About OCI Responder Recipes

Cloud Guard detectors follow rules, combined into recipes, to identify problems.

A responder is an action that Cloud Guard can take when a detector has identified a problem. The available actions are resource-specific. Each responder uses a responder recipe that defines the action or set of actions to take in response to a problem that a detector has identified.

Each responder recipe uses multiple responder rules, each of which defines the specific actions to take.

Cloud Guard provides a set of responders with default rules. You can:

  • Use these responders as is.
  • Clone any of the default responders and modify the rules to meet specific needs.
  • Enable and disable responder rules individually.
  • Limit the scope for applying individual rules by specifying conditions that must be met.

Cloud Guard supports two types of responder recipes:

  • Oracle-managed recipes are provided by Oracle and you can only modify a few settings in the recipe rules.
  • User-managed recipes must be created, usually by cloning an Oracle-managed recipe. You can modify more settings in user-managed recipes rules.

For more information on what you can modify in recipes that are Oracle-managed or user-managed, and whether you are making changes from the recipe level or the target level, see Modifying Recipes at Recipe and Target Levels,

Policy Statements for OCI Responders

Add policy statements that are required for particular responders.

Caution

Enabling responders gives Cloud Guard permissions to modify security settings in your environment to remediate, on your behalf, problems that the responders detect. Ensure that granting these permissions does not violate your organization's security policies.

The following policy statements are required for particular responders. Based on the responder type, one of these policies is needed during manual or automatic remediation.

allow service cloudguard to manage instance-family in compartment <compartment_name>
allow service cloudguard to manage object-family in compartment <compartment_name>
allow service cloudguard to manage buckets in compartment <compartment_name>
allow service cloudguard to manage users in compartment <compartment_name>
allow service cloudguard to manage policies in compartment <compartment_name>
allow service cloudguard to manage keys in compartment <compartment_name>