oci_data_safe_security_assessment_finding
This resource provides the Security Assessment Finding resource in Oracle Cloud Infrastructure Data Safe service.
Patches one or more findings in the specified template baseline type security assessment. Use it to modify max allowed risk level in template baseline.
Example Usage
resource "oci_data_safe_security_assessment_finding" "test_security_assessment_finding" {
#Required
security_assessment_id = oci_data_safe_security_assessment.test_security_assessment.id
#Optional
patch_operations {
#Required
operation = var.security_assessment_finding_patch_operations_operation
selection = var.security_assessment_finding_patch_operations_selection
#Optional
value = var.security_assessment_finding_patch_operations_value
}
}
Argument Reference
The following arguments are supported:
patch_operations- (Optional) (Updatable)operation- (Required) (Updatable) The operation can be one of these values:INSERT,MERGE,REMOVEselection- (Required) (Updatable)value- (Required when operation=INSERT | MERGE) (Updatable)
security_assessment_id- (Required)
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Attributes Reference
The following attributes are exported:
assessment_id- The OCID of the assessment that generated this finding.category- The category to which the finding belongs to.details- The details of the finding. Provides detailed information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.has_target_db_risk_level_changed- Determines if this risk level has changed on the target database since the last time ‘severity’ was modified by user.is_risk_modified- Determines if this risk level was modified by user.is_top_finding- Indicates whether a given finding is marked as topFinding or not.justification- User provided reason for accepting or modifying this finding if they choose to do so.key- The unique finding key. This is a system-generated identifier. To get the finding key for a finding, use ListFindings.lifecycle_details- Details about the current state of the finding.oneline- Provides a recommended approach to take to remediate the finding reported.oracle_defined_severity- The severity of the finding as determined by security assessment. This cannot be modified by user.references- Provides information on whether the finding is related to a CIS Oracle Database Benchmark recommendation, a STIG rule, or a GDPR Article/Recital.cis- Relevant section from CIS.gdpr- Relevant section from GDPR.obp- Relevant section from OBP.stig- Relevant section from STIG.
remarks- The explanation of the issue in this finding. It explains the reason for the rule and, if a risk is reported, it may also explain the recommended actions for remediation.severity- The severity of the finding as determined by security assessment and is same as oracleDefinedSeverity, unless modified by user.state- The current state of the finding.summary- The brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.target_id- The OCID of the target database.time_updated- The date and time the risk level of finding was last updated, in the format defined by RFC3339.time_valid_until- The time until which the change in severity(deferred / modified) of this finding is valid.title- The short title for the finding.
Timeouts
The timeouts block allows you to specify timeouts for certain operations:
* create - (Defaults to 20 minutes), when creating the Security Assessment Finding
* update - (Defaults to 20 minutes), when updating the Security Assessment Finding
* delete - (Defaults to 20 minutes), when destroying the Security Assessment Finding
Import
SecurityAssessmentFindings can be imported using the id, e.g.
$ terraform import oci_data_safe_security_assessment_finding.test_security_assessment_finding "securityAssessments/{securityAssessmentId}/findings"