Getting Started with Policies
Review both the managed policies that are available and any custom policies already created before creating custom policies.
Oracle CASB Cloud Service provides a predefined set of managed policies for each application type. It is also possible that others have already added custom policies to the predefined set. You should examine the existing policies for your application type, and ensure that relevant managed policies are enabled, before creating your own custom policy alerts.
Reviewing Your Predefined Managed Policies (Smart Policies)
To review the current configuration of managed policies for a particular application type in your Oracle CASB Cloud Service tenant:
-
From the Oracle CASB Cloud Service console, select Configuration, Policy Management.
-
Click the Managed tab.
-
Click the Filter icon
next to the APPLICATION column header and select the application type, then click Filter.
If no managed policies are listed, it means that managed policies are not yet available for this application type. Continue with the next section below, "Reviewing Existing Custom Policies."
-
To see how a particular managed policy is defined, drop down the ACTION menu in the row for that policy and select View.
The Policy Details page displays the details about the selected managed policy.
-
Ensure that managed policies have been configured for your Oracle CASB Cloud Service tenant.
In a new Oracle CASB Cloud Service tenant, all managed policies are enabled by default, except for those that need additional, tenant-specific information in order to operate properly.
-
Review the details of the managed policies that are available to see if any of those are already generating the type of alert you need, or can be easily modified to meet your needs.
Although you can’t modify managed policies directly, you can copy a managed policy into a custom policy and then make changes in the copy.
Reviewing Existing Custom Policies
To supplement the alerts provided by managed policies, you can create custom policies that will generate alerts whenever the exact conditions that you specify are met. These include specific actions on specific resources, and optionally you may specify users or groups taking the actions, or other specific conditions under which the actions are taken. And the alert can apply to one instance, all instances, or a specific list of instances of the same application type.
To review the current list of custom policies for a particular application type in your Oracle CASB Cloud Service tenant:
-
From the Oracle CASB Cloud Service console, select Configuration, Policy Management.
-
Click the Custom tab.
If no custom policies are listed, it means that no custom policies have been created for any application type.
-
Click the Filter icon
next to the APPLICATION column header and select the application type, then click Filter.
If no custom policies are listed, it means that no custom policies have been created for this application type.
-
To see how a particular custom policy is defined, drop down the ACTION menu in the row for that policy and select View.
The Policy Details page displays the details about the selected custom policy.
Creating New Custom Policies
If none of the available managed policies or existing custom policies meet your needs, create a new custom policy that precisely targets the combination of resources, actions, and other conditions for which you want to be alerted. For detailed instructions, see the "Creating Policy Alerts for..." topic for the application type involved, linked from the first page of the Creating Policies and Managing Policy Alerts chapter.
Note:
You can create custom policies by supplying all the details yourself, or you can copy an existing custom or managed policy that is similar, and then just make a few changes. See:
-
Working with Managed Policies — to start with a managed policy.
-
Duplicating a Policy — to start with another custom or predefined policy.