Oracle Cloud Infrastructure Documentation

Listing Responder Rules and Getting Their Details

Monitor responder activity in Cloud Guard and take actions as needed.

    1. Open the navigation menu and click Identity & Security. Under Cloud Guard, click Responder activity.

      You can also navigate to the Responder activity page by clicking in the Responder status tile on the Overview page. That automatically filters the responders list to display only a subset of responders.

    2. To control which columns are displayed, click Manage columns, clear check boxes for columns to hide, and select check boxes for columns to display. Click Save.
    3. To change the scope of compartments for which recommendations are listed:
      1. Under Scope, select a different compartment.
      2. Clear the check box for Include all child compartments to narrow the scope to only the compartment selected, excluding any compartments under it in the compartment hierarchy.
    4. To filter the list within the set scope by dates, make selections from the lists at the top of the page.
    5. To filter by other parameters, use the Filters box as follows:
      1. Click in the Filters box and select a parameter.
      2. Click the equal sign that appears below the parameter, and then select a value.

        The responder activity list is immediately filtered to display only items that match your filter.

      3. Specify more filters as needed.

        Multiple filters are joined by AND.

    6. To view details for a responder's problem, click the link in the Problem name column.
      Use the browser's Back button to return to the Responder activity page.
    7. To specify a further action for a responder, open its Actions menu Image of Action menu, and select from available actions.

      The available actions depend on the responder's Execution status:

      • Started: The responder was triggered. No actions are available for this execution status.
      • Awaiting confirmation: The responder is waiting for the user to specify the action to take. The possible actions are as follows:
        • Execute: The responder performs the action indicated in the Responder name column. For example, if the responder name is "Make Bucket Private," selecting Execute makes the public bucket private.
        • Skip execution: The responder doesn't perform the action indicated in the Responder name column. For example, if the responder name is "Make Bucket Private," selecting Skip execution leaves the bucket public.
        • View problem: Opens the details page for the problem. From that page, you can execute the responder, or skip execution.
      • Awaiting input: The responder is waiting for the user to provide necessary input before performing the action. The possible actions are as follows:
        • Execute: The responder performs the action indicated in the Responder name column. For example, if the responder name is "Make Bucket Private," selecting Execute makes the public bucket private.
        • Skip execution: The responder doesn't perform the action indicated in the Responder name column. For example, if the responder name is "Make Bucket Private," selecting Skip executionleaves the bucket public.
      • Failed: Cloud Guard tried to execute a manual remediation to the problem, but that failed. Permissions might not be sufficient to allow the responder action, or the resource might no longer be available. To get details about why the action failed, select View problem from the Actions menu, and then click Responder activity under Resources.
      • Skipped: Cloud Guard skipped the action on this problem. Responder actions are frequently skipped because a problem has multiple responder actions and Cloud Guard executes only one. To get details about why the action was skipped, select View problem from the Actions menu, and then click Responder activity under Resources.
      • Succeeded: Cloud Guard has successfully resolved the problem. The possible actions are as follows:
        • View problem: Opens the details page for the problem. To get a complete timeline of events and actions taken on this problem, click Responder activity under Resources.
        • Add to responder recipe: Depending on the status of the responder recipe and rule within the target:
          • If no responder recipe is added to the target, you're prompted to add a responder recipe, and then try again.
          • If the responder rule is disabled on the target, you're prompted to enable the rule.
          • If the responder rule is enabled, you're prompted to make changes that override the existing configuration.

  • For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

    Responder Rules

    Use the oci cloud-guard responder-rule get command and required parameters to get a specific responder rule:

    oci cloud-guard responder-rule get --responder-rule-id <responder_rule_id> [OPTIONS]

    Use the oci cloud-guard responder-rule list command and required parameters to list all responder rules for a compartment:

    oci cloud-guard responder-rule list --compartment-id, -c <compartment_ocid> [OPTIONS]

    Responder Activities

    Use the oci cloud-guard responder-activity-summary list-responder-activities command and required parameters to list responder activities for a specific problem:

    oci cloud-guard responder-activity-summary list-responder-activities --problem-id <problem_ocid> [OPTIONS]

    Responder Executions

    Use the oci cloud-guard responder-execution-summary list-responder-executions command and required parameters to list all responder executions for a specific compartment:

    oci cloud-guard responder-execution-summary list-responder-executions --compartment-id, -c <compartment_ocid> [OPTIONS]

    Resource Types

    Use the oci cloud-guard resource-type-summary list-resource-types command and required parameters to list all resource types for a specific compartment:

    oci cloud-guard resource-type-summary list-resource-types --compartment-id, -c <compartment_ocid> [OPTIONS]

  • Responder Rules

    Run the GetResponderRule operation to get a specific responder rule.

    Run the ListResponderRules operation to list all responder rules for a compartment.

    Responder Activities

    Run the ListResponderActivities operation to list responder activities for a specific problem.

    Responder Executions

    Run the ListResponderExecutions operation to list all responder executions for a specific compartment.

    Resource Types

    Run the ListResourceTypes operation to list all resource types for a specific compartment.