment is not required, it's a best practice to make a note here as an audit trail for future reference.
    4. Click Mark as Resolved.
  8. To dismiss one or more problems from the Problems page:
    1. Select the check box for each problem to be dismissed.
    2. Click Dismiss near the top of the page.

      You can select up to 50 problems for batch dismissal.

    3. (Optional) In the Dismiss confirmation, enter a Comment indicating how the problems were resolved.
      Note

      While this comment is not required, it's a best practice to make a note here as an audit trail for future reference.
    4. In the Dismiss confirmation, click Dismiss.
  9. To dismiss a single problem from the Problems page, you can also:
    1. Open the Actions menu Image of Action menu and select Dismiss.
    2. In the Dismiss dialog box, enter Comments indicating how the problem was resolved.
      Note

      While this comment is not required, it's a best practice to make a note here as an audit trail for future reference.
    3. Click Dismiss.
  10. To dismiss a single problem from the problem's detail page:
    1. From the Problems page, click the link in the Problem Name column or open the Actions menu Image of Action menu, and select View Details.
    2. On the problem's detail page, click Dismiss near the top.
    3. In the Dismiss dialog box, enter Comments indicating how the problem was resolved.
      Note

      While this comment is not required, it's a best practice to make a note here as an audit trail for future reference.
    4. Click Dismiss, at the bottom of the Dismiss dialog box.
  11. To reopen a dismissed problem:
    1. From the Problems page, click the link in the Problem Name column or open the Actions menu Image of Action menu, and select View Details.
    2. On the problem's detail page, click Reopen near the top.
    3. Click Reopen, at the bottom of the Reopen dialog box.

Processing Recommendations

Use the Recommendations page to quickly locate and resolve the highest priority problems that Cloud Guard has detected.

The way that you access the Recommendations page determines what recommendations are listed there:

  • Directly - by clicking Recommendations in the Cloud Guard options panel on the left. All recommendations are listed.
  • Indirectly - by clicking an option on the Overview page or elsewhere, that automatically filters the recommendations list to display a subset of recommendations. Only that subset of recommendations is displayed.

Once you are on the Recommendations page, all the same options are available.

The Recommendations page displays this information for each recommendation listed:

  • Recommendations - text identifying the recommendation.
  • Total - the total number of instances of the problem to which the recommendation applies.
  1. From the Cloud Guard options panel on the left, select Recommendations, or from the Overview page's Security Recommendations tile, click the View Recommendations link.
  2. To change the scope of compartments for which recommendations are listed:
    1. From the Scope section below the Cloud Guard options panel on the left, drop down the Compartment list and select a different compartment.
    2. Deselect the check box for Include all child compartments to narrow the scope to only the compartment selected, excluding any compartments below it in the compartment hierarchy.
  3. To view the description for a recommendation, expand the recommendation row using the Expand icon Image of Expand icon at the right end.
  4. To process the recommendation for the instances of a problem:
    1. Open the Actions menu Image of Action menu and select View Problem.

      The Problems page opens, filtered to list only problem instances for this recommendation.

    2. Follow instructions in Resolving Problems to complete your processing of the recommendation.
      Tip

      When multiple problems are listed, you can probably select all and process them the same way in one step, because they are all instances of the same problem.
    3. To return to the Recommendations page, click your browser's Back button.