Oracle Cloud Infrastructure Documentation

Getting Summary Information on the Overview Page

Use the Overview page to quickly get a sense of the overall state of security in your environment, and quickly focus on the highest risk problems Cloud Guard has detected.

Guided Tour

When you first navigate to the Cloud Guard Overview page, it automatically provides a guided tour of its features. You can stop that tour at any point, and you can restart it later.

  • The guided tour is enabled by default when you first log in to Oracle Cloud Guard.
  • You disable the guide tour by clicking the Stop Tour link on any of the pop-ups.
  • You restart the guided tour by navigating to the Settings page, Overview Guide section, and selecting Start Guide from the Actions menu Image of Action menu.

    See Viewing the Reporting Region or Restarting the Guided Tour.

Overall Security State Statistics

These tiles on the Overview page provide summary information on the overall state of security in your environment:

Problem Subset Summary Statistics

These tiles on the Overview page provide summary information on specific subsets of problems detected in your environment, and let you drill down to see the list of individual problems reflected in the summary:

  • Security Recommendations - accesses the current list of Cloud Guard recommendations for resolving detected problems.

    See Processing Security Recommendations.

  • Problems Snapshot - breaks down problems by severity level, and lets you drill down to see the list of problems from each severity level on the Problems page.

    See Processing Problems from the Problems Snapshot.

  • Problems by Compartment, Region, or Resource Type - shows information on problems, broken out by compartment, region, or resource type, then lets you drill down to see the problems behind the summary, listed on the Problems page.

    See Processing Problems by Region, Compartment, or Resource Type.

  • User Activity Problems - displays a map showing geographic origins of user activity, based on the source IP address, and lets you drill down to see details for specific problems on the Problems page.

    See Processing User Activity Problems.

  • Responder Status - shows recent remediations that have been performed through Cloud Guard responders., and lets you drill down to see the details for each.

    See Processing Responder Status Problems.

Understanding the Security Score

The Security Score on the Overview page provides a rough estimate of how secure your system is.

  1. Open the navigation menu and click Identity & Security. Under Cloud Guard, select Overview.
  2. View the Security Score tile in the top-left corner.
    • The numeric security score indicates the percentage of resources that Cloud Guard has examined which it did not flag as potential problems.
    • A higher security score is better. A security score of 100 would mean that no problems were detected for any resources.
    Note

    The security score reflects monitoring for the past 30 days. Cloud Guard updates the security score calculation continuously.

Understanding the Risk Score

The Risk Score on the Overview page provides a rough estimate of the risk level to your environment that's posed by the problems that Cloud Guard detects.

The risk score is related to the number and severity of problems. In general, organizations with many more resources are likely to have more problems, and thus a higher risk scores. The risk score is closely related to the "potential surface area" of risk. If you have many OCI resources, you might have an excellent security score (overall assessment) and still have a higher risk score.

Viewing the Risk Score

  1. Open the navigation menu and click Identity & Security. Under Cloud Guard, select Overview.
  2. View the Risk Score tile in the top center.

How the Risk Score is Calculated

  • The numeric risk score is updated every 15 minutes, and reflects the total number of problems that Cloud Guard has detected, the risk level of each problem, and the types of resources involved.

    Different categories of resources are more sensitive to security threats and that sensitivity weights the scoring. For example, users (IAM) and buckets are considered more sensitive, based on factors such as how easy they are to access and how they can be used as a target of attack.

  • The raw risk score that’s calculated is normalized to fall within the range of 0-9,999. A risk score of zero would mean that no problems were detected for any resources.

    A high risk score generally means there are a larger number of problems that have higher risk levels (HIGH or CRITICAL). If the problems and the resources involved are less sensitive, a large number of problems doesn’t produce a high risk score.

  • Best practice for security is to give priority to addressing the problems with the highest risk levels, that Cloud Guard detects on the most sensitive resources. Following this best practice also produces the greatest reduction in the risk score.
Note

The risk score reflects monitoring for the past 30 days. Cloud Guard updates the risk score calculation continuously.

Interpreting the Trendline Charts

The trendline charts show the change over time in the Security Score number, the Problems Snapshot total number, and total number reflected in Security Recommendations.

  1. Open the navigation menu and click Identity & Security. Under Cloud Guard, select Overview.
  2. On the Overview page, scroll to the bottom to view the trendline charts.

    Each trendline chart tracks a number displayed in one of the tiles at the top of the Overview over time:

    • Security Score Trendline - tracks the Security Score number.
    • Problems Trendline - tracks the Total number in the Problems Snapshot tile.
    • Remediation Trendline - tracks the total number of open recommendations you would see if you click View All Recommendations on the Security Recommendations tile.
  3. Click the Start Date and End Date controls to change the time period that's covered.
    The default is the last 30 days.
  4. To see a breakdown of the information going into a data point, move your mouse pointer over that data point in any chart.
  5. In the New Problems Trendline chart, click a data point to view all the new problems for that data point on the Problems page.

What's Next

See Processing and Resolving Problems on the Problems Page.

Processing Security Recommendations

Follow links from the Security Recommendations tile to implement Cloud Guard recommendations for resolving the highest priority problems that have been detected.

  1. Open the navigation menu and click Identity & Security. Under Cloud Guard, select Overview.
  2. View the Security Recommendations tile in the top-right corner.

    The Security Recommendations tile provides links to suggestions to improve your security and risk scores. Only the top two are listed in the tile.

  3. Click View Recommendations to see the full list.
    The full list of recommendations is displayed on the Recommendations page.

What's Next

Continue with Processing Recommendations.

Processing Problems from the Problems Snapshot

View a breakdown of problems by severity level and drill down to see the list of problems from each severity level on the Problems page.

  1. Open the navigation menu and click Identity & Security. Under Cloud Guard, select Overview.
  2. View the Problems Snapshot tile, just below the Security Score tile in the top-left corner.

    The Problems Snapshot tile shows the breakdown of detected problems by severity level in a pie chart, with the total number of problems displayed in the center. This chart is updated continuously.

    Cloud Guard categorizes problems by these severity levels;

    • Critical - the most serious problems detected, which should be your highest priority to resolve.
    • High - the next most serious problems.
    • Medium - problems that are a bit less serous.
    • Low - problems that are still less serious.
    • Minor - the least serious problems detected; they still need be resolved eventually, but can be your lowest priority.
  3. To see the number of problems in that severity level, move your mouse pointer over one of the color sections.
  4. Click a color section in the pie chart to open the Problems page, filtered to display the list of problems in that severity level.

What's Next

See Processing and Resolving Problems on the Problems Page.

Processing Problems by Region, Compartment, or Resource Type

View summary information on problems, broken out by compartment, region, or resource type, then drill down to see the problems behind the summary, listed on the Problems page.

  1. Open the navigation menu and click Identity & Security. Under Cloud Guard, select Overview.
  2. In the Problems tile, use the Group by list to select the way you want problems to be Grouped by: Compartment, Region, or Resource Type.

    The Problems tile shows a bar chart for each region, compartment, or resource type covered. The length of the bar is proportional to the number of problems.

  3. To see the number of problems of different severity levels in a bar, move your mouse pointer over the bar.
  4. To see the actual list of problems represented in a bar, click the part of the bar representing problems of that severity level.

    The Problems page opens, filtered to display the list of problems represented in the part of the bar that you clicked.

What's Next

Continue with Processing and Resolving Problems on the Problems Page.

Processing User Activity Problems

View the map showing geographic origins of user activity, based on the source IP address.

  1. Open the navigation menu and click Identity & Security. Under Cloud Guard, select Overview.
  2. Interpret the symbols in the User Activity Problems tile map:
    • Image of symbol representing a cluster of suspicious events A cluster of problems.
    • Image of symbol representing a single suspicious event A single problem, or multiple instances of the same problem.
  3. Click symbols in the User Activity Problems map to get more information:

    • Click a large circle symbol to zoom in until you can see symbols representing individual problems.

    • To see summary information about the problem, click the symbol for an individual problem.

      A pop-up opens, showing the number of instances of the problem, the geographic origin, and a link to view all instances of the problem on the Problems page.

    • To see more details on the problem, click the View link in the pop-up.

What's Next

Continue with Processing and Resolving Problems on the Problems Page.

Processing Responder Status Problems

Review recent remediations that have been performed through Cloud Guard responders.

  1. Open the navigation menu and click Identity & Security. Under Cloud Guard, select Overview.
  2. In the Responder Status tile, view:
    • Total Pending - the total number of responder actions that are on hold, pending administrative approval.
    • Recently Performed Remediations - summary information about remediations that have been performed through Cloud Guard responders in the past 30 days.
  3. To process responder actions on the Responder Activity page, when the Total Pending number is greater than zero, click the Total Pending link.

    The Responder Activity page opens, showing the list of pending recommendations.

What's Next

Continue with Using the Responder Activity Page.