Creating Policy Alerts for Oracle HCM Cloud

Create custom policies to generate alerts for actions on resources that are specific to your HCM Cloud environment.

Prerequisite: Ensure that you have followed the instructions in Getting Started with Policies to review available managed policies, and any custom policies that already exist, before creating a new custom policy.

You can configure policies for any changes in roles or objects.

Creating an Oracle HCM Cloud Policy

Follow these general steps for any policy you create to generate an alert for actions in Oracle HCM Cloud.

The following are general steps for creating an Oracle HCM Cloud policy. Once created, when the policy conditions are met, Oracle CASB Cloud Service displays an alert in Risk Events and optionally can send the alert through email.

Select Configuration, Policy Management from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon to display it.
On the Custom tab, click New Policy.
In the Name page:
1. Enter a name for the policy.
2. (Optional) Enter a description.
3. Select a Priority.
4. If you want policy violations to be included in user risk score computations, select Include in user risk score.
5. Click Next.

On the Resource page, make these selections.

Field	Value(s)
Application type	Select HCMCloud.
Application instance	The application instance(s). Select Any if you want the alert to apply to every registered instance of the selected application type. Otherwise, select one or more individual instances.

To complete the selections on the Resource page, follow a link below to locate the topic for the particular resource type on which you want to trigger this alert.
When you finish making the rest of the selections on the Resource page, follow the link at the end of that topic to return to this page and continue with the next step below.
(Optional) On the Username page, filter the alert so that it is triggered only if the named user performs the action that you set on the Resource page.
1. In the drop-down list, select Username contains or Username does not contain.
2. In the text box to the right, enter one or more text strings that the user name must contain, or not contain, in order to trigger the alert.
  
  Separate multiple entries with commas. With multiple entries, if any one entry is contained, or not contained, in the name of the user who took the action, the alert is triggered.
3. Click Next to go on to the next page.
(Optional) On the Conditions page, set conditions so that an alert is triggered only if the specified conditions are met.

For information on condition parameters available for use in policy alerts for HCM, see Condition Parameters for Oracle HCM Cloud.
1. Click Add condition or Add Free-From Condition.
2. Select a Parameter, an Operator, and a Value from the drop-down lists.
  
  In free-form conditions, you enter values for Parameter and Value.
3. To add another condition or free-form condition, repeat the 3 steps above.
  
  Note:
  When you specify multiple conditions, the conditions are ANDed. The alert is triggered only if all of the conditions are met. If you need to OR multiple conditions, create a separate policy for each condition.
4. Click Next to go on to the next page.
On the Action page, set your notifications:
- Show an alert in the Risk Events page is always selected. When an event matches the policy, Oracle CASB Cloud Service always adds an alert to Risk Events.
- Show these instructions in the alert. Select this option to add instructions for the person who might read an alert related to this policy.
When you are done, click Next, review your settings, then click Submit.

Condition Parameters for Oracle HCM Cloud

Review the parameters and operators that are available in the Conditions page of the policy creation wizard for Oracle HCM Cloud.

These parameters and operators are available on the Conditions page of the New Policy wizard to fine tune your alerts for HCM.

Note:

The exact list of parameters that you see on the Conditions page depends on the resource details that you specify on the Resource page. Not all parameters are available with all resources.

Parameter	Operator	Value
IP address v4	Include this list of addresses (In or Equal to) or exclude them (Not in or Not equal to).	A comma-separated list of IPv4 addresses.
Device	Include or exclude the selected device type.	Select Desktop, Mobile, API Call, or Other.
Timestamp	The drop-down list determines whether the time is exact, later than the time you entered, or earlier (given a 24-hour time frame). Oracle CASB Cloud Service evaluates the timestamp using Greenwich Mean Time (GMT).	A value as a time in 24-hour HH:MM:SS format.
CASB threat intelligence IP reputation	Equal to is the only option.	To flag events from IP addresses with bad or good reputations, select: Suspicious for bad reputations. Regular for good reputations.
City, State, or Country	Equal to requires matching the name you enter in Value. Not Equal to requires not matching the name you enter in Value. In requires matching any one of several names you enter in Value. Not in requires matching none of several names you enter in Value.	The name of the city, or the state or province, in the physical address that’s associated with the IP address.
Target Type	Equal to requires matching the name you enter in Value. Not Equal to requires not matching the name you enter in Value.	Values: User, Group, or Role. Note: This condition parameter is only available for the Resource Type Job Role.
Target Value	Equal to requires matching the name you enter in Value. Not Equal to requires not matching the name you enter in Value. In requires matching any one of several names you enter in Value. Not in requires matching none of several names you enter in Value. Contains requires having the text you enter in Value to be present Not Contains requires not having the text you enter in Value to be present	Name of the user, group, or role. Note: This condition parameter is only available for the Resource Type Job Role.

Creating Alerts for Oracle HCM Cloud Roles

Create alerts for activity related to Oracle HCM Cloud roles. For example, administrators who are creating too many privileged roles, or users who are performing impersonation.

Prerequisite: You must start creating your new policy in Creating an Oracle HCM Cloud Policy in order to be ready to be ready to follow the steps below to specify the resource and action that should trigger the alert.

Specifying Resources and Actions to Trigger the Alert

Specify Resource details, using the information in the table below:

Field	Value
Resource	Job Role
Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

Specify an Action on the resource using the table below:

Action on this resource	Description
Any	Matches any action.
Privileges added	Privileges were added to this job role.
Privileges removed	Privileges were removed from this job role.
Role created	A job role was created.
Role membership added	A user, group, or role was assigned this job role.
Role membership removed	A user, group, or role was removed from this job role.

(Optional) Add more Resource name-Action pairs to refine your policy.

You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
- Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
Click Next when you have finished specifying resource name-action pairs.

You are now on the Username page.
Return to Creating an Oracle HCM Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Oracle HCM Cloud Objects

Create alerts for activity related to Oracle HCM Cloud objects. For example, changes in salary or a salary component, or users who are adding users and then assigning particular roles to them.

Specifying Resources and Actions to Trigger the Alert

Specify Resource details, using the information in the table below:

Field	Value
Resource	Any resource other than Job Role
Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

Specify an Action on the resource using the table below:

Action on this resource	Description
Any	Matches any action.
Add	The resource was added.
Modify	The resource was modified.
Delete	The resource was deleted..

(Optional) Add more Resource name-Action pairs to refine your policy.

You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
- Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
Click Next when you have finished specifying resource name-action pairs.

You are now on the Username page.
Return to Creating an Oracle HCM Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.

Creating Alerts for Oracle HCM Cloud Login Events

Create alerts for activity related to Oracle HCM Cloud log in events. For example, successful and unsuccessful log ins.

Specifying Resources and Actions to Trigger the Alert

Specify Resource details, using the information in the table below:

Field	Value
Resource	Login Event
Resource name	You must provide a name for the selected resource type. If you select: Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name. Regular expression, enter .* to match all email retention rules.

Specify an Action on the resource using the table below:

Action on this resource	Description
Any	Matches any action.
Failed Login	A failed login event occurred.
Login	A successful login event occurred.

(Optional) Add more Resource name-Action pairs to refine your policy.

You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
- Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
Click Next when you have finished specifying resource name-action pairs.

You are now on the Username page.
Return to Creating an Oracle HCM Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.