Resolving a Problem

After you decide how to handle a particular problem detected by Cloud Guard, you can implement a resolution, mark the problem as resolved, and dismiss it.

    1. Open the navigation menu and click Identity & Security. Under Cloud Guard, click Alerts.
    2. On the Alerts page, click Problems.

      You can also reach the Problems page by clicking through from summary information on the Overview page. See Getting Summary Information on the Overview Page.

      If you click through from summary information on the Overview page, the problems list is automatically filtered to show only the problems represented in the summary information.

    3. On the Problems page, click the name of the problem to open its details page.
      If needed, filter the list of problems to find the one that you want to resolve. For filtering information, see Listing Problems and Getting Their Details.
    4. View the details for the problem to determine how you want to resolve it.
      • View the Recommendation on the Details tab and implement it if appropriate.
      • Click Remediate to view the responder rule that Cloud Guard recommends implementing.
        Note

        Not all problem types support the Remediate option
    5. To remediate the problem by implementing the recommended responder rule, follow these steps:
      1. Click Remediate to open the Remediate panel.
      2. View the recommended rule listed in Remediation responder rule.
        You can select another rule if one is available.
      3. If policies are listed in a Required policy statements section, click Add statements.
      4. Select Post Remediation Notification to get event notification after the remediation occurs.
      5. Click Remediate.
      6. Confirm that you want to execute the responder rule to remediate the problem.
    6. To indicate that the problem has been resolved, follow these steps:
      1. On the problem details page, click Mark as resolved.
      2. In the Mark as resolved dialog box, optionally add a comment indicating how the problem was resolved, and then click Mark as resolved.
        Although a comment isn't required, it's a best practice add one as an audit trail for future reference.
        Tip

        You can also mark one or more problems as resolved from the Problems page by selecting the check boxes next to the problems and clicking Mark as Resolved near the top of the page.

        You can select a maximum of 20 problems to process at one time through the UI. If you do the processing through the Cloud Guard and Security Zones API, you can process up to 50 problems at one time.

    7. To dismiss a problem, follow these steps:
      1. On the problem detail page, click Dismiss.
      2. In the Dismiss dialog box, optionally add a comment indicating how the problem was resolved, and then click Dismiss.
        Tip

        You can also dismiss one or more problems from the Problems page by selecting the check boxes next to the problems and clicking Dismiss near the top of the page.

        You can select a maximum of 20 problems to process at one time through the UI. If you do the processing through the Cloud Guard and Security Zones API, you can process up to 50 problems at one time.

    8. To reopen a dismissed problem, follow these steps:
      1. On the problem's detail page, click Reopen.
      2. In the Reopen dialog box, click Reopen.
  • For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

    Problems

    Use the oci cloud-guard problem trigger-responder command and required parameters to push a problem to a responder:

    oci cloud-guard problem trigger-responder --problem-id <problem_ocid> --responder-rule-id <responder_rule_id> [OPTIONS]

    Use the oci cloud-guard problem update-bulk-problem-status command and required parameters to perform a bulk status update on a list of problems:

    oci cloud-guard problem update-bulk-problem-status --problem-ids <problem_ocid_list> --status <action_taken> [OPTIONS]

    Use the oci cloud-guard problem update-problem-status command and required parameters to update the status of a single problem:

    oci cloud-guard problem update-problem-status --problem-id <problem_ocid> --status <action_taken> [OPTIONS]

    Responder Executions

    Use the oci cloud-guard responder-execution skip-bulk command and required parameters to skip execution for a list of responder executions:

    oci cloud-guard responder-execution skip-bulk --responder-execution-ids <responder_execution_id_list> [OPTIONS]

    Use the oci cloud-guard responder-execution skip command and required parameters to skip execution for a single responder execution:

    oci cloud-guard responder-execution c --compartment-id, -c <compartment_ocid> --responder-execution-id <responder_execution_identifier> [OPTIONS]
  • For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

    Problems

    Run the TriggerResponder operation to push a problem to a responder.

    Run the UpdateBulkProblemStatus operation to perform a bulk status update on a list of problems.

    Run the UpdateProblemStatus operation to update the status of a single problem.

    Responder Executions

    Run the SkipBulkResponderExecution operation to skip execution for a list of responder executions.

    Run the SkipResponderExecution operation to skip execution for a single responder execution.