Creating Policy Alerts for Oracle Cloud Infrastructure (OCI)

Create custom policies to generate alerts for actions on resources that are specific to OCI environment.

Prerequisite: Ensure that you have followed the instructions in Getting Started with Policies to review available managed policies, and any custom policies that already exist, before creating a new custom policy.

You can configure policies for any changes in roles or objects.

Creating an OCI Policy

Follow these general steps for any policy you create to generate an alert for actions in OCI.

Oracle CASB Cloud Service displays an alert in Risk Events whenever an event occurs that matches the policy conditions.

The following are general steps for creating an OCI policy that generates an alert whenever an event occurs that matches the policy conditions. Oracle CASB Cloud Service displays all alerts in Risk Events. Optionally, you can also choose to receive an email notification.

1. Select Configuration, Policy Management from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon to display it.
2. On the Custom tab, click New Policy.
3. In the Name page:

   1. Enter a name for the policy.

   2. (Optional) Enter a description.

   3. Select a Priority.

   4. If you want policy violations to be included in user risk score computations, select Include in user risk score.

   5. Click Next.

4. On the Resource page, make these selections.

   Field	Value(s)
   Application type	Select OCI.
   Application instance	The application instance(s). Select Any if you want the alert to apply to every registered instance of the selected application type. Otherwise, select one or more individual instances.

5. To complete the selections on the Resource page, follow a link below to locate the topic for the particular resource type on which you want to trigger this alert.

   • Creating Alerts for Compute Images

   • Creating Alerts for Compute Instances

   • Creating Alerts for Database Systems

   • Creating Alerts for Identity Groups

   • Creating Alerts for Identity Policies

   • Creating Alerts for Identity Users

   • Creating Alerts for Identity Compartments

   • Creating Alerts for Identity Federations

   • Creating Alerts for Networking Load Balancers

   • Creating Alerts for Networking Security Lists

   • Creating Alerts for Networking Virtual Cloud Networks

   • Creating Alerts for Object Storage

   • Creating Alerts for Storage Block Volumes

   When you finish making the rest of the selections on the Resource page, follow the link at the end of that topic to return to this page and continue with the next step below.

6. (Optional) On the Username page, filter the alert so that it is triggered only if the named user performs the action that you set on the Resource page.
   1. In the drop-down list, select Username contains or Username does not contain.
   2. In the text box to the right, enter one or more text strings that the user name must contain, or not contain, in order to trigger the alert.

      Separate multiple entries with commas. With multiple entries, if any one entry is contained, or not contained, in the name of the user who took the action, the alert is triggered.

   3. Click Next to go on to the next page.
7. (Optional) On the Conditions page, set conditions so that an alert is triggered only if the specified conditions are met.

   For information on condition parameters available for use in policy alerts for OCI, see Condition Parameters for Oracle Cloud Infrastructure.

   1. Click Add condition or Add Free-From Condition.
   2. Select a Parameter, an Operator, and a Value from the drop-down lists.

      In free-form conditions, you enter values for Parameter and Value.

   3. To add another condition or free-form condition, repeat the 3 steps above.

      Note:

      When you specify multiple conditions, the conditions are ANDed. The alert is triggered only if all of the conditions are met. If you need to OR multiple conditions, create a separate policy for each condition.
   4. Click Next to go on to the next page.
8. On the Action page, set your  notifications:

   • Show an alert in the Risk Events page is always selected. When an event matches the policy, Oracle CASB Cloud Service always adds an alert to Risk Events.

   • Show these instructions in the alert. Select this option to add instructions for the person who might read an alert related to this policy.

9. When you are done, click Next, review your settings, then click Submit.

Condition Parameters for Oracle Cloud Infrastructure

Review the parameters and operators that are available in the Conditions page of the policy creation wizard for OCI.

These parameters and operators are available on the Conditions page of the New Policy wizard to fine tune your alerts for OCI.

Note:

The exact list of parameters that you see on the Conditions page depends on the resource details that you specify on the Resource page. Not all parameters are available with all resources.

Parameter	Operator	Value
IP address v4	Include this list of addresses (In or Equal to) or exclude them (Not in or Not equal to).	A comma-separated list of IPv4 addresses.
Device	Include or exclude the selected device type.	Select Desktop, Mobile, API Call, or Other.
Timestamp	The drop-down list determines whether the time is exact, later than the time you entered, or earlier (given a 24-hour time frame). Oracle CASB Cloud Service evaluates the timestamp using Greenwich Mean Time (GMT).	A value as a time in 24-hour HH:MM:SS format.
Compartment Name (not available if resource is a user or a group)	Specify Equal to, Not Equal to, In, or Not in	Comma-separated list of Compartment Names.
CASB threat intelligence IP reputation	Equal to is the only option.	To flag events from IP addresses with bad or good reputations, select: Suspicious for bad reputations. Regular for good reputations.
City, State, or Country	Equal to requires matching the name you enter in Value. Not Equal to requires not matching the name you enter in Value. In requires matching any one of several names you enter in Value. Not in requires matching none of several names you enter in Value.	The name of the city, or the state or province, in the physical address that’s associated with the IP address.

Creating Alerts for Compute Images

Create a policy that generates an alert for changes to Compute Images.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Compute Images
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   DeleteImage	The compute image has been deleted.
   ExportImage	The compute image has been exported.
   ImportImage	The compute image has been imported.
   UpdateImage	The compute image has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Compute Instances

Create a policy that generates an alert for changes to Compute Instances.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Compute Instances
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Attach VNIC	A VNIC has been attached to the compute instance.
   Detach VNIC	A VNIC has been detached from the compute instance.
   Get VNIC	Information about a VNIC attached to the compute instance was queried.
   Launch Instance	The compute instance has been launched.
   Terminate Instance	The compute instance has been terminated.
   Update Instance	The compute instance has been updated.
   Update VNIC	Information about a VNIC attached to the compute instance has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Database Systems

Create a policy that generates an alert for changes to Database Systems.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Database Systems
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   GetDbSystem	The database system has been accessed.
   LaunchDbSystem	The database system has been launched.
   TerminateDbSystem	The database system has been terminated.
   UpdateDbSystem	The database system has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Dynamic Routing Gateways

Create a policy that generates an alert for changes to Dynamic Routing Gateways.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Dynamic Routing Gateways
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Create routing gateway	The networking routing gateway has been created.
   Delete routing gateway	The networking routing gateway has been deleted.
   Update routing gateway	The networking routing gateway has been detached.
   Detach routing gateway	The networking routing gateway has been detached.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Identity Groups

Create a policy that generates an alert for changes to Identity Groups.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Identity Groups
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Add user to group	A user has been added to the identity group.
   Create Group	The identity group has been created.
   Delete Group	The identity group has been deleted.
   Get Group	The identity group has been accessed.
   GetUserGroupMembership	The identity group membership has been accessed.
   List groups	The identity group has appeared in a listing of identity groups.
   ListUserGroupMemberships	The identity group membership has has appeared in a listing of identity group memberships.
   Remove user from group	A user has been removed from the identity group.
   Update group	The identity group has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Identity Policies

Create a policy that generates an alert for changes to Identity Policies.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Identity Policies
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   CreatePolicy	The identity policy has been created.
   CreatePolicy	The identity policy has been deleted.
   GetPolicy	The identity policy has been accessed.
   ListPolcies	The identity policy appeared in a listing of identity policies.
   UpdatePolicy	The identity policy has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Identity Users

Create a policy that generates an alert for changes to Identity Users.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Identity Users
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Create User	The identity user has been created.
   CreateCustomerSecretKey	A customer secret key for the identity user has been created.
   CreateOrResetUIPassword	A UI password for the identity user has been created.
   CreateSwiftPassword	A customer swift password for the identity user has been created.
   Delete user	The identity user has been deleted.
   DeleteApiKey	An API key for the identity user has been deleted.
   DeleteCustomerSecretKey	A customer secret key for the identity user has been deleted.
   DeleteSwiftPassword	A swift password for the identity user has been deleted.
   Get user	The identity user has been accessed.
   List users	The identity user appeared in a listing of identity users.
   ListApiKeys	An API key for the identity user appeared in a listing of identity user API keys.
   ListCustomerSecretKeys	A customer secret key for the identity user appeared in a listing of identity user customer secret keys.
   ListSwiftPasswords	A swift password for the identity user appeared in a listing of identity user swift passwords.
   Login_Fail	A login failed for the identity user.
   Login_Success	A login succeeded for the identity user.
   Update user	The identity user has been updated.
   UpdateCustomerSecretKey	A customer secret key for the identity user has been updated.
   UpdateSwiftPassword	A customer swift password for the identity user has been updated.
   UpdateUserState	The user state for the identity user has been updated.
   UploadApiKey	An API key for the identity user has been uploaded.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Identity Compartments

Review the actions that are available in the Resources page of the policy creation wizard when the Resource is Identity Compartments.

Follow the steps in Creating an OCI Policy to complete the steps in the policy creation wizard leading up to selecting a Resource type on the Resource page.

After you select a Resource type of Identity Compartments, you choose one of these options from the Action on this resource drop-down list:

Action on this Resource	Description
Any	Any action taken on this file, as identified in the Criteria field of the Resource page.
Create compartment	An identity compartment has been created.
Delete compartment	An identity compartment has been deleted.
Get compartment	Details of an identity compartment has been accessed.
List compartments	The list of identity compartments has been accessed.
Update compartment	Details of an identity compartment has been updated.

For steps to complete the alert, after selecting an Action on this resource, see Creating an OCI Policy.

Creating Alerts for Identity Federations

Create a policy that generates an alert for changes to Identity Federations.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Identity Federations
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Create identity provider	An identity provider has been created.
   Delete identity provider	An identity provider has been deleted.
   Get identity provider	Details of an identity provider has been accessed.
   List identity providers	The list of identity providers has been accessed.
   Update identity provider	Details of an identity provider has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Networking Internet Gateways

Create a policy that generates an alert for changes to Networking Internet Gateways.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Networking Internet Gateways
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Create Internet gateway	The networking Internet gateway has been created.
   Delete Internet gateway	The networking Internet gateway has been deleted (detached).

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Networking Load Balancers

Create a policy that generates an alert for changes to Networking Load Balancers.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Networking Load Balancers
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Create listener	A listener for the networking load balancer has been created.
   CreateLoadBalancer	The networking load balancer has been created.
   Delete listener	A listener for the networking load balancer has been deleted.
   DeleteLoadBalancer	The networking load balancer has been deleted.
   GetLoadBalancer	The networking load balancer has been accessed.
   ListLoadBalancers	The networking load balancer has appeared in a listing of networking load balancers.
   UpdateListener	The networking load balancer has appeared in a listing of networking load balancers.
   UpdateLoadBalancer	The networking load balancer has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Networking Network Security Groups

Create a policy that generates an alert for changes to Networking Network Security Groups.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Networking Network Security Groups
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Create network security group	The networking network security group has been created.
   Delete network security group	The networking network security group has been deleted (detached).
   Update network security group	The networking network security group has been updated (name changed).

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Networking Security Lists

Create a policy that generates an alert for changes to Networking Security Lists.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Networking Security Lists
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Create security list	A networking security list has been created.
   Delete security list	A networking security list has been deleted.
   Get security list	A networking security list has been read.
   List security list	A networking security list has been listed.
   Update security list	A networking security list has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Networking Virtual Cloud Networks

Create a policy that generates an alert for changes to Networking Virtual Cloud Networks.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Networking Virtual Cloud Networks
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   CreateVcn	The networking virtual cloud network has been created.
   DeleteVcn	The networking virtual cloud network has been deleted.
   ListVcns	The networking virtual cloud network has appeared in a listing of networking virtual cloud networks.
   UpdateVcn	The networking virtual cloud network has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Object Storage

Create a policy that generates an alert for changes to Object Storage.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Object Storage
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   Create bucket	A bucket for the object storage has been created.
   Create pre-authenticated request	A preauthenticated request for the object storage has been created.
   Delete bucket	A bucket for the object storage has been deleted.
   Delete pre-authenticated request	A preauthenticated request for the object storage has been deleted.
   Get bucket	A bucket for the object storage has been accessed.
   Update bucket	A bucket for the object storage has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Storage Block Volumes

Create a policy that generates an alert for changes to Storage Block Volumes.

Prerequisite: You must start creating your new policy in Creating an OCI Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

1. Specify Resource details, using the information in the table below:

   Field	Value
   Resource	Storage Block Volumes
   Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

2. Specify an Action on the resource using the table below:

   Action on this resource	Description
   Any	Matches any action.
   AttachBlockVolume	The storage block volume has been attached.
   ExportImage	An image of the storage block volume has been exported.
   ImportImage	An image of the storage block volume has been imported.
   UpdateImage	An image of the storage block volume has been updated.

3. (Optional) Add more Resource name-Action pairs to refine your policy.

   You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.

   • Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.

   • Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.

4. Click Next when you have finished specifying resource name-action pairs.

   You are now on the Username page.

5. Return to Creating an OCI Policy and finish the steps to complete your policy alert, resuming at step 6.