Creating Policy Alerts for Oracle Cloud Infrastructure (OCI)

Create custom policies to generate alerts for actions on resources that are specific to OCI environment.

Prerequisite: Ensure that you have followed the instructions in Getting Started with Policies to review available managed policies, and any custom policies that already exist, before creating a new custom policy.

You can configure policies for any changes in roles or objects.

Creating an OCI Policy

Follow these general steps for any policy you create to generate an alert for actions in OCI.

Oracle CASB Cloud Service displays an alert in Risk Events whenever an event occurs that matches the policy conditions.

The following are general steps for creating an OCI policy that generates an alert whenever an event occurs that matches the policy conditions. Oracle CASB Cloud Service displays all alerts in Risk Events. Optionally, you can also choose to receive an email notification.

  1. Select Configuration, Policy Management from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. On the Custom tab, click New Policy.
  3. In the Name page:
    1. Enter a name for the policy.

    2. (Optional) Enter a description.

    3. Select a Priority.

    4. If you want policy violations to be included in user risk score computations, select Include in user risk score.

    5. If the Data Protection check box appears, and you want Data Protection options to be included in the Actions on file and folder resources on the Resource page, select Data Protection.

    6. Click Next.

  4. On the Resource page, make these selections.
    Field Value(s)

    Application type

    Select OCI.

    Application instance

    The application instance(s). Select Any if you want the alert to apply to every registered instance of the selected application type. Otherwise, select one or more individual instances.

  5. To complete the selections on the Resource page, follow a link below to locate the topic for the particular resource type on which you want to trigger this alert.
  6. (Optional) On the Username page, filter the alert so that it is triggered only if the named user performs the action that you set on the Resource page.
    1. In the drop-down list, select Username contains or Username does not contain.
    2. In the text box to the right, enter one or more text strings that the user name must contain, or not contain, in order to trigger the alert.

      Separate multiple entries with commas. With multiple entries, if any one entry is contained, or not contained, in the name of the user who took the action, the alert is triggered.

    3. Click Next to go on to the next page.
  7. (Optional) On the Conditions page, set conditions so that an alert is triggered only if the specified conditions are met.

    For information on condition parameters available for use in policy alerts for OCI, see Condition Parameters for Oracle Cloud Infrastructure.

    1. Click Add condition or Add Free-From Condition.
    2. Select a Parameter, an Operator, and a Value from the drop-down lists.

      In free-form conditions, you enter values for Parameter and Value.

    3. To add another condition or free-form condition, repeat the 3 steps above.

      Note:

      When you add more than one condition or free-form condition, the alert will be triggered if any one condition is met.

    4. Click Next to go on to the next page.
  8. On the Action page, set your  notifications:
    • Show an alert in the Risk Events page is always selected. When an event matches the policy, Oracle CASB Cloud Service always adds an alert to Risk Events.

    • Show these instructions in the alert. Select this option to add instructions for the person who might read an alert related to this policy.

    • Send email to this address. Send email to the designated address.

      Note:

      This option is not available if you selected Data Protection on the Name page.

  9. When you are done, click Next, review your settings, then click Submit.

Condition Parameters for Oracle Cloud Infrastructure

Review the parameters and operators that are available in the Conditions page of the policy creation wizard for OCI.

These parameters and operators are available on the Conditions page of the New Policy wizard to fine tune your alerts for OCI.

Note:

The exact list of parameters that you see on the Conditions page depends on the resource details that you specify on the Resource page. Not all parameters are available with all resources.

Parameter Operator Value

IP address v4

Include this list of addresses (In or Equal to) or exclude them (Not in or Not equal to).

A comma-separated list of IPv4 addresses.

Device

Include or exclude the selected device type.

Select Desktop, Mobile, API Call, or Other.

Timestamp

The drop-down list determines whether the time is exact, later than the time you entered, or earlier (given a 24-hour time frame). Oracle CASB Cloud Service evaluates the timestamp using Greenwich Mean Time (GMT).

A value as a time in 24-hour HH:MM:SS format.

Compartment Name (not available if resource is a user or a group)

Specify Equal to, Not Equal to, In, or Not in

Comma-separated list of Compartment Names.

CASB threat intelligence IP reputation

Equal to is the only option.

To flag events from IP addresses with bad or good reputations, select:
  • Suspicious for bad reputations.

  • Regular for good reputations.

City, State, or Country

  • Equal to requires matching the name you enter in Value.

  • Not Equal to requires not matching the name you enter in Value.

  • In requires matching any one of several names you enter in Value.

  • Not in requires matching none of several names you enter in Value.

The name of the city, or the state or province, in the physical address that’s associated with the IP address.

Creating Alerts for Compute Images

Create a policy that generates an alert for changes to Compute Images.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Compute Images

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    DeleteImage

    The compute image has been deleted.

    ExportImage

    The compute image has been exported.

    ImportImage

    The compute image has been imported.

    UpdateImage

    The compute image has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Compute Instances

Create a policy that generates an alert for changes to Compute Instances.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Compute Instances

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    Attach VNIC

    A VNIC has been attached to the compute instance.

    Detach VNIC

    A VNIC has been detached from the compute instance.

    Get VNIC

    Information about a VNIC attached to the compute instance was queried.

    Launch Instance

    The compute instance has been launched.

    Terminate Instance

    The compute instance has been terminated.

    Update Instance

    The compute instance has been updated.

    Update VNIC

    Information about a VNIC attached to the compute instance has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Database Systems

Create a policy that generates an alert for changes to Database Systems.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Database Systems

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    GetDbSystem

    The database system has been accessed.

    LaunchDbSystem

    The database system has been launched.

    TerminateDbSystem

    The database system has been terminated.

    UpdateDbSystem

    The database system has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Identity Groups

Create a policy that generates an alert for changes to Identity Groups.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Identity Groups

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    Add user to group

    A user has been added to the identity group.

    Create Group

    The identity group has been created.

    Delete Group

    The identity group has been deleted.

    Get Group

    The identity group has been accessed.

    GetUserGroupMembership

    The identity group membership has been accessed.

    List groups

    The identity group has appeared in a listing of identity groups.

    ListUserGroupMemberships

    The identity group membership has has appeared in a listing of identity group memberships.

    Remove user from group

    A user has been removed from the identity group.

    Update group

    The identity group has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Identity Policies

Create a policy that generates an alert for changes to Identity Policies.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Identity Policies

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    CreatePolicy

    The identity policy has been created.

    CreatePolicy

    The identity policy has been deleted.

    GetPolicy

    The identity policy has been accessed.

    ListPolcies

    The identity policy appeared in a listing of identity policies.

    UpdatePolicy

    The identity policy has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Identity Users

Create a policy that generates an alert for changes to Identity Users.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Identity Users

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    Create User

    The identity user has been created.

    CreateCustomerSecretKey

    A customer secret key for the identity user has been created.

    CreateOrResetUIPassword

    A UI password for the identity user has been created.

    CreateSwiftPassword

    A customer swift password for the identity user has been created.

    Delete user

    The identity user has been deleted.

    DeleteApiKey

    An API key for the identity user has been deleted.

    DeleteCustomerSecretKey

    A customer secret key for the identity user has been deleted.

    DeleteSwiftPassword

    A swift password for the identity user has been deleted.

    Get user

    The identity user has been accessed.

    List users

    The identity user appeared in a listing of identity users.

    ListApiKeys

    An API key for the identity user appeared in a listing of identity user API keys.

    ListCustomerSecretKeys

    A customer secret key for the identity user appeared in a listing of identity user customer secret keys.

    ListSwiftPasswords

    A swift password for the identity user appeared in a listing of identity user swift passwords.

    Login_Fail

    A login failed for the identity user.

    Login_Success

    A login succeeded for the identity user.

    Update user

    The identity user has been updated.

    UpdateCustomerSecretKey

    A customer secret key for the identity user has been updated.

    UpdateSwiftPassword

    A customer swift password for the identity user has been updated.

    UpdateUserState

    The user state for the identity user has been updated.

    UploadApiKey

    An API key for the identity user has been uploaded.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Identity Compartments

Review the actions that are available in the Resources page of the policy creation wizard when the Resource is Identity Compartments.

Follow the steps in Creating an OCI Policy to complete the steps in the policy creation wizard leading up to selecting a Resource type on the Resource page.

After you select a Resource type of Identity Compartments, you choose one of these options from the Action on this resource drop-down list:

Action on this Resource Description

Any

Any action taken on this file, as identified in the Criteria field of the Resource page.

Create compartment

An identity compartment has been created.

Delete compartment

An identity compartment has been deleted.

Get compartment

Details of an identity compartment has been accessed.

List compartments

The list of identity compartments has been accessed.

Update compartment

Details of an identity compartment has been updated.

For steps to complete the alert, after selecting an Action on this resource, see Creating an OCI Policy.

Creating Alerts for Identity Federations

Create a policy that generates an alert for changes to Identity Federations.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Identity Federations

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    Create identity provider

    An identity provider has been created.

    Delete identity provider

    An identity provider has been deleted.

    Get identity provider

    Details of an identity provider has been accessed.

    List identity providers

    The list of identity providers has been accessed.

    Update identity provider

    Details of an identity provider has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Networking Load Balancers

Create a policy that generates an alert for changes to Networking Load Balancers.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Networking Load Balancers

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    Create listener

    A listener for the networking load balancer has been created.

    CreateLoadBalancer

    The networking load balancer has been created.

    Delete listener

    A listener for the networking load balancer has been deleted.

    DeleteLoadBalancer

    The networking load balancer has been deleted.

    GetLoadBalancer

    The networking load balancer has been accessed.

    ListLoadBalancers

    The networking load balancer has appeared in a listing of networking load balancers.

    UpdateListener

    The networking load balancer has appeared in a listing of networking load balancers.

    UpdateLoadBalancer

    The networking load balancer has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Networking Security Lists

Create a policy that generates an alert for changes to Networking Security Lists.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Networking Security Lists

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    Create security list

    A networking security list has been created.

    Delete security list

    A networking security list has been deleted.

    Get security list

    A networking security list has been read.

    List security list

    A networking security list has been listed.

    Update security list

    A networking security list has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Networking Virtual Cloud Networks

Create a policy that generates an alert for changes to Networking Virtual Cloud Networks.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Networking Virtual Cloud Networks

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    CreateVcn

    The networking virtual cloud network has been created.

    DeleteVcn

    The networking virtual cloud network has been deleted.

    ListVcns

    The networking virtual cloud network has appeared in a listing of networking virtual cloud networks.

    UpdateVcn

    The networking virtual cloud network has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Object Storage

Create a policy that generates an alert for changes to Object Storage.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Object Storage

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    Create bucket

    A bucket for the object storage has been created.

    Create pre-authenticated request

    A preauthenticated request for the object storage has been created.

    Delete bucket

    A bucket for the object storage has been deleted.

    Delete pre-authenticated request

    A preauthenticated request for the object storage has been deleted.

    Get bucket

    A bucket for the object storage has been accessed.

    Update bucket

    A bucket for the object storage has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Storage Block Volumes

Create a policy that generates an alert for changes to Storage Block Volumes.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

  1. Specify Resource details, using the information in the table below:

    Field Value

    Resource

    Storage Block Volumes

    Resource name

    You must provide a name for the selected resource type. If you select:
    • Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
    • Regular expression, enter .* to match all email retention rules.
  2. Specify an Action on the resource using the table below:

    Action on this resource Description

    Any

    Matches any action.

    AttachBlockVolume

    The storage block volume has been attached.

    ExportImage

    An image of the storage block volume has been exported.

    ImportImage

    An image of the storage block volume has been imported.

    UpdateImage

    An image of the storage block volume has been updated.

  3. (Optional) Add more Resource name-Action pairs to refine your policy.

    You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

    • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
    • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

  4. Click Next when you have finished specifying resource name-action pairs.

    You are now on the Username page.

  5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.