Managing Targets

You can add targets to expand or change the scope of resources that Cloud Guard monitors.

A target Defines a the scope of what Cloud Guard will check. A target can consist of your entire OCI tenancy, or any combination of compartments below the top level. You must specify at least one target when you enable Cloud Guard. You can define additional targets later.

Viewing Details for a Target

View the details for a target to see exactly what scope of resources it specifies for Cloud Guard to monitor.

  1. From the Cloud Guard options panel on the left, select Targets.

    The Targets page lists all targets currently defined.

    Note

    Initially, the list shows only what was specified in the Compartments to Monitor option. If None was selected, this list is initially empty.
  2. To filter the list of targets, start typing in the Filter by name box.
  3. To view details for a specific target, click the link in the Target Name column.

    You can also open the Actions menu Image of Action menu and select View Details

  4. To view the OCID for the target, click the Cloud Guard Target Information tab near the top.
  5. To view tags assigned to the target, click the Tags tab.
  6. To add tags to the target, click Add Tags, below the target name, then in the Add One Or More Tags To This Resource dialog box:
    1. Select a Tag Namespace from the list.
      Selecting None... makes it a free-form tag.
    2. Enter a Tag Key.
    3. Enter a Value.
    4. To add another tag, click + Additional Tag, and repeat steps a-c above.
    5. To remove a tag you have added, click the X at the right end of the row for that tag.
      If you've only added one tag, just click the Close link at the top right.
    6. When you are done, click Add Tags.
  7. To view compartments assigned to the target:
    1. In the Resources panel on the left, click Compartment Assignment.
      A list of compartments assigned to the target is displayed in the Compartment Assignment section.
    2. To view inheritance information for a compartment, expand the compartment row using the icon at the right end.
  8. To view detector recipes enabled for the target:
    1. In the Resources panel on the left, click Detector Recipes.
      A list of detector recipes enabled for the target is displayed in the Detector Recipes section. A checkmark in the (Oracle Managed) column indicates the recipe is Oracle managed.
    2. To view the rules in a detector recipe, click the link in the Recipe Name column.

      You can also open the Actions menu Image of Action menu and select View Details

      The rules for the detector recipe are listed in the Detector Rules section of the page that opens.

    3. To edit a detector rule (that's not Oracle managed) from this page, open the Actions menu Image of Action menu and select Edit.
  9. To view responder recipes enabled for the target:
    1. In the Resources panel on the left, click Responder Recipes.
      A list of responder recipes enabled for the target is displayed in the Responder Recipes section. A checkmark in the (Oracle Managed) column indicates the recipe is Oracle managed.
    2. To view the rules in a responder recipe, click the link in the Recipe Name column.

      You can also open the Actions menu Image of Action menu and select View Details

      The rules for the detector recipe are listed in the Detector Rules section of the page that opens.

    3. To see the Description and Conditional Group information for a responder recipe rule, open the Actions menu Image of Action menu and select Edit..
    4. To edit a responder rule (that's not Oracle managed) from this page, open the Actions menu Image of Action menu and select Edit.

What's Next

Creating a Target

Create a new target to define an additional scope of resources for Cloud Guard to monitor.

  1. From the Cloud Guard options panel on the left, select Targets.
  2. On the Targets page, click Create New Target.
  3. In the Create New Target dialog box, enter a Name for the new target.
  4. (Optional) Enter a Description.
  5. Select a Compartment Assignment.
    Select a compartment from the list. The list is an expandable, collapsible hierarchy of all the compartments available.
    Note

    You can select only a single compartment. Any child compartments under the selected compartment inherit the detector and responder recipe settings for the target.

    To exclude a child compartment from the monitoring that applies to the rest of the target, create a separate target and specify that compartment in the Compartment Assignment.

  6. Select a Configuration Detector Recipe.
  7. Select an Activity Detector Recipe.
  8. (Optional) Select a Responder Recipe.

    If no responder recipes are available, responders are not enabled. See Managing Responder Recipes.

    Note

    If responders are enabled, and you do not add a responder to the target, full functionality for responders is not available within the target.
  9. (Optional) To add tags to the target, click Show Advanced Options, then:
    1. Select a Tag Namespace from the list.
      Selecting None... makes it a free-form tag.
    2. Select a Tag Key.
    3. Enter a Value.
    4. To add another tag, click + Additional Tag, and repeat steps a-c above.
    5. To remove a tag you have added, click the X at the right end of the row for that tag.
      If you've only added one tag, you can't remove it. If it's important to remove the tag, click Cancel at the bottom of the dialog box, then click Create New Target to start over.
  10. Click Create.

    The detail page for the new target displays.

What's Next

Modifying a Target

Modify an existing target if you just want to change the scope of resources which that target defines for Cloud Guard to monitor.

  1. From the Cloud Guard options panel on the left, select Targets.
  2. On the Targets page, locate the target you want to modify and click its link in the Target Name column.

    The detail page for the target displays. with the Compartment Assignment selected.

  3. To add tags to the target, click Add Tags near the top, then:
    1. Select a Tag Namespace from the list.
      Selecting None... makes it a free-form tag.
    2. Enter a Tag Key.
    3. Enter a Value.
    4. To add another tag, click + Additional Tag, and repeat steps a-c above.
    5. To remove a tag you have added, click the X at the right end of the row for that tag.
      If you've only added one tag, just click the Close link at the top right.
    6. When you are done, click Add Tags.
  4. To change an associated detector recipe, in the options panel on the left click Detector Recipes, then follow the steps below:
    Note

    Within a target, you can't edit the Status, Risk Level, or Labels fields. To make changes in these fields, see Modifying a Cloned Detector Recipe.

    1. To add a recipe, click Add Recipe.
      Note

      The Add Recipe button is not available if the target already has a configuration detector recipe and an activity detector recipe added. You must first remove the type of recipe that you wish to add.
    2. To remove a recipe, open the Actions menu Image of Action menu and select Remove.
    3. To modify settings for a recipe, click the link in the Recipe Name column.

      To modify a rule for a recipe, click the Actions menu Image of Action menu for the rule and select Edit.

      Note

      For Oracle managed detector recipes, you can only modify the Conditional... settings.
  5. To change the associated responder recipe, go back to the Target Details page and click Responder Recipe in the options panel on the left, then:
    1. To add a recipe, click Add Recipe, select a Responder Recipe from the list, and click Add Recipe.
      Note

      The Add Recipe button is not available if the target already has a responder recipe added. You must first remove that responder recipe.
    2. To remove a recipe, open the Actions menu Image of Action menu and select Remove.
    3. To view details for a recipe, open the Actions menu Image of Action menu and select View Details.

Deleting a Target

If a target is no longer needed, you can delete it.

  1. From the Cloud Guard options panel on the left, select Targets.
  2. On the Targets page, select the checkbox for each target you want to delete.
  3. To disable the target, click Disable.
  4. Click Delete to confirm the deletion.