Using the Responder Activity Page

View the status of recent responders that have been triggered, and specify further actions to be taken on responders that have not completed processing.

Navigating to the Responder Activity Page

Understand the two ways you can reach the Responder Activity page, and the content that each way displays.

The way that you access the Responder Activity page determines what responders are listed there:

  • Directly - by clicking Responder Activity in the Cloud Guard options panel on the left. All responders are listed.
  • Indirectly - by clicking in the Responder Status tile on the Overview page, that automatically filters the responders list to display a subset of responders. Only that subset of responders is displayed.

After you are on the Responder Activity page, all the same options are available.

Understanding the Responder Activity Page

Understand what information is displayed in the different columns on the Responder Activity page.

The column headers identify the information displayed:

  • Responder Name - the name of the responder that was triggered. The name also describes the action to be taken.
  • Responder Activity OCID - the Oracle Cloud Infrastructure ID (OCID) of the responder that was triggered.
  • Resource - the name of the resource related to the problem that the response would modify.
  • Region - the Oracle region in which the responder that was triggered. For IAM resources, or other global resources, the home region of the tenant.
  • Execution Status - The current status of a response activity:
    • Awaiting confirmation - The response is pending and requires user approval before the action is taken.
    • Failed - The attempted response action failed.
    • Skipped - While awaiting confirmation, the response action a Cloud Guard operator skipped the response.
      Note

      When multiple response options are available, a Cloud Guard administrator might choose to skip one response action in preference for another.
    • Started - The response has been initiated, but has not yet logged as completed with a resolution status.
    • Succeeded - The response action completed successfully.
  • Execution Type - The responder execution can be either Manual or Automated.
  • Problem Name - The name of the problem that the responder identified.
  • Time Created - The date and time that a response activity record was created for the related problem.
  • Time Completed - The date and time the response activity was completed.

Responder Execution Types and Execution Status

View the rules for how Cloud Guard resolves manual and automated execution types, and the different status values that each execution type can have.

Responders are executed either manually or automatically. Each responder Execution Type (Manual or Automated) can be in a different Execution Status:

Execution Type How Problems Are Resolved Possible Execution Status
Manual Problems are resolved manually (from the Problems page, Mark as Resolved or Dismissed).
  • Succeeded
  • Failed
Automatic Problems are resolved by first getting user confirmation or input. Then problems are remediated, either by Cloud Guard or directly by the user.
  • Awaiting confirmation
  • Awaiting input
  • Skipped
  • Succeeded
  • Failed
Problems are resolved immediately by Cloud Guard, with no user intervention.
  • Succeeded
  • Failed

Working with the Responder Activity Page

Use the Responder Activity page to monitor responder activity and take actions as needed.

  1. Navigate to the Responder Activity page.

    From the Cloud Guard options panel on the left, select Responder Activity.

    You can also navigate to the Responder Activity page by clicking in the Responder Status tile on the Overview page. That automatically filters the responders list to display only a subset of responders.

  2. To control which columns are displayed:
    1. Click Manage Columns at the top of the list.
    2. Select columns you want displayed.
    3. Clear the check box for columns you want to hide.
    4. Click Save.
  3. To change the scope of compartments for which recommendations are listed:
    1. From the Scope section below the Cloud Guard options panel on the left, drop down the Compartment list and select a different compartment.
    2. Clear the check box for Include all child compartments to narrow the scope to only the compartment selected, excluding any compartments below it in the compartment hierarchy.
  4. To filter the list within the set scope, make selections from the lists at the top of the page.
    To use the Filters box:
    1. Click in the Filters box, above the column headers.
    2. Select a parameter from the list.
    3. Click the equal sign that appears below the parameter.
    4. Select a value from the list.

      The list is immediately filtered to display only items that match your filter.

    5. To specify more filters, repeat the last four steps as needed.

      Multiple filters are ANDed.

    6. To clear all filters, click Reset All, below the Filters box.
  5. To view details for a responder's problem, click the link in the Problem Name column, or open the Actions menu Image of Action menu, and select View Problem.
    Use the browser's Back button to return to the Responder Activity page.
  6. From the Responder Activity page, to specify a further action for a responder, open the Actions menu Image of Action menu, and select from available actions.

    The available actions depend on the responder's Execution Status:

    Execution Status Execution Status Description Possible Actions Action Description
    Started The responder was triggered. None No actions are available for this execution state.
    Awaiting Confirmation The responder is waiting for the user to specify the action to take. Execute Responder will take the action indicated in the Responder Name. For example, if the Responder Name is "Make Bucket Private," selecting Execute makes the public bucket private.
    Skip Execution Responder will not take the action indicated in the Responder Name. For example, if the Responder Name is "Make Bucket Private," selecting Skip Execution leaves the bucket public.
    View Problem Details Opens the details page for the problem. From that page, you can execute the responder, or skip execution.
    Awaiting Input The responder is waiting for the user to provide necessary input before taking action. Execute Responder will take the action indicated in the Responder Name. For example, if the Responder Name is "Make Bucket Private," selecting Execute makes the public bucket private.
    Skip Execution Responder will not take the action indicated in the Responder Name. For example, if the Responder Name is "Make Bucket Private," selecting Skip Execution leaves the bucket public.
    Failed Cloud Guard tried to execute a manual remediation to the problem, but that failed. View Problem Details

    Opens the details page for the problem. Permissions might not be sufficient to allow the responder action, or the resource might no longer be available.

    To get details on why the action failed, click Responder Activity in the left panel.

    Skipped Cloud Guard skipped the action on this problem View Problem Details

    Responder actions are frequently skipped because a problem has multiple responder actions and Cloud Guard executes only one.

    To get details on why the action was skipped, open the Actions menu Image of Action menu, and select View Problem Details, then click Responder Activity in the left panel.

    Succeeded Cloud Guard has successfully resolved the problem. View Problem Details

    To get a complete timeline of events and actions taken on this problem, open the Actions menu Image of Action menu, and select View Problem Details, then click Responder Activity in the left panel.

    Add to Responder Recipe Depending on the status of the responder recipe and rule within the target:
    • If no responder recipe is added to the target, you are prompted to add a responder recipe, then try again.
    • If responder rule is disabled on the target, you are prompted to enable the rule.
    • If responder rule is enabled, you are prompted to make changes that override the existing configuration.