Known Issues for Cloud Guard

Details: Detector and responder rules apply to a particular resource type. Conditional groups allow you specify particular resources of that type to be included or excluded from applying a rule.

Scenario 1: You can provide resource OCIDs to a conditional group as custom values or in a managed list. Cloud Guard does not check the validity of these values.

Scenario 2: When you add a country or region as a conditional group parameter to an activity detector, Cloud Guard does not check the validity of these values.

Workaround: In both scenarios above, ensure that you provide valid values. For a list of valid country and region values, see Using Conditional Groups with Recipe Rules.

Direct link to this issue: No value checking for conditional groups

Details: When a load balancer's SSL certificate is issued by Oracle Cloud Infrastructure Certificate service, and the expiration date for the certificate is within the expiration warning time, the 'Load balancer SSL certificate expiring soon' rule in the OCI Configuration Detector does not detect the condition and report a problem.

Workaround: None at this time, other than switching the load balancer to an SSL certificate issued by a different certificate authority.

Direct link to this issue: "Load balancer SSL certificate expiring soon" Configuration Detector Rule not working for OCI Issued Certificates