Creating Policy Alerts for Oracle Identity Cloud Service (IDCS)
Create custom policies to generate alerts for actions on resources that are specific to your IDCS environment.
Prerequisite: Ensure that you have followed the instructions in Getting Started with Policies to review available managed policies, and any custom policies that already exist, before creating a new custom policy.
You can configure policies for any changes in roles or objects.
Creating an IDCS Policy
Follow these general steps for any policy you create to generate an alert for actions in IDCS.
The following are general steps for creating an IDCS policy. Once created, when the policy conditions are met, Oracle CASB Cloud Service displays an alert in Risk Events and optionally can send the alert through email.
Condition Parameters for IDCS
Review the parameters and operators that are available in the Conditions page of the policy creation wizard for IDCS.
These parameters and operators are available on the Conditions page of the New Policy wizard to fine tune your alerts for IDCS.
Note:
The exact list of parameters that you see on the Conditions page depends on the resource details that you specify on the Resource page. Not all parameters are available with all resources.
Parameter | Operator | Value |
---|---|---|
IP address v4 |
Include this list of addresses (In or Equal to) or exclude them (Not in or Not equal to). |
A comma-separated list of IPv4 addresses. |
Device |
Include or exclude the selected device type. |
Select Desktop, Mobile, API Call, or Other. |
Timestamp |
The drop-down list determines whether the time is exact, later than the time you entered, or earlier (given a 24-hour time frame). Oracle CASB Cloud Service evaluates the timestamp using Greenwich Mean Time (GMT). |
A value as a time in 24-hour HH:MM:SS format. |
CASB threat intelligence IP reputation |
Equal to is the only option. |
To flag events from IP addresses with bad or good reputations, select:
|
Group |
Include this list of groups (In) or exclude them (Not in). |
Comma-separated list of group names. |
City, State, or Country |
|
The name of the city, or the state or province, in the physical address that’s associated with the IP address. |