Creating Policy Alerts for Oracle HCM Cloud
Create custom policies to generate alerts for actions on resources that are specific to your HCM Cloud environment.
Prerequisite: Ensure that you have followed the instructions in Getting Started with Policies to review available managed policies, and any custom policies that already exist, before creating a new custom policy.
You can configure policies for any changes in roles or objects.
Creating an Oracle HCM Cloud Policy
Follow these general steps for any policy you create to generate an alert for actions in Oracle HCM Cloud.
The following are general steps for creating an Oracle HCM Cloud policy. Once created, when the policy conditions are met, Oracle CASB Cloud Service displays an alert in Risk Events and optionally can send the alert through email.
Condition Parameters for Oracle HCM Cloud
Review the parameters and operators that are available in the Conditions page of the policy creation wizard for Oracle HCM Cloud.
These parameters and operators are available on the Conditions page of the New Policy wizard to fine tune your alerts for HCM.
Note:
The exact list of parameters that you see on the Conditions page depends on the resource details that you specify on the Resource page. Not all parameters are available with all resources.
Parameter | Operator | Value |
---|---|---|
IP address v4 |
Include this list of addresses (In or Equal to) or exclude them (Not in or Not equal to). |
A comma-separated list of IPv4 addresses. |
Device |
Include or exclude the selected device type. |
Select Desktop, Mobile, API Call, or Other. |
Timestamp |
The drop-down list determines whether the time is exact, later than the time you entered, or earlier (given a 24-hour time frame). Oracle CASB Cloud Service evaluates the timestamp using Greenwich Mean Time (GMT). |
A value as a time in 24-hour HH:MM:SS format. |
CASB threat intelligence IP reputation |
Equal to is the only option. |
To flag events from IP addresses with bad or good reputations, select:
|
City, State, or Country |
|
The name of the city, or the state or province, in the physical address that’s associated with the IP address. |
Target Type |
|
Values: User, Group, or Role. Note: This condition parameter is only available for the Resource Type Job Role. |
Target Value |
|
Name of the user, group, or role. Note: This condition parameter is only available for the Resource Type Job Role. |
Creating Alerts for Oracle HCM Cloud Roles
Create alerts for activity related to Oracle HCM Cloud roles. For example, administrators who are creating too many privileged roles, or users who are performing impersonation.
Specifying Resources and Actions to Trigger the Alert
-
Specify Resource details, using the information in the table below:
Field Value Resource
Job Role
Resource name
You must provide a name for the selected resource type. If you select:- Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
- Regular expression, enter .* to match all email retention rules.
-
Specify an Action on the resource using the table below:
Action on this resource Description Any
Matches any action.
Privileges added
Privileges were added to this job role.
Privileges removed
Privileges were removed from this job role.
Role created
A job role was created.
Role membership added
A user, group, or role was assigned this job role.
Role membership removed
A user, group, or role was removed from this job role.
-
(Optional) Add more Resource name-Action pairs to refine your policy.
You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
-
Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
-
Click Next when you have finished specifying resource name-action pairs.
You are now on the Username page.
-
Return to Creating an Oracle HCM Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.
Creating Alerts for Oracle HCM Cloud Objects
Create alerts for activity related to Oracle HCM Cloud objects. For example, changes in salary or a salary component, or users who are adding users and then assigning particular roles to them.
Specifying Resources and Actions to Trigger the Alert
-
Specify Resource details, using the information in the table below:
Field Value Resource
Any resource other than Job Role
Resource name
You must provide a name for the selected resource type. If you select:- Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
- Regular expression, enter .* to match all email retention rules.
-
Specify an Action on the resource using the table below:
Action on this resource Description Any
Matches any action.
Add
The resource was added.
Modify
The resource was modified.
Delete
The resource was deleted..
-
(Optional) Add more Resource name-Action pairs to refine your policy.
You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
-
Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
-
Click Next when you have finished specifying resource name-action pairs.
You are now on the Username page.
-
Return to Creating an Oracle HCM Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.
Creating Alerts for Oracle HCM Cloud Login Events
Create alerts for activity related to Oracle HCM Cloud log in events. For example, successful and unsuccessful log ins.
Specifying Resources and Actions to Trigger the Alert
-
Specify Resource details, using the information in the table below:
Field Value Resource
Login Event
Resource name
You must provide a name for the selected resource type. If you select:- Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
- Regular expression, enter .* to match all email retention rules.
-
Specify an Action on the resource using the table below:
Action on this resource Description Any
Matches any action.
Failed Login
A failed login event occurred.
Login
A successful login event occurred.
-
(Optional) Add more Resource name-Action pairs to refine your policy.
You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
-
Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
-
Click Next when you have finished specifying resource name-action pairs.
You are now on the Username page.
-
Return to Creating an Oracle HCM Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.