About Processing Problems
Understand the tools that Cloud Guard provides for processing the problems that it detects.
Processing problems, which is at the core of the functionality that Cloud Guard provides, involves:
- Prioritizing problems to focus on highest risks.
- Examining problem details to determine what's happening.
- Resolving each problem to ensure that risks are countered and "false alarms" do not continue in the future.
The four key pages linked below work together to help you process the problems that Cloud Guard detects.
Overview
- Is the first page you see when you start a Cloud Guard session.
- Shows you summary information on different types of problems that have been detected, so that you can quickly focus on resolving the most serious problems first.
- Lets you click through from the summary information to see the list of individual problems behind the summary.
To understand what you can do on the Overview page, see Getting Summary Information on the Overview Page.
Problems
- Is where a list of individual problems is displayed.
- Lets you sort and filter the problems list to focus on any subset that you want to inspect or resolve.
- When you click through from the summary information on the Overview page, automatically filters the list to show the individual problems behind the summary information.
To understand what you can do on the Problems page, see Processing and Resolving Problems on the Problems Page.
Responder Activity Page
- Shows the status of recent responders that have been triggered.
- When you click through from the Responder Status tile on the Overview page, automatically filters the list to show the individual responders behind the summary information.
- Lets you specify further actions to take on responders that have not completed processing.
To understand what you can do on the Responder Activity page, see Using the Responder Activity Page.
About Cloud Guard Data Retention
Understand how long Cloud Guard retains problem data, how to access data that's retained, and how to preserve data for longer term availability.
Cloud Guard maintains problem data for 180 days. The console displays problem data for only the past 90 days. Cloud Guard APIs can access the data that's from 91 to 180 days old. Other OCI services can export data outside of Cloud Guard longer term access.
- The Cloud Guard database maintains problem data, from both activity and configuration detectors, for 180 days.
- After 180 days, Cloud Guard permanently deletes problem data in the next purge.
- Purges occur on the last Saturday of each month, so some problem data actually remains in the database for a little longer than 180 days.
- The age of problem data is calculated from the date the problem was first detected.
- Cloud Guard automatically displays problem data from the past 90 days in the console.
- To access data from the past 91–180 days, use the Cloud Guard APIs to extract the data from the Cloud Guard database. See Cloud Guard APIs.
- To retain problem data beyond 180 days, use OCI Events, Notifications, and Functions services to send the data to external tools, or to an object storage within OCI. See Configuring Notifications in the main Cloud Guard documentation, or Integrate Oracle Cloud Guard with External Systems Using OCI Events and Functions in the Oracle A-Team Chronicles.