Oracle Cloud Infrastructure Documentation

Editing Responder Rule Settings in an OCI Target's Recipes

Make tactical changes in responder rules from the Targets page in Cloud Guard.

Responder rules can be enabled or disabled only from the recipe level, and only in user-managed (cloned) responder recipes. See Editing a User-Managed OCI Responder Recipe. You can change all other responder rule settings from the target level.

For complete information about what you can modify in Oracle-managed and user-managed (cloned) detector and responder recipes, from the recipe or target level, see Modifying Recipes at Recipe and Target Levels.

    1. Follow the steps in Listing OCI Targets and Getting Their Details to navigate to the details page for the target.
    2. On the target details page, under Resources, click Responder recipe.
    3. In the Recipe name column, click the link for the recipe in which you want to modify a rule.
    4. For the rule for which you want to change rule settings, open its Actions menu Image of Action menu, and select Edit.
    5. In the Required policy statements section, if the Policy statements list has any statements with "Not Added" showing on the right, click Add statements.
      Note

      These policy statements must be added to allow the responder rule to operate. For detailed information about specific Cloud Guard policies listed, see Cloud Guard Policies.
    6. If you want the responder rule to execute automatically, follow these steps:
      1. In the Setting section, for Rule trigger, select Execute automatically.
      2. Read the informational text describing the consequences of this selection.
      3. To confirm that you want to select automatic execution, select the Confirm execute automatically check box.
      4. Specify at least one condition in the Conditional group section at the bottom of the panel.

        Automatic execution mode is allowed only when conditions are defined. If you don't want to limit the scope of resources to which the rule is applied, specify a condition that is always true. For example:

        • Parameter = Region
        • Operator = Not In
        • Value = abc (assuming there's no region named "abc")
    7. To control post-remediation notifications, in the Input settings section, select or clear Post Remediation Notification.
      When this option is selected, a Cloud Event is triggered after the rule successfully remediates a problem.
    8. In the Conditional group 1 section, define one or more conditional groups that set certain parameters around the rule.
      Note

      Specifying multiple conditions acts as an AND operator. The rule is enforced only if all the conditions are met.

      For more information on Conditional group, see Using Conditional Groups with Recipe Rules.

    9. Click Save.

  • For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

    Use the oci cloud-guard target-responder-recipe-responder-rule update command and required parameters to update a responder rule in a responder recipe that's attached to a target.:

    oci cloud-guard target-responder-recipe update --details <valid_json_details> --responder-rule-id <responder_rule_id> --target-id <target_ocid> --target-responder-recipe-id <target_responder_recipe_ocid> [OPTIONS]

  • Run the UpdateTargetDetectorRecipeDetectorRule operation to update a responder rule in a responder recipe that's attached to a target.