Creating a Security Zone Recipe

Create a recipe for a security zone.


Alternatively, you can clone an existing recipe.

Before you can create a recipe, you must enable Cloud Guard in the tenancy. See Getting Started with Cloud Guard. Also, you should understand the available security zone policies.

After creating a recipe, you can create a zone that's associated with the recipe.
    1. Open the navigation menu and click Identity & Security. Under Security Zones, click Recipes.
    2. Under List scope, select the compartment in which you want to create the recipe.
    3. Click Create Recipe.
    4. On the Recipe information page, enter a name and description for the recipe.

      Avoid entering confidential information.

    5. Verify the compartment that you're creating the recipe in.
    6. (Optional) Click Show advanced options to apply tags to the recipe.

      If you have permissions to create a resource, you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. See Resource Tags. You can also apply tags to a recipe after you create it.

    7. Click Next.
    8. On the Policies page, clear the check box for any policy that you want to disable.

      By default, all policies are enabled in a new recipe.

      You can filter the list of policies by selecting a specific policy type or resource type. You can also search for policies by name.

    9. Click Next.
    10. On the Review page, review the number of policies that are enabled and disabled in this recipe, and then choose one of the following options:
      • To create the recipe, click Create.
      • To save the resource definition as a Terraform configuration, click Save as stack.

        For more information about saving stacks from resource definitions, see Creating a Stack from a Resource Creation Page.

      The Recipe details page is displayed.

  • Use the oci cloud-guard security-recipe create command and required parameters to create a security zone recipe:

    oci cloud-guard security-recipe create --compartment-id <compartment_ocid> --display-name <display_recipe_name> --security-policies <security_policies> [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateSecurityRecipe operation to create a security zone recipe.