Editing Detector Rule Settings in an OCI Target's Recipes

• Console
• CLI
• API

• Note
  
  

  In all targets except Security Zones targets, the only detector rule setting that you can change from the target level is the Conditional group specification. To change other rule settings from the recipe level, see Editing a User-Managed OCI Detector Recipe.

  In Security Zone targets, the security zone detector recipes have policies instead of rules, and the policies can't be modified.

  For complete information about what you can modify in Oracle-managed and user-managed (cloned) detector and responder recipes, from the recipe or target level, see Modifying Recipes at Recipe and Target Levels.

  1. Follow the steps in Listing OCI Targets and Getting Their Details to navigate to the details page for the target.
  2. On the target details page, under Resources, click Detector recipes.
  3. In the Recipe name column, click the link for the recipe in which you want to modify a rule.
  4. For the rule for which you want to change rule settings, open its Actions menu , and select Edit.
  5. In the Conditional group section:

     For information about conditional groups, see Using Conditional Groups with Recipe Rules.

     • If you want the rule to be applied to a compartment under the top-level compartment that's defined for the target:
       1. Open the Apply to compartment list.
       2. Select a compartment to which the rule should be applied.

     • To set a condition on a parameter other than tags, follow these steps:
       1. In the Parameter list, select a parameter other than Tags.
       2. Select an Operator, a List, and a Value.
       3. To add another condition, click Another condition.
          Note
          
          Specifying multiple conditions acts as an AND operator. The rule is enforced only if all the conditions are met.
     • To set a condition on tags, follow these steps:
       1. In the Parameter list, select Tags.
       2. Select an Operator (In or Not In).
          • If you select In, the rule affects only items that are tagged with one of the tags that are in the list that you provide.
          • If you select Not In, the rule affects only items that are not tagged with one of the tags that are in the list that you provide.
       3. Click Select tags.
       4. In the Select tags dialog box, set a condition for defined or free-form tags:
          • To set a condition for defined tags, select a Tag namespace other than None, select a Tag key, and then select or enter the Tag value:
          • To set a condition for free-form tags, for Tag namespace, select None for Tag namespace, enter a Tag key, and then optionally enter the Tag value.
          • Add more tags as needed.
            Note
            
            When you specify multiple tags, the rule is enforced only if all the conditions are met.

• For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  Use the oci cloud-guard target-detector-recipe-detector-rule update command and required parameters to create a target:

  oci cloud-guard target-detector-recipe-detector-rule update --details <valid_json_details> --detector-rule-id <detector_rule_id> --target-detector-recipe-id <target_detector_recipe_ocid> --target-id <target_ocid> [OPTIONS]

• Run the UpdateTargetDetectorRecipeDetectorRule operation to update a detector rule in a detector recipe that's attached to a target.