Responder Recipe Reference
The following table lists summary information for the Oracle-managed responder recipe rules that Cloud Guard provides.
Rule Display Name | Description | ID, Policies, and Rule Parameters | Applicable Detector Rules |
---|---|---|---|
Cloud Event |
Publishes the problem details to Oracle Cloud Infrastructure Events service. |
ID: EVENT Policy: [] Rule Parameters: {'condition': None, 'configurations': [], 'isEnabled': True, 'mode': 'AUTOACTION'} |
Not applicable. Cloud Event responder emits events that support notifications. |
Delete IAM Policy |
Deletes IAM policy giving too many privileges to an individual or a group. |
ID: DELETE_IAM_POLICY Policy: ['Allow service cloudguard to manage policies in {{location}}'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} |
Configuration, IAM:
|
Delete Internet Gateway |
Deletes Internet Gateway associated with a VCN. |
ID: DELETE_INTERNET_GATEWAY Policy: ['Allow service cloudguard to manage internet-gateways in {{location}}', 'Allow service cloudguard to manage vcns in {{location}}', 'Allow service cloudguard to manage route-tables in {{location}}'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} |
Configuration, Networking:
|
Delete Public IP(s) |
Deletes Public IPs of an Oracle Cloud Infrastructure Compute Instance. |
Policy: ['Allow service cloudguard to manage private-ips in {{location}}', 'Allow service cloudguard to manage public-ips in {{location}}'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} |
Configuration, Compute:
|
Disable IAM User |
Disables IAM user's capabilities. |
ID: DISABLE_IAM_USER Policy: ['Allow service cloudguard to manage users in tenancy'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} |
Activity, Bastion:
Activity, Certificates:
Activity, Certificates:
Activity, Database:
Activity, IAM:
Activity, Networking:
|
Enable DB Backup |
Enables automatic database backup to Oracle Cloud Infrastructure Object Storage. |
ID: ENABLE_DB_BACKUP Policy: ['Allow service cloudguard to manage backups in {{location}}', 'Allow service cloudguard to manage databases in {{location}}'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'autoBackupWindowConfig', 'name': 'Backup time window (Slot)', 'value': None}, {'configKey': 'recoveryWindowInDaysConfig', 'name': 'Backup retention period in days', 'value': None}, {'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} Note: In Rule Parameters above:
|
Configuration, Database:
|
Make Bucket Private |
Changes the Object Storage bucket's visibility from public to private. |
ID: MAKE_BUCKET_PRIVATE Policy: ['Allow service cloudguard to manage buckets in {{location}}'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} |
Configuration, Storage:
|
Rotate Vault Key |
Rotates Oracle Cloud Infrastructure Vault Key to create new key version |
ID: ROTATE_VAULT_KEY Policy: ['Allow service cloudguard to manage keys in {{location}}'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} |
Configuration, KMS:
|
Stop Compute Instance |
Gracefully shuts down the Oracle Cloud Infrastructure Compute instance. |
ID: STOP_INSTANCE Policy: ['Allow service cloudguard to manage instance-family in {{location}}'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} |
Configuration, Compute:
|
Terminate Compute Instance |
Preserves boot volume and terminates the Oracle Cloud Infrastructure Compute instance. |
ID: TERMINATE_INSTANCE Policy: ['Allow service cloudguard to manage instance-family in {{location}}'] Rule Parameters: {'condition': None, 'configurations': [{'configKey': 'isPostRemediateNotifyEnabled', 'name': 'Post Remediation Notification', 'value': 'true'}], 'isEnabled': True, 'mode': 'USERACTION'} |
Configuration, Compute:
|