{"id":975,"date":"2026-04-17T08:31:05","date_gmt":"2026-04-17T08:31:05","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-guard-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-security-identity-and-compliance\/"},"modified":"2026-04-17T08:31:05","modified_gmt":"2026-04-17T08:31:05","slug":"oracle-cloud-guard-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-security-identity-and-compliance","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-guard-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-security-identity-and-compliance\/","title":{"rendered":"Oracle Cloud Guard Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Security, Identity, and Compliance"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Security, Identity, and Compliance<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

Oracle Cloud Cloud Guard<\/strong> is Oracle Cloud Infrastructure (OCI) security posture management and threat detection service that continuously checks your OCI resources for risky configurations and suspicious activity, then helps you prioritize and respond.<\/p>\n\n\n\n

In simple terms: Cloud Guard watches your OCI tenancy for security issues<\/strong>, turns what it finds into actionable \u201cproblems,\u201d and can notify people (or automate responses) so issues don\u2019t linger unnoticed.<\/p>\n\n\n\n

Technically, Cloud Guard ingests signals from OCI (configuration metadata, audit\/activity telemetry, and service events depending on the detector), evaluates them using detector recipes<\/strong>, correlates findings into problems<\/strong> with risk levels, and can optionally trigger responder recipes<\/strong> (for notifications and remediation actions) scoped to targets<\/strong> (compartments and regions you choose).<\/p>\n\n\n\n

The problem it solves is the gap between \u201cwe deployed in the cloud\u201d and \u201cwe continuously know if it\u2019s still secure.\u201d As teams scale compartments, networking, identity policies, keys, and data services, misconfigurations and risky changes become inevitable. Cloud Guard provides continuous, centralized visibility and a workflow for detection, triage, and response across Oracle Cloud.<\/p>\n\n\n\n

2. What is Cloud Guard?<\/h2>\n\n\n\n

Official purpose (OCI):<\/strong> Cloud Guard helps you identify security weaknesses<\/strong> in your OCI tenancy and detect suspicious activity<\/strong>, providing recommended actions and optional automated responses.\nVerify the most current product statement and supported detectors\/responders in the official documentation:\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/cloud-guard\/home.htm<\/p>\n\n\n\n

Core capabilities<\/h3>\n\n\n\n
    \n
  • Continuous security posture monitoring<\/strong> for OCI resources (misconfiguration and risky settings).<\/li>\n
  • Threat\/activity detection<\/strong> based on telemetry and audit-like signals (depending on detector type).<\/li>\n
  • Centralized findings (\u201cproblems\u201d)<\/strong> with severity\/risk levels and context about impacted resources.<\/li>\n
  • Recipes<\/strong> (detector and responder) to standardize what is detected and how your organization responds.<\/li>\n
  • Targets<\/strong> to define where<\/em> Cloud Guard monitors (which compartments, and which regions are enabled).<\/li>\n
  • Integrations<\/strong> to send events to operational tooling (for example, OCI Events + Notifications).<\/li>\n<\/ul>\n\n\n\n

    Major components (common terms you will see in OCI Console)<\/h3>\n\n\n\n
      \n
    • Cloud Guard (service)<\/strong>: The overall capability in OCI Security, Identity, and Compliance.<\/li>\n
    • Reporting region<\/strong>: The region where Cloud Guard stores\/aggregates its reporting data for the tenancy. (Confirm behavior in docs for your tenancy design.)<\/li>\n
    • Targets<\/strong>: Scopes for monitoring (commonly compartments).<\/li>\n
    • Detector recipes<\/strong>: Collections of detector rules (configuration and activity detectors).<\/li>\n
    • Responder recipes<\/strong>: Collections of responder rules (notify and\/or remediate depending on rule\/action).<\/li>\n
    • Managed lists<\/strong>: Allowlists\/denylists used by some detectors to reduce false positives and align with policy.<\/li>\n
    • Problems<\/strong>: Aggregated and prioritized issues created from detector findings.<\/li>\n<\/ul>\n\n\n\n

      Service type and scope<\/h3>\n\n\n\n
        \n
      • Service type:<\/strong> Managed OCI security service (control-plane service) accessed through the OCI Console, API, and typically OCI Events\/Notifications for downstream automation.<\/li>\n
      • Scope:<\/strong> Tenancy-aware<\/strong>, with monitoring defined by targets<\/strong> (compartment-based) and enabled regions<\/strong>.<\/li>\n
      • Regional vs global:<\/strong> Cloud Guard has a reporting region<\/strong> concept and can be enabled in one or more regions<\/strong>. In practice, you plan it as a tenancy-wide security service with region-specific enablement and centralized reporting.<\/li>\n<\/ul>\n\n\n\n

        How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n

        Cloud Guard is a foundational layer in Oracle Cloud Security, Identity, and Compliance<\/strong>:\n– Works alongside IAM<\/strong> (policies, users, groups, dynamic groups), Audit<\/strong>, and Logging<\/strong> to provide visibility.\n– Complements preventive<\/strong> controls like Security Zones<\/strong> (where applicable) by providing detective<\/strong> and responsive<\/strong> controls.\n– Integrates with OCI Events<\/strong>, Notifications<\/strong>, and (optionally) automation services (for example, Functions) to operationalize security response.<\/p>\n\n\n\n

        3. Why use Cloud Guard?<\/h2>\n\n\n\n

        Business reasons<\/h3>\n\n\n\n
          \n
        • Reduce breach likelihood and impact<\/strong> by finding high-risk exposures (for example, overly permissive network access) before they\u2019re exploited.<\/li>\n
        • Centralize security visibility<\/strong> across many compartments\/projects and teams.<\/li>\n
        • Improve audit readiness<\/strong> by demonstrating ongoing security monitoring and remediation workflows.<\/li>\n<\/ul>\n\n\n\n

          Technical reasons<\/h3>\n\n\n\n
            \n
          • Continuous detection<\/strong> across OCI services without building a custom scanner pipeline.<\/li>\n
          • Standardized security policy as recipes<\/strong> that can be cloned and tailored to your environment.<\/li>\n
          • Correlation into \u201cproblems\u201d<\/strong> so you triage fewer, higher-signal issues instead of raw logs.<\/li>\n<\/ul>\n\n\n\n

            Operational reasons<\/h3>\n\n\n\n
              \n
            • Integrates with incident workflows<\/strong> via Events\/Notifications (email, paging, ticket creation via downstream automation).<\/li>\n
            • Supports compartment-based ownership<\/strong>: platform security can define standards; app teams can remediate in their compartments.<\/li>\n
            • Baseline + customization<\/strong>: start with Oracle-provided recipes, then tune as you learn.<\/li>\n<\/ul>\n\n\n\n

              Security\/compliance reasons<\/h3>\n\n\n\n
                \n
              • Helps enforce internal policies such as:<\/li>\n
              • \u201cNo internet-exposed administrative ports\u201d<\/li>\n
              • \u201cNo public object storage where prohibited\u201d<\/li>\n
              • \u201cNo risky identity changes without review\u201d<\/li>\n
              • Provides evidence of \u201cdetective controls\u201d expected by many frameworks.<\/li>\n<\/ul>\n\n\n\n

                Scalability\/performance reasons<\/h3>\n\n\n\n
                  \n
                • Cloud Guard is managed by Oracle; you don\u2019t scale scanners, databases, or correlation engines yourself.<\/li>\n
                • Designed for multi-compartment tenancies and ongoing change.<\/li>\n<\/ul>\n\n\n\n

                  When teams should choose it<\/h3>\n\n\n\n

                  Choose Cloud Guard when:\n– You run production workloads on OCI and need continuous posture monitoring<\/strong>.\n– You have multiple teams\/compartments and want centralized governance with distributed remediation.\n– You want to operationalize OCI security findings into alerting and response.<\/p>\n\n\n\n

                  When teams should not choose it (or not rely on it alone)<\/h3>\n\n\n\n

                  Cloud Guard is not a replacement for:\n– A full SIEM<\/strong> (log retention, advanced correlation across all sources, long-term forensic search).\n– Endpoint detection and response (EDR) on compute instances.\n– Application security testing (SAST\/DAST), container runtime security, or third-party CSPM across multiple clouds.<\/p>\n\n\n\n

                  If you need deep log analytics, long retention, and cross-cloud correlation, pair Cloud Guard with a SIEM or OCI logging analytics approach (verify current Oracle offerings for your use case).<\/p>\n\n\n\n

                  4. Where is Cloud Guard used?<\/h2>\n\n\n\n

                  Industries<\/h3>\n\n\n\n
                    \n
                  • Financial services<\/strong>: strong governance and evidence of monitoring.<\/li>\n
                  • Healthcare<\/strong>: continuous detection and compartment-level separation.<\/li>\n
                  • Government\/public sector<\/strong>: centralized security controls and multi-project oversight.<\/li>\n
                  • Retail\/e-commerce<\/strong>: fast-changing environments with a need to detect risky exposure quickly.<\/li>\n
                  • SaaS providers<\/strong>: multi-environment compartment structures (dev\/stage\/prod) and standardized security baselines.<\/li>\n<\/ul>\n\n\n\n

                    Team types<\/h3>\n\n\n\n
                      \n
                    • Security engineering \/ cloud security teams<\/li>\n
                    • Platform engineering teams (landing zone owners)<\/li>\n
                    • DevOps\/SRE teams (on-call incident response)<\/li>\n
                    • Compliance and risk teams (reporting, control evidence)<\/li>\n
                    • Application teams (compartment owners\/remediators)<\/li>\n<\/ul>\n\n\n\n

                      Workloads<\/h3>\n\n\n\n
                        \n
                      • Internet-facing apps (load balancers, compute, API gateways)<\/li>\n
                      • Data platforms (databases, object storage, analytics services)<\/li>\n
                      • Shared platform services (networking hubs, IAM patterns)<\/li>\n
                      • High-change CI\/CD environments where misconfigurations can slip in<\/li>\n<\/ul>\n\n\n\n

                        Architectures<\/h3>\n\n\n\n
                          \n
                        • Multi-compartment landing zone<\/strong> with shared networking and centralized logging<\/li>\n
                        • Multi-region<\/strong> deployments with centralized security operations<\/li>\n
                        • Hub-and-spoke VCN<\/strong> patterns where network exposure is a key risk area<\/li>\n
                        • Least-privilege IAM<\/strong> implementations where identity drift is monitored<\/li>\n<\/ul>\n\n\n\n

                          Real-world deployment contexts<\/h3>\n\n\n\n
                            \n
                          • Production:<\/strong> Always recommended; tune detectors and alerting to avoid noise.<\/li>\n
                          • Dev\/test:<\/strong> Useful for catching insecure defaults early, but avoid excessive alerting fatigue\u2014consider lighter recipes or separate targets.<\/li>\n<\/ul>\n\n\n\n

                            5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                            Below are realistic Cloud Guard use cases. Exact detector\/responder availability can change by region and service updates\u2014verify in official docs for your tenancy.<\/p>\n\n\n\n

                            1) Internet-exposed administrative ports<\/h3>\n\n\n\n
                              \n
                            • Problem:<\/strong> Security lists\/NSGs allow SSH\/RDP from 0.0.0.0\/0<\/code>.<\/li>\n
                            • Why Cloud Guard fits:<\/strong> Detects risky network exposure and raises a prioritized problem.<\/li>\n
                            • Scenario:<\/strong> A developer opens SSH temporarily; Cloud Guard flags it so it\u2019s corrected quickly.<\/li>\n<\/ul>\n\n\n\n

                              2) Public or overly permissive object storage access<\/h3>\n\n\n\n
                                \n
                              • Problem:<\/strong> Buckets\/objects are exposed more broadly than policy allows.<\/li>\n
                              • Why Cloud Guard fits:<\/strong> Detects posture issues on storage resources.<\/li>\n
                              • Scenario:<\/strong> A team shares artifacts publicly by mistake; Cloud Guard surfaces it for immediate remediation.<\/li>\n<\/ul>\n\n\n\n

                                3) Risky IAM changes and privilege escalation patterns<\/h3>\n\n\n\n
                                  \n
                                • Problem:<\/strong> Excessive permissions granted, new admin users\/groups, overly broad policies.<\/li>\n
                                • Why Cloud Guard fits:<\/strong> Activity\/configuration detectors can identify dangerous identity changes.<\/li>\n
                                • Scenario:<\/strong> A policy is updated to allow broad \u201cmanage all-resources\u201d in tenancy; Cloud Guard alerts security.<\/li>\n<\/ul>\n\n\n\n

                                  4) Drift from security baselines across compartments<\/h3>\n\n\n\n
                                    \n
                                  • Problem:<\/strong> Different teams configure services inconsistently.<\/li>\n
                                  • Why Cloud Guard fits:<\/strong> Targets + standardized recipes provide consistent monitoring everywhere.<\/li>\n
                                  • Scenario:<\/strong> One compartment enables risky network settings; Cloud Guard catches drift.<\/li>\n<\/ul>\n\n\n\n

                                    5) Centralized alerting for OCI security findings<\/h3>\n\n\n\n
                                      \n
                                    • Problem:<\/strong> Security teams need one place to see issues and notify on-call.<\/li>\n
                                    • Why Cloud Guard fits:<\/strong> Problems are centralized; OCI Events can route alerts to Notifications.<\/li>\n
                                    • Scenario:<\/strong> New high-risk problem triggers an Events rule that emails the SOC distribution list.<\/li>\n<\/ul>\n\n\n\n

                                      6) Automated response for well-understood issues (with guardrails)<\/h3>\n\n\n\n
                                        \n
                                      • Problem:<\/strong> Common misconfigurations recur (for example, accidental exposure).<\/li>\n
                                      • Why Cloud Guard fits:<\/strong> Responder recipes can trigger actions (where supported) or notifications for human-in-the-loop.<\/li>\n
                                      • Scenario:<\/strong> High-confidence exposure findings trigger auto-notify and create a ticket; optional auto-remediation is enabled only after testing.<\/li>\n<\/ul>\n\n\n\n

                                        7) Multi-region security posture monitoring<\/h3>\n\n\n\n
                                          \n
                                        • Problem:<\/strong> Workloads run across multiple OCI regions; security needs consistent coverage.<\/li>\n
                                        • Why Cloud Guard fits:<\/strong> Enable Cloud Guard in multiple regions and use targets for consistent monitoring.<\/li>\n
                                        • Scenario:<\/strong> Production runs in two regions; Cloud Guard monitors both under the same governance model.<\/li>\n<\/ul>\n\n\n\n

                                          8) M&A or multi-business-unit tenancy governance<\/h3>\n\n\n\n
                                            \n
                                          • Problem:<\/strong> Different business units share a tenancy with many compartments.<\/li>\n
                                          • Why Cloud Guard fits:<\/strong> Targets allow separate scopes with tailored recipes per unit.<\/li>\n
                                          • Scenario:<\/strong> BU1 needs stricter rules than BU2; Cloud Guard recipes are customized per target.<\/li>\n<\/ul>\n\n\n\n

                                            9) Control evidence for compliance programs<\/h3>\n\n\n\n
                                              \n
                                            • Problem:<\/strong> Auditors require evidence of continuous monitoring and response.<\/li>\n
                                            • Why Cloud Guard fits:<\/strong> Problems and remediation history support detective control narratives.<\/li>\n
                                            • Scenario:<\/strong> Compliance asks for proof that risky exposures are detected and tracked to remediation.<\/li>\n<\/ul>\n\n\n\n

                                              10) Reduce false positives using managed lists<\/h3>\n\n\n\n
                                                \n
                                              • Problem:<\/strong> Approved exceptions exist (for example, specific IP allowlists).<\/li>\n
                                              • Why Cloud Guard fits:<\/strong> Managed lists support tuning detectors to reduce noise.<\/li>\n
                                              • Scenario:<\/strong> A corporate IP range is allowed to reach admin ports; Cloud Guard uses a managed list so it doesn\u2019t alert.<\/li>\n<\/ul>\n\n\n\n

                                                11) Security operations triage with context and prioritization<\/h3>\n\n\n\n
                                                  \n
                                                • Problem:<\/strong> Raw events lack context; analysts need impacted resources and suggested fixes.<\/li>\n
                                                • Why Cloud Guard fits:<\/strong> Problems include resource context and recommendations.<\/li>\n
                                                • Scenario:<\/strong> Analyst sees \u201cCritical\u201d problem tied to a specific subnet\/security list and routes it to the owning team.<\/li>\n<\/ul>\n\n\n\n

                                                  12) Detect changes that break organizational policies<\/h3>\n\n\n\n
                                                    \n
                                                  • Problem:<\/strong> Policies like \u201cno public IPs on production instances\u201d are violated.<\/li>\n
                                                  • Why Cloud Guard fits:<\/strong> Posture detectors can surface these violations as problems.<\/li>\n
                                                  • Scenario:<\/strong> A prod instance is launched with a public IP; Cloud Guard flags it and the team removes it.<\/li>\n<\/ul>\n\n\n\n

                                                    6. Core Features<\/h2>\n\n\n\n

                                                    Cloud Guard evolves; always confirm the most current feature set and supported detectors\/responders in the official docs.<\/p>\n\n\n\n

                                                    6.1 Targets (scope of monitoring)<\/h3>\n\n\n\n
                                                      \n
                                                    • What it does:<\/strong> Defines which compartments\/resources Cloud Guard monitors, typically per target.<\/li>\n
                                                    • Why it matters:<\/strong> Prevents \u201call or nothing\u201d monitoring; supports separation by environment\/team.<\/li>\n
                                                    • Practical benefit:<\/strong> You can apply stricter rules to production and lighter rules to development.<\/li>\n
                                                    • Caveats:<\/strong> Targets depend on correct compartment design and region enablement.<\/li>\n<\/ul>\n\n\n\n

                                                      6.2 Detector recipes (what to detect)<\/h3>\n\n\n\n
                                                        \n
                                                      • What it does:<\/strong> A detector recipe is a set of detector rules\u2014commonly including configuration<\/strong> and activity<\/strong> detectors.<\/li>\n
                                                      • Why it matters:<\/strong> Standardizes security monitoring to match policy and risk appetite.<\/li>\n
                                                      • Practical benefit:<\/strong> Start with Oracle-managed defaults, then clone\/tune for your needs.<\/li>\n
                                                      • Caveats:<\/strong> Over-customization can create noise; cloned recipes may not automatically inherit Oracle updates\u2014verify recipe update behavior in docs.<\/li>\n<\/ul>\n\n\n\n

                                                        6.3 Responder recipes (how to respond)<\/h3>\n\n\n\n
                                                          \n
                                                        • What it does:<\/strong> A responder recipe defines responder rules that can notify or take actions when problems occur (depending on rule support).<\/li>\n
                                                        • Why it matters:<\/strong> Detection without response is slow; responders turn findings into operational outcomes.<\/li>\n
                                                        • Practical benefit:<\/strong> Immediate notifications to the right team; optional remediation where appropriate.<\/li>\n
                                                        • Caveats:<\/strong> Automated remediation requires careful permissions and change control. Some responders may require additional IAM permissions and integration setup.<\/li>\n<\/ul>\n\n\n\n

                                                          6.4 Problems (prioritized security issues)<\/h3>\n\n\n\n
                                                            \n
                                                          • What it does:<\/strong> Cloud Guard aggregates findings into \u201cproblems\u201d with risk\/severity and impacted resources.<\/li>\n
                                                          • Why it matters:<\/strong> Helps teams focus on the most important issues first.<\/li>\n
                                                          • Practical benefit:<\/strong> A small number of actionable items rather than many low-level events.<\/li>\n
                                                          • Caveats:<\/strong> Not every problem implies an active attack; interpret within context and validate.<\/li>\n<\/ul>\n\n\n\n

                                                            6.5 Managed lists (tuning and policy alignment)<\/h3>\n\n\n\n
                                                              \n
                                                            • What it does:<\/strong> Stores lists (for example, approved IPs, CIDRs, or other values) used by some detectors for allow\/deny logic.<\/li>\n
                                                            • Why it matters:<\/strong> Reduces false positives and aligns detections with business-approved exceptions.<\/li>\n
                                                            • Practical benefit:<\/strong> \u201cApproved admin IP ranges\u201d can be centrally managed and referenced.<\/li>\n
                                                            • Caveats:<\/strong> Managed lists must be governed\u2014overly broad allowlists can hide real risk.<\/li>\n<\/ul>\n\n\n\n

                                                              6.6 Central reporting region concept<\/h3>\n\n\n\n
                                                                \n
                                                              • What it does:<\/strong> Stores Cloud Guard reporting data in a chosen region for the tenancy.<\/li>\n
                                                              • Why it matters:<\/strong> Supports centralized operations and consistent reporting.<\/li>\n
                                                              • Practical benefit:<\/strong> Security teams can work from one reporting view.<\/li>\n
                                                              • Caveats:<\/strong> Reporting region selection has operational implications; verify how changes are handled in current docs.<\/li>\n<\/ul>\n\n\n\n

                                                                6.7 Integration with OCI Events and Notifications<\/h3>\n\n\n\n
                                                                  \n
                                                                • What it does:<\/strong> Cloud Guard can emit events (for example, when a problem is created\/updated), which you can route via OCI Events to Notifications and other targets.<\/li>\n
                                                                • Why it matters:<\/strong> Enables real-time alerting and automation.<\/li>\n
                                                                • Practical benefit:<\/strong> Email\/SMS\/pager alerts, ticket creation, or automation hooks.<\/li>\n
                                                                • Caveats:<\/strong> Events\/Notifications have their own quotas and costs (usually small), and you must design alert routing to avoid spam.<\/li>\n<\/ul>\n\n\n\n

                                                                  6.8 Console workflows for triage and remediation guidance<\/h3>\n\n\n\n
                                                                    \n
                                                                  • What it does:<\/strong> Provides UI pages for targets, problems, and details including affected resources and recommendations.<\/li>\n
                                                                  • Why it matters:<\/strong> Makes Cloud Guard usable for both security teams and resource owners.<\/li>\n
                                                                  • Practical benefit:<\/strong> Faster triage and clearer ownership.<\/li>\n
                                                                  • Caveats:<\/strong> For large tenancies, process and tagging strategy matter to avoid operational overload.<\/li>\n<\/ul>\n\n\n\n

                                                                    7. Architecture and How It Works<\/h2>\n\n\n\n

                                                                    High-level architecture<\/h3>\n\n\n\n
                                                                      \n
                                                                    1. Enable Cloud Guard<\/strong> and choose a reporting region<\/strong>.<\/li>\n
                                                                    2. Enable Cloud Guard in desired regions<\/strong> (depending on OCI behavior and your deployment footprint).<\/li>\n
                                                                    3. Create one or more targets<\/strong> (commonly compartments).<\/li>\n
                                                                    4. Attach detector recipes<\/strong> and responder recipes<\/strong> to targets.<\/li>\n
                                                                    5. Cloud Guard evaluates resource configurations and activity signals and creates problems<\/strong>.<\/li>\n
                                                                    6. Problems can be:\n – viewed and managed in the Cloud Guard console\n – routed as events to OCI Events<\/strong> for automation and notifications<\/li>\n<\/ol>\n\n\n\n

                                                                      Data\/control flow<\/h3>\n\n\n\n
                                                                        \n
                                                                      • Control plane:<\/strong> You configure Cloud Guard (targets, recipes, managed lists) via Console\/API.<\/li>\n
                                                                      • Detection plane:<\/strong> Cloud Guard evaluates posture\/activity signals for resources within the target scope.<\/li>\n
                                                                      • Response plane:<\/strong> Responder rules may generate notifications and\/or actions (depending on responder capabilities and granted permissions).<\/li>\n
                                                                      • Operations plane:<\/strong> Events\/Notifications route problem lifecycle events to teams and systems.<\/li>\n<\/ul>\n\n\n\n

                                                                        Integrations with related OCI services<\/h3>\n\n\n\n
                                                                          \n
                                                                        • IAM:<\/strong> Access control to configure Cloud Guard; responder permissions; compartment-level scoping.<\/li>\n
                                                                        • Events:<\/strong> Route Cloud Guard events for automation.<\/li>\n
                                                                        • Notifications:<\/strong> Deliver alerts to email\/SMS\/HTTPS endpoints (depending on configured subscriptions).<\/li>\n
                                                                        • Audit \/ Logging:<\/strong> Helpful for investigating what changed and when (Cloud Guard is not a replacement for full audit review).<\/li>\n
                                                                        • Functions (optional):<\/strong> For custom automation (for example, create a ticket, post to chat, or enforce a policy).<\/li>\n<\/ul>\n\n\n\n

                                                                          Dependency services<\/h3>\n\n\n\n

                                                                          Cloud Guard relies on OCI\u2019s underlying resource inventory and telemetry sources. The exact dependencies vary by detector type and resource. Treat Cloud Guard as a service that observes<\/strong> OCI resources and signals; you still need:\n– well-structured compartments<\/strong>\n– consistent tagging<\/strong>\n– clear ownership<\/strong> and remediation workflows<\/p>\n\n\n\n

                                                                          Security\/authentication model<\/h3>\n\n\n\n
                                                                            \n
                                                                          • Human\/admin access to Cloud Guard is controlled by OCI IAM policies<\/strong>.<\/li>\n
                                                                          • Automated response actions (if used) require that Cloud Guard (as a service) has permissions to act. OCI often guides you through required policies when enabling\/configuring\u2014use those guided steps and validate them against official docs.<\/li>\n<\/ul>\n\n\n\n

                                                                            Networking model<\/h3>\n\n\n\n
                                                                              \n
                                                                            • Cloud Guard itself is a managed OCI control-plane service; you don\u2019t place it in a VCN.<\/li>\n
                                                                            • Your integrations (Events, Notifications, Functions) are also managed services. If you push notifications to external HTTPS endpoints, that endpoint\u2019s network controls are your responsibility.<\/li>\n<\/ul>\n\n\n\n

                                                                              Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                                                \n
                                                                              • Use OCI Audit<\/strong> to monitor who changed Cloud Guard configuration and who modified underlying resources.<\/li>\n
                                                                              • Use OCI Events<\/strong> to standardize alert routing.<\/li>\n
                                                                              • Define ownership by compartment and enforce it with tags and IAM boundaries.<\/li>\n
                                                                              • Use a runbook for problem triage: validate \u2192 classify \u2192 assign \u2192 remediate \u2192 verify closure.<\/li>\n<\/ul>\n\n\n\n

                                                                                Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                                flowchart LR\n  R[OCI Resources\\n(VCN, IAM, Storage, Compute, etc.)] --> CG[Cloud Guard\\nDetectors + Recipes]\n  CG --> P[Problems\\nRisk\/Severity + Context]\n  P --> E[OCI Events Rule]\n  E --> N[OCI Notifications Topic]\n  N --> SOC[Email\/SMS\/HTTPS to SOC\/On-call]\n<\/code><\/pre>\n\n\n\n
                                                                                Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                                flowchart TB\n  subgraph Tenancy[OCI Tenancy]\n    subgraph Regions[Multiple OCI Regions Enabled]\n      A1[Compartment: Prod]\n      A2[Compartment: Dev]\n      A3[Compartment: Shared Services]\n    end\n\n    CG[Cloud Guard\\nReporting Region + Problem Store]\n    T1[Target: Prod Compartments\\nDetector + Responder Recipes]\n    T2[Target: Dev Compartments\\nTuned Recipes]\n    ML[Managed Lists\\n(Approved CIDRs, Exceptions)]\n\n    A1 --> CG\n    A2 --> CG\n    A3 --> CG\n    ML --> T1\n    ML --> T2\n    T1 --> CG\n    T2 --> CG\n\n    CG --> EV[OCI Events]\n    EV --> NT[OCI Notifications]\n    EV --> FN[OCI Functions\\n(Optional Automation)]\n    FN --> ITSM[Ticketing\/ChatOps\\n(External)]\n    NT --> SOC[Security Operations\\nEmail\/On-call]\n  end\n<\/code><\/pre>\n\n\n\n
                                                                                8. Prerequisites<\/h2>\n\n\n\n
                                                                                Tenancy and account requirements<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • An active Oracle Cloud (OCI) tenancy<\/strong>.<\/li>\n
                                                                                • A user with permissions to:<\/li>\n
                                                                                • enable\/configure Cloud Guard (often requires tenancy-level permissions)<\/li>\n
                                                                                • create compartments (optional, for lab isolation)<\/li>\n
                                                                                • create networking resources (VCN\/security list) for generating a test finding<\/li>\n
                                                                                • create Events rules and Notifications topics\/subscriptions (for alert routing)<\/li>\n<\/ul>\n\n\n\n
                                                                                  For a first lab, using a user in the Administrators<\/strong> group (or equivalent) is the simplest approach. For production, design least-privilege policies (verify policy statements in official IAM docs).<\/p>\n\n\n\n
                                                                                  Permissions \/ IAM roles<\/h3>\n\n\n\n
                                                                                  You will typically need permissions to manage Cloud Guard and integrate with Events\/Notifications. Examples of policy patterns exist in OCI docs\u2014verify the exact policy grammar and resource-types here:\n– IAM documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm\n– Cloud Guard documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/cloud-guard\/home.htm<\/p>\n\n\n\n
                                                                                  Billing requirements<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • Cloud Guard is commonly listed as no additional charge<\/strong> (Always Free) in OCI, but you must still have:<\/li>\n
                                                                                  • a valid OCI account<\/li>\n
                                                                                  • paid resources (if you create compute, load balancers, etc.)<\/li>\n<\/ul>\n\n\n\n
                                                                                    Even if Cloud Guard is free, integrated services (Notifications, Functions, Logging, etc.) may have usage-based costs.<\/p>\n\n\n\n
                                                                                    Tools needed<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    • OCI Console access (web browser).<\/li>\n
                                                                                    • Optional: OCI CLI (helpful for scripting and verification).\n  OCI CLI docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/li>\n<\/ul>\n\n\n\n
                                                                                      Region availability<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      • Cloud Guard is available in many OCI commercial regions, but always verify service availability<\/strong> for your region:\n  https:\/\/www.oracle.com\/cloud\/data-regions\/<\/li>\n<\/ul>\n\n\n\n
                                                                                        Quotas\/limits<\/h3>\n\n\n\n
                                                                                          \n
                                                                                        • Cloud Guard, Events, and Notifications have service limits and quotas.<\/li>\n
                                                                                        • For a lab, defaults are usually sufficient.<\/li>\n
                                                                                        • For production, validate quotas early and request increases as needed.<\/li>\n<\/ul>\n\n\n\n
                                                                                          Prerequisite services (for this tutorial)<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • OCI Events<\/strong> and Notifications<\/strong> (for alerting)<\/li>\n
                                                                                          • Basic networking resources (VCN\/security list) to generate a detectable posture issue<\/li>\n<\/ul>\n\n\n\n
                                                                                            9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                                            Current pricing model (Cloud Guard)<\/h3>\n\n\n\n
                                                                                            Cloud Guard is generally positioned as no additional cost<\/strong> in OCI (often categorized as an Always Free security service). Because pricing and eligibility can change by region and contract type, confirm on the official Oracle pricing pages:<\/p>\n\n\n\n
                                                                                              \n
                                                                                            • OCI price list (Security category): https:\/\/www.oracle.com\/cloud\/price-list\/<\/li>\n
                                                                                            • OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/li>\n
                                                                                            • Cloud Guard documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/cloud-guard\/home.htm<\/li>\n<\/ul>\n\n\n\n
                                                                                              If the price list indicates \u201cFree,\u201d it typically means:\n– No direct per-event\/per-resource Cloud Guard charge\n– You still pay for any underlying services used to respond, store logs, or run automation<\/p>\n\n\n\n
                                                                                              Pricing dimensions (what you may still pay for)<\/h3>\n\n\n\n
                                                                                              Even with Cloud Guard itself being free, you may incur costs from:\n– OCI Notifications<\/strong>: message delivery and subscriptions (check pricing; usually low but not always zero).\n– OCI Events<\/strong>: typically low cost, but confirm.\n– OCI Functions<\/strong> (optional): invocations and compute duration.\n– Logging \/ Logging Analytics<\/strong> (optional): ingest, storage, and query costs.\n– Object Storage<\/strong> (optional): storing evidence snapshots or exports.\n– Data egress<\/strong>: if you push findings to external tools (SIEM, ITSM) outside OCI.<\/p>\n\n\n\n
                                                                                              Cost drivers<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              • Number of problem events<\/strong> routed to Notifications (volume can spike in large tenancies).<\/li>\n
                                                                                              • Whether you trigger automation<\/strong> (Functions) on every problem or only high severity.<\/li>\n
                                                                                              • Log retention and analytics if you ship Cloud Guard events and audit logs to a centralized log platform.<\/li>\n<\/ul>\n\n\n\n
                                                                                                Hidden or indirect costs<\/h3>\n\n\n\n
                                                                                                  \n
                                                                                                • Operational cost<\/strong>: on-call load from noisy alerting if recipes aren\u2019t tuned.<\/li>\n
                                                                                                • Automation mistakes<\/strong>: overly aggressive responders can create outages; costs appear as downtime, not as a bill line item.<\/li>\n
                                                                                                • Cross-region operations<\/strong>: enabling multiple regions increases operational scope; investigate data residency requirements.<\/li>\n<\/ul>\n\n\n\n
                                                                                                  Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Sending notifications to external HTTPS endpoints can create outbound traffic (usually small).<\/li>\n
                                                                                                  • Exporting logs or integrating with external SIEM may increase egress depending on volume.<\/li>\n<\/ul>\n\n\n\n
                                                                                                    How to optimize cost<\/h3>\n\n\n\n
                                                                                                      \n
                                                                                                    • Start with notify-only<\/strong> responders and tune before enabling auto-remediation.<\/li>\n
                                                                                                    • Route only high\/critical<\/strong> problems to paging\/on-call; send lower severities to ticket\/email.<\/li>\n
                                                                                                    • Use managed lists<\/strong> to reduce recurring known-good alerts.<\/li>\n
                                                                                                    • Implement deduplication<\/strong> in downstream tooling (tickets\/chatops).<\/li>\n<\/ul>\n\n\n\n
                                                                                                      Example low-cost starter estimate<\/h3>\n\n\n\n
                                                                                                      A typical starter setup can be near-zero incremental cost if:\n– Cloud Guard is free in your region\/tenancy type (verify)\n– You only use email-based Notifications sparingly\n– You don\u2019t run Functions or heavy logging analytics<\/p>\n\n\n\n
                                                                                                      Example production cost considerations<\/h3>\n\n\n\n
                                                                                                      In production, budget for:\n– Notifications\/event routing at scale (volume-based)\n– A centralized logging\/SIEM pipeline (often the largest cost)\n– Engineering time to tune recipes, build runbooks, and maintain automation safely<\/p>\n\n\n\n
                                                                                                      10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                                      Objective<\/h3>\n\n\n\n
                                                                                                      Enable Cloud Guard<\/strong> in Oracle Cloud, create a scoped target<\/strong>, route problem events<\/strong> to Notifications<\/strong> using OCI Events<\/strong>, generate a low-risk test misconfiguration (internet-exposed SSH in a security list), then remediate and confirm the problem lifecycle.<\/p>\n\n\n\n
                                                                                                      Lab Overview<\/h3>\n\n\n\n
                                                                                                      You will:\n1. Create a dedicated compartment for the lab.\n2. Enable Cloud Guard and confirm your reporting region.\n3. Create a Cloud Guard target for the lab compartment using default recipes.\n4. Create a Notifications topic + email subscription.\n5. Create an Events rule that triggers on Cloud Guard problem events and publishes to Notifications.\n6. Create a VCN security list rule that allows SSH from the internet.\n7. Verify Cloud Guard creates a problem, then fix the rule and observe the problem update\/closure.\n8. Clean up resources.<\/p>\n\n\n\n
                                                                                                      This lab is designed to be safe and low-cost<\/strong> (VCNs and security lists do not incur typical compute costs). Detection timing can vary; allow time for Cloud Guard to evaluate and generate problems.<\/p>\n\n\n\n
                                                                                                      \n\n\n\n
                                                                                                      Step 1: Create a dedicated compartment (recommended)<\/h3>\n\n\n\n
                                                                                                      Why:<\/strong> Keeps the lab isolated and cleanup simple.<\/p>\n\n\n\n
                                                                                                        \n
                                                                                                      1. In the OCI Console, open the navigation menu.<\/li>\n
                                                                                                      2. Go to Identity & Security \u2192 Compartments<\/strong>.<\/li>\n
                                                                                                      3. Click Create Compartment<\/strong>.<\/li>\n
                                                                                                      4. Name: cloud-guard-lab<\/code><\/li>\n
                                                                                                      5. Description: Cloud Guard hands-on lab<\/code><\/li>\n
                                                                                                      6. Parent compartment: your root compartment (or a training parent)<\/li>\n
                                                                                                      7. Click Create Compartment<\/strong>.<\/li>\n<\/ol>\n\n\n\n
                                                                                                        Expected outcome:<\/strong> A new compartment named cloud-guard-lab<\/code> exists and is active.<\/p>\n\n\n\n
                                                                                                        Verification:<\/strong>\n– Confirm it appears in the compartments list and can be selected from the compartment picker.<\/p>\n\n\n\n
                                                                                                        \n\n\n\n
                                                                                                        Step 2: Enable Cloud Guard (choose reporting region carefully)<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        1. In the OCI Console, go to Identity & Security \u2192 Cloud Guard<\/strong> (location may vary slightly by console layout).<\/li>\n
                                                                                                        2. If Cloud Guard is not enabled yet, you will see an Enable Cloud Guard<\/strong> action.<\/li>\n
                                                                                                        3. Follow the enablement wizard:\n   – Select a reporting region<\/strong> (often your home region).\n   – Review any prompts to create required policies. If the wizard offers to create policies automatically, use it and then review created policies afterward.<\/li>\n<\/ol>\n\n\n\n
                                                                                                          Expected outcome:<\/strong>\n– Cloud Guard becomes enabled.\n– A reporting region is set for Cloud Guard.<\/p>\n\n\n\n
                                                                                                          Verification:<\/strong>\n– You can open Cloud Guard pages (Targets\/Problems) without an \u201cEnable\u201d prompt.\n– Cloud Guard status shows enabled.<\/p>\n\n\n\n
                                                                                                          Notes:<\/strong>\n– The reporting region affects where Cloud Guard stores\/aggregates findings data. If you have data residency requirements, validate this with your governance team and the official docs.<\/p>\n\n\n\n
                                                                                                          \n\n\n\n
                                                                                                          Step 3: Enable Cloud Guard in the region(s) you will use<\/h3>\n\n\n\n
                                                                                                          Cloud Guard typically needs to be enabled for the regions where your targets\u2019 resources exist.<\/p>\n\n\n\n
                                                                                                            \n
                                                                                                          1. In Cloud Guard settings (or overview), locate region enablement options.<\/li>\n
                                                                                                          2. Ensure the region where you will create the VCN (your current region) is enabled for Cloud Guard.<\/li>\n<\/ol>\n\n\n\n
                                                                                                            Expected outcome:<\/strong>\n– Cloud Guard is enabled for the region you\u2019ll use for the lab.<\/p>\n\n\n\n
                                                                                                            Verification:<\/strong>\n– Cloud Guard shows the region as enabled (exact UI text may vary).<\/p>\n\n\n\n
                                                                                                            \n\n\n\n
                                                                                                            Step 4: Create a Cloud Guard target for the lab compartment<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            1. In Cloud Guard<\/strong>, go to Targets<\/strong>.<\/li>\n
                                                                                                            2. Click Create Target<\/strong>.<\/li>\n
                                                                                                            3. \n
                                                                                                              Configure:\n   – Name:<\/strong> cloud-guard-lab-target<\/code>\n   – Compartment:<\/strong> choose a compartment where the target object will live (often root or a security compartment); follow your org model.\n   – Target compartment(s):<\/strong> select cloud-guard-lab<\/code> as the compartment to monitor.\n   – Detector recipe:<\/strong> choose the default Oracle-managed recipe (or the default recommended one).\n   – Responder recipe:<\/strong> choose the default Oracle-managed responder recipe (we\u2019ll use Events+Notifications for alerting in this lab).<\/p>\n<\/li>\n
                                                                                                            4. \n
                                                                                                              Create the target.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                              Expected outcome:<\/strong>\n– A target exists and is in an active state, monitoring the lab compartment.<\/p>\n\n\n\n
                                                                                                              Verification:<\/strong>\n– The target shows in the Targets list.\n– Target details show detector and responder recipes attached.<\/p>\n\n\n\n
                                                                                                              Tip (operations):<\/strong>\n– In production, you typically create separate targets for prod<\/code>, nonprod<\/code>, and shared<\/code> with different recipe strictness.<\/p>\n\n\n\n
                                                                                                              \n\n\n\n
                                                                                                              Step 5: Create a Notifications topic and email subscription<\/h3>\n\n\n\n
                                                                                                              You\u2019ll route problem events to an email address.<\/p>\n\n\n\n
                                                                                                                \n
                                                                                                              1. Go to Developer Services \u2192 Notifications<\/strong> (service name may appear simply as Notifications<\/strong>).<\/li>\n
                                                                                                              2. Select the cloud-guard-lab<\/code> compartment (or your preferred compartment for shared topics).<\/li>\n
                                                                                                              3. Click Create Topic<\/strong>:\n   – Name: cloud-guard-problems-topic<\/code><\/li>\n
                                                                                                              4. \n
                                                                                                                Open the topic and click Create Subscription<\/strong>:\n   – Protocol: Email<\/code>\n   – Email: your email address (must be reachable)<\/p>\n<\/li>\n
                                                                                                              5. \n
                                                                                                                Confirm the subscription by clicking the confirmation link sent to your email.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                Expected outcome:<\/strong>\n– A topic exists and the email subscription is confirmed.<\/p>\n\n\n\n
                                                                                                                Verification:<\/strong>\n– Subscription status becomes Confirmed<\/strong>.<\/p>\n\n\n\n
                                                                                                                Cost note:<\/strong>\n– Email notifications are generally low cost, but confirm pricing for Notifications in your region.<\/p>\n\n\n\n
                                                                                                                \n\n\n\n
                                                                                                                Step 6: Create an Events rule to publish Cloud Guard problem events to Notifications<\/h3>\n\n\n\n
                                                                                                                Cloud Guard emits events that OCI Events can match and route.<\/p>\n\n\n\n
                                                                                                                  \n
                                                                                                                1. Go to Observability & Management \u2192 Events Service \u2192 Rules<\/strong> (often shown as Events<\/strong>).<\/li>\n
                                                                                                                2. Ensure you are in the compartment where you want to create the rule (commonly the same as your Notifications topic).<\/li>\n
                                                                                                                3. Click Create Rule<\/strong>.<\/li>\n
                                                                                                                4. Configure:\n   – Display name:<\/strong> cloud-guard-problem-events-to-email<\/code>\n   – Description:<\/strong> Send Cloud Guard problem events to Notifications topic<\/code>\n   – Condition:<\/strong> 
                                                                                                                    \n
                                                                                                                  • Choose Event Type<\/strong> related to Cloud Guard<\/strong> and Problems<\/strong> (for example, \u201cProblem created\/updated\u201d). The exact event type names can vary\u2014select the ones matching \u201cproblem created\u201d at minimum.<\/li>\n
                                                                                                                  • If the UI supports additional filtering (such as severity), add it later after initial validation.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                      \n
                                                                                                                    • Actions:<\/strong> 
                                                                                                                        \n
                                                                                                                      • Action type: Notifications<\/strong><\/li>\n
                                                                                                                      • Topic: cloud-guard-problems-topic<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
                                                                                                                          \n
                                                                                                                        1. Create the rule.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                          Expected outcome:<\/strong>\n– An Events rule exists and is active, routing Cloud Guard problem events to your Notifications topic.<\/p>\n\n\n\n
                                                                                                                          Verification:<\/strong>\n– The rule appears in the list and shows as enabled.<\/p>\n\n\n\n
                                                                                                                          Important:<\/strong>\nEvent type names and schemas can change; verify Cloud Guard\u2019s supported event types in official docs:\n– Events documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Events\/home.htm\n– Cloud Guard documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/cloud-guard\/home.htm<\/p>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          Step 7: Generate a test posture issue (open SSH to the internet)<\/h3>\n\n\n\n
                                                                                                                          You will create a minimal network resource that is commonly detected as risky: inbound SSH from anywhere.<\/p>\n\n\n\n
                                                                                                                            \n
                                                                                                                          1. Go to Networking \u2192 Virtual Cloud Networks<\/strong>.<\/li>\n
                                                                                                                          2. Select compartment: cloud-guard-lab<\/code>.<\/li>\n
                                                                                                                          3. Click Create VCN<\/strong> and choose VCN with Internet Connectivity<\/strong> (wizard).<\/li>\n
                                                                                                                          4. Use defaults (or name it cloud-guard-lab-vcn<\/code>) and create.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                            Now modify a security list to allow SSH from the internet:<\/p>\n\n\n\n
                                                                                                                              \n
                                                                                                                            1. In the created VCN, go to Security Lists<\/strong>.<\/li>\n
                                                                                                                            2. Open the security list associated with the public subnet (or default security list, depending on wizard output).<\/li>\n
                                                                                                                            3. \n
                                                                                                                              Add an Ingress Rule<\/strong>:\n   – Source CIDR: 0.0.0.0\/0<\/code>\n   – IP protocol: TCP\n   – Destination port range: 22<\/code>\n   – Description: LAB: open SSH from anywhere<\/code><\/p>\n<\/li>\n
                                                                                                                            4. \n
                                                                                                                              Save the rule.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                              Expected outcome:<\/strong>\n– A security list rule exists allowing inbound SSH from anywhere.<\/p>\n\n\n\n
                                                                                                                              Verification:<\/strong>\n– The ingress rule appears in the security list rules list.<\/p>\n\n\n\n
                                                                                                                              Safety note:<\/strong>\nDo not attach this security list to any production subnet or instance. In this lab compartment, we are intentionally creating a misconfiguration to validate Cloud Guard detection.<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Step 8: Wait for Cloud Guard to detect and create a problem<\/h3>\n\n\n\n
                                                                                                                              Cloud Guard detections are not always instantaneous.<\/p>\n\n\n\n
                                                                                                                                \n
                                                                                                                              1. Return to Cloud Guard \u2192 Problems<\/strong>.<\/li>\n
                                                                                                                              2. Filter by compartment (if supported) to cloud-guard-lab<\/code>, or search for networking-related problems.<\/li>\n
                                                                                                                              3. Wait and refresh periodically.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                Expected outcome:<\/strong>\n– A new problem appears related to risky network exposure (wording depends on detector rules).\n– Severity\/risk is assigned (for example, medium\/high).<\/p>\n\n\n\n
                                                                                                                                Verification steps:<\/strong>\n– Open the problem details:\n  – Identify the affected resource (security list \/ subnet \/ VCN component).\n  – Read recommendation text and any links provided.\n– Confirm that your Events rule triggers a Notification:\n  – Check your email for a message from OCI Notifications containing event details.<\/p>\n\n\n\n
                                                                                                                                If no problem appears after a reasonable wait:<\/strong>\n– Confirm the target includes the correct compartment.\n– Confirm Cloud Guard is enabled in the region where the VCN exists.\n– Confirm the security list rule was actually saved.\n– Some detectors may require additional telemetry; verify detector coverage in official docs.<\/p>\n\n\n\n
                                                                                                                                \n\n\n\n
                                                                                                                                Step 9: Remediate the issue and confirm the problem lifecycle updates<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                1. Go back to Networking \u2192 VCN \u2192 Security Lists<\/strong>.<\/li>\n
                                                                                                                                2. Edit the ingress rule you created and change:\n   – Source CIDR from 0.0.0.0\/0<\/code> to a restricted IP (for example, your corporate NAT IP) or<\/strong> remove the rule entirely.<\/li>\n
                                                                                                                                3. Save changes.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                  Now verify Cloud Guard updates the issue:\n4. In Cloud Guard \u2192 Problems<\/strong>, find the problem again and observe status changes over time.<\/p>\n\n\n\n
                                                                                                                                  Expected outcome:<\/strong>\n– The problem eventually updates (for example, resolved\/closed) or decreases risk after remediation.<\/p>\n\n\n\n
                                                                                                                                  Verification:<\/strong>\n– Problem detail page shows updated timestamps\/state.\n– You may receive an additional event\/notification depending on your Events rule configuration (created vs updated).<\/p>\n\n\n\n
                                                                                                                                  \n\n\n\n
                                                                                                                                  Validation<\/h3>\n\n\n\n
                                                                                                                                  Use this checklist:<\/p>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • [ ] Cloud Guard is enabled and has a reporting region set.<\/li>\n
                                                                                                                                  • [ ] Cloud Guard is enabled in the region where the lab VCN exists.<\/li>\n
                                                                                                                                  • [ ] A target monitors the cloud-guard-lab<\/code> compartment.<\/li>\n
                                                                                                                                  • [ ] Notifications topic + confirmed email subscription exist.<\/li>\n
                                                                                                                                  • [ ] Events rule routes Cloud Guard problem events to the topic.<\/li>\n
                                                                                                                                  • [ ] A deliberate risky security list rule triggers a Cloud Guard problem.<\/li>\n
                                                                                                                                  • [ ] Fixing the rule results in problem update\/closure after some time.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    \n\n\n\n
                                                                                                                                    Troubleshooting<\/h3>\n\n\n\n
                                                                                                                                    Issue: \u201cI can\u2019t enable Cloud Guard\u201d \/ missing permissions<\/h4>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Use a tenancy admin for the lab or add IAM policies to allow Cloud Guard administration.<\/li>\n
                                                                                                                                    • Review the enablement wizard prompts; OCI often provides guided policy creation.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      Issue: No events are reaching Notifications<\/h4>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Confirm Events rule condition uses the correct Cloud Guard problem<\/strong> event type.<\/li>\n
                                                                                                                                      • Confirm the rule is enabled and in the correct compartment.<\/li>\n
                                                                                                                                      • Confirm subscription is Confirmed<\/strong>.<\/li>\n
                                                                                                                                      • Verify Notifications service limits\/quotas and check for delivery failures.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        Issue: No problem is detected<\/h4>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Confirm the target scope includes the compartment where the VCN exists.<\/li>\n
                                                                                                                                        • Confirm the region is enabled for Cloud Guard monitoring.<\/li>\n
                                                                                                                                        • Allow more time; detection can be periodic.<\/li>\n
                                                                                                                                        • Confirm the security list rule truly allows 0.0.0.0\/0<\/code> to TCP 22.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          Issue: Too many alerts<\/h4>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • Route only high\/critical severities to email\/paging.<\/li>\n
                                                                                                                                          • Use managed lists for approved exceptions.<\/li>\n
                                                                                                                                          • Tune recipes (clone and adjust) rather than disabling Cloud Guard.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            \n\n\n\n
                                                                                                                                            Cleanup<\/h3>\n\n\n\n
                                                                                                                                            To avoid ongoing noise and to keep tenancy tidy:<\/p>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            1. Remove the insecure security list rule<\/strong> (if not already removed).<\/li>\n
                                                                                                                                            2. Delete the VCN<\/strong> created for the lab (this deletes related subnets\/gateways if created by wizard).<\/li>\n
                                                                                                                                            3. Disable or delete the Events rule<\/strong> cloud-guard-problem-events-to-email<\/code>.<\/li>\n
                                                                                                                                            4. Delete the Notifications subscription<\/strong> and topic<\/strong> (optional).<\/li>\n
                                                                                                                                            5. Delete the Cloud Guard target<\/strong> created for the lab (optional, if you only needed it for testing).<\/li>\n
                                                                                                                                            6. Delete the compartment<\/strong> cloud-guard-lab<\/code> (must be empty first).<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                              If Cloud Guard is enabled for your tenancy, you typically keep it enabled for ongoing security monitoring.<\/p>\n\n\n\n
                                                                                                                                              11. Best Practices<\/h2>\n\n\n\n
                                                                                                                                              Architecture best practices<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • Design compartments intentionally:<\/strong> Separate prod\/nonprod\/shared. Cloud Guard targets map cleanly onto well-structured compartments.<\/li>\n
                                                                                                                                              • Use multiple targets:<\/strong> Apply stricter recipes to production; tune dev\/test to reduce noise.<\/li>\n
                                                                                                                                              • Centralize reporting and alert routing:<\/strong> One reporting region and consistent event routing improves SOC efficiency.<\/li>\n
                                                                                                                                              • Integrate with incident management:<\/strong> Route Cloud Guard problems to tickets\/chatops\/paging with clear ownership.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                                                                  \n
                                                                                                                                                • Least privilege for Cloud Guard admins:<\/strong> Only a small group should manage recipes\/targets.<\/li>\n
                                                                                                                                                • Separate duties:<\/strong> Security config vs remediation. App teams remediate in their compartments; security oversees governance.<\/li>\n
                                                                                                                                                • Review responder permissions carefully:<\/strong> Automated responders require permissions that can change resources\u2014treat like production automation with change control.<\/li>\n
                                                                                                                                                • Audit everything:<\/strong> Use OCI Audit to track changes to policies, targets, and recipes.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  Cost best practices<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  • Minimize alert volume<\/strong> by tuning:<\/li>\n
                                                                                                                                                  • route only high\/critical to immediate notifications<\/li>\n
                                                                                                                                                  • send medium\/low to dashboards or daily summaries (via downstream tooling)<\/li>\n
                                                                                                                                                  • Avoid heavy automation triggers<\/strong> on every event; filter first.<\/li>\n
                                                                                                                                                  • Keep logging costs predictable<\/strong>: decide what to retain, where, and for how long.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                    Performance best practices (operational performance)<\/h3>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • Cloud Guard is managed, but your response workflow<\/strong> must scale:<\/li>\n
                                                                                                                                                    • use clear triage categories<\/li>\n
                                                                                                                                                    • use tagging to route ownership<\/li>\n
                                                                                                                                                    • standardize runbooks per problem type<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                      Reliability best practices<\/h3>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • Avoid \u201csingle inbox\u201d alerting. Use:<\/li>\n
                                                                                                                                                      • Notifications topics per environment\/team<\/li>\n
                                                                                                                                                      • multiple subscriptions (SOC, on-call, ticketing webhook)<\/li>\n
                                                                                                                                                      • Test event routing periodically (quarterly is common).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                        Operations best practices<\/h3>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        • Establish a problem triage SOP<\/strong>:\n  1) validate issue\n  2) identify owner (compartment\/tag)\n  3) remediate\n  4) verify closure\n  5) add exception (managed list) only if justified and time-bound<\/li>\n
                                                                                                                                                        • Track metrics:<\/li>\n
                                                                                                                                                        • time-to-detect (TTD)<\/li>\n
                                                                                                                                                        • time-to-remediate (TTR)<\/li>\n
                                                                                                                                                        • recurring problem types<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                          Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                                                            \n
                                                                                                                                                          • Use tags like:<\/li>\n
                                                                                                                                                          • Environment=Prod|NonProd<\/code><\/li>\n
                                                                                                                                                          • OwnerTeam=...<\/code><\/li>\n
                                                                                                                                                          • CostCenter=...<\/code><\/li>\n
                                                                                                                                                          • Name targets and recipes consistently:<\/li>\n
                                                                                                                                                          • cg-target-prod<\/code>, cg-detector-prod-strict<\/code>, cg-responder-prod-notify<\/code><\/li>\n
                                                                                                                                                          • Document exception processes for managed lists.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                            12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                                                            Identity and access model<\/h3>\n\n\n\n
                                                                                                                                                              \n
                                                                                                                                                            • Cloud Guard administration is controlled by OCI IAM policies<\/strong>.<\/li>\n
                                                                                                                                                            • Apply role-based access:<\/li>\n
                                                                                                                                                            • Cloud Guard Admins:<\/strong> manage targets\/recipes\/managed lists<\/li>\n
                                                                                                                                                            • Security Analysts:<\/strong> read problems and investigate<\/li>\n
                                                                                                                                                            • App Owners:<\/strong> read problems affecting their compartments and remediate resources<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                              Encryption<\/h3>\n\n\n\n
                                                                                                                                                                \n
                                                                                                                                                              • Cloud Guard is a managed OCI service; data at rest\/in transit is handled by OCI\u2019s platform security controls.<\/li>\n
                                                                                                                                                              • For compliance requirements (key management, retention), verify Cloud Guard\u2019s data handling specifics in official docs.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                Network exposure<\/h3>\n\n\n\n
                                                                                                                                                                  \n
                                                                                                                                                                • Cloud Guard does not sit in your VCN; it\u2019s a control-plane service.<\/li>\n
                                                                                                                                                                • Your outbound integrations (webhooks\/HTTPS) must be secured:<\/li>\n
                                                                                                                                                                • TLS<\/li>\n
                                                                                                                                                                • authentication (tokens)<\/li>\n
                                                                                                                                                                • IP allowlisting where possible<\/li>\n
                                                                                                                                                                • minimal payload exposure<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                  Secrets handling<\/h3>\n\n\n\n
                                                                                                                                                                    \n
                                                                                                                                                                  • If you use Functions or external webhooks:<\/li>\n
                                                                                                                                                                  • store secrets in OCI Vault<\/strong> (recommended) rather than embedding in code<\/li>\n
                                                                                                                                                                  • rotate tokens regularly<\/li>\n
                                                                                                                                                                  • restrict who can read secrets<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                    Audit\/logging<\/h3>\n\n\n\n
                                                                                                                                                                      \n
                                                                                                                                                                    • Enable and review OCI Audit<\/strong> for:<\/li>\n
                                                                                                                                                                    • IAM policy changes<\/li>\n
                                                                                                                                                                    • target\/recipe changes<\/li>\n
                                                                                                                                                                    • responder configuration changes<\/li>\n
                                                                                                                                                                    • Use Events<\/strong> as a controlled, auditable routing layer for Cloud Guard findings.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                      Compliance considerations<\/h3>\n\n\n\n
                                                                                                                                                                        \n
                                                                                                                                                                      • Map Cloud Guard detectors to your control framework:<\/li>\n
                                                                                                                                                                      • network exposure controls<\/li>\n
                                                                                                                                                                      • identity governance controls<\/li>\n
                                                                                                                                                                      • data exposure controls<\/li>\n
                                                                                                                                                                      • Keep evidence:<\/li>\n
                                                                                                                                                                      • screenshots\/exports of problems<\/li>\n
                                                                                                                                                                      • change records of remediation<\/li>\n
                                                                                                                                                                      • exception approvals (managed lists)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                        Common security mistakes<\/h3>\n\n\n\n
                                                                                                                                                                          \n
                                                                                                                                                                        • Turning on automatic responders without testing.<\/li>\n
                                                                                                                                                                        • Using a single, overly broad target with noisy detectors for dev\/test.<\/li>\n
                                                                                                                                                                        • Creating permanent allowlist exceptions that never expire.<\/li>\n
                                                                                                                                                                        • Sending high-volume events to external endpoints without throttling\/deduplication.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                          Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                                                                            \n
                                                                                                                                                                          • Start in notify-only<\/strong> mode.<\/li>\n
                                                                                                                                                                          • Use a dedicated security tooling compartment<\/strong> for:<\/li>\n
                                                                                                                                                                          • Notifications topics<\/li>\n
                                                                                                                                                                          • Events rules<\/li>\n
                                                                                                                                                                          • Functions (if any)<\/li>\n
                                                                                                                                                                          • Require change control for:<\/li>\n
                                                                                                                                                                          • recipe changes<\/li>\n
                                                                                                                                                                          • responder enablement<\/li>\n
                                                                                                                                                                          • managed list changes<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                            13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                                                                            Cloud Guard is highly useful, but plan for these realities:<\/p>\n\n\n\n
                                                                                                                                                                              \n
                                                                                                                                                                            • Detection is not always real-time.<\/strong> Some detectors evaluate periodically; allow time for problems to appear or resolve.<\/li>\n
                                                                                                                                                                            • Coverage varies by service\/region.<\/strong> Not all OCI services or all findings are supported everywhere\u2014verify detector coverage in docs.<\/li>\n
                                                                                                                                                                            • Reporting region design matters.<\/strong> Changing reporting region later may be non-trivial\u2014verify current behavior before choosing.<\/li>\n
                                                                                                                                                                            • False positives\/expected exceptions exist.<\/strong> Use managed lists and tuned recipes rather than ignoring problems.<\/li>\n
                                                                                                                                                                            • Auto-remediation can be risky.<\/strong> Responders that change resources must be treated like production automation.<\/li>\n
                                                                                                                                                                            • Event routing can create alert storms.<\/strong> If you route every problem update to email, you will overwhelm on-call. Filter carefully.<\/li>\n
                                                                                                                                                                            • IAM complexity.<\/strong> Least-privilege policies for Cloud Guard + responders + integrations can be non-trivial. Use Oracle\u2019s guided policy creation and validate against IAM docs.<\/li>\n
                                                                                                                                                                            • Not a SIEM.<\/strong> Cloud Guard is not designed to be your long-term forensic log store or cross-platform correlation engine.<\/li>\n
                                                                                                                                                                            • Compartment sprawl reduces clarity.<\/strong> Without ownership tags and naming standards, problems become hard to route.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                              14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                                                              Cloud Guard sits in the \u201ccloud security posture management + threat detection signals for OCI\u201d space. Alternatives vary by depth, scope, and cloud provider.<\/p>\n\n\n\n
                                                                                                                                                                              Comparison table<\/h3>\n\n\n\n
                                                                                                                                                                              \n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                              Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                              Oracle Cloud Guard<\/strong><\/td>\nOCI-native posture monitoring and problems workflow<\/td>\nOCI-integrated targets\/recipes, centralized problems, native Events\/Notifications integration; often no additional cost (verify)<\/td>\nOCI-focused; not a full SIEM; detector coverage depends on service\/region<\/td>\nYou run workloads on Oracle Cloud and want native continuous monitoring<\/td>\n<\/tr>\n
                                                                                                                                                                              OCI Security Zones<\/strong><\/td>\nPreventing misconfiguration by enforcing policies<\/td>\nPreventive guardrails; blocks risky operations (where applicable)<\/td>\nCan be restrictive; not a full detective control; requires planning<\/td>\nYou want \u201cpolicy enforcement\u201d to prevent bad configs, not just detect them<\/td>\n<\/tr>\n
                                                                                                                                                                              OCI Vulnerability Scanning<\/strong> (OCI Vulnerability Scanning Service)<\/td>\nVulnerability scanning for compute\/images (verify current scope)<\/td>\nFocused vulnerability insight<\/td>\nNot a posture management replacement; different signal type<\/td>\nPair with Cloud Guard for vulnerability + posture coverage<\/td>\n<\/tr>\n
                                                                                                                                                                              OCI Logging\/Logging Analytics<\/strong><\/td>\nLog-centric investigations and analytics<\/td>\nRich search\/retention\/analytics (depending on product)<\/td>\nRequires pipeline design; costs can be significant<\/td>\nYou need deeper investigations, long retention, complex correlation<\/td>\n<\/tr>\n
                                                                                                                                                                              AWS Security Hub \/ GuardDuty \/ Config<\/strong><\/td>\nAWS-native posture and threat detection<\/td>\nMature ecosystem and integrations<\/td>\nAWS-only<\/td>\nUse if your workloads are primarily on AWS<\/td>\n<\/tr>\n
                                                                                                                                                                              Microsoft Defender for Cloud<\/strong><\/td>\nAzure posture + threat protection<\/td>\nDeep Azure integration<\/td>\nAzure-only<\/td>\nUse if workloads are primarily on Azure<\/td>\n<\/tr>\n
                                                                                                                                                                              Google Security Command Center<\/strong><\/td>\nGCP posture and security management<\/td>\nGCP integration<\/td>\nGCP-only<\/td>\nUse if workloads are primarily on GCP<\/td>\n<\/tr>\n
                                                                                                                                                                              Open-source tools (Prowler, ScoutSuite, OPA policies)<\/strong><\/td>\nDIY posture checks and policy-as-code<\/td>\nFlexible, transparent, works in CI<\/td>\nRequires building\/operating pipeline; not integrated like native services<\/td>\nUse when you need custom controls in CI or multi-cloud checks (with effort)<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                              15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                                                              Enterprise example: regulated financial services tenancy<\/h3>\n\n\n\n
                                                                                                                                                                                \n
                                                                                                                                                                              • Problem:<\/strong> A bank runs dozens of OCI compartments across business units, multiple regions, and strict controls for network exposure and identity changes. Auditors require evidence of continuous monitoring and incident response.<\/li>\n
                                                                                                                                                                              • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                                              • Cloud Guard enabled with a chosen reporting region.<\/li>\n
                                                                                                                                                                              • Targets:
                                                                                                                                                                                  \n
                                                                                                                                                                                • prod<\/code> target with strict detector recipe + responder recipe that routes critical\/high problems to SOC paging.<\/li>\n
                                                                                                                                                                                • nonprod<\/code> target with tuned detector recipe to reduce noise.<\/li>\n<\/ul>\n<\/li>\n
                                                                                                                                                                                • Managed lists for approved corporate egress IPs and approved admin access CIDRs.<\/li>\n
                                                                                                                                                                                • OCI Events routes Cloud Guard problem events to:
                                                                                                                                                                                    \n
                                                                                                                                                                                  • Notifications (SOC distribution, on-call rotation)<\/li>\n
                                                                                                                                                                                  • Functions (creates ITSM tickets and enriches with compartment owner tags)<\/li>\n<\/ul>\n<\/li>\n
                                                                                                                                                                                  • OCI Audit retained and integrated with centralized logging for investigations.<\/li>\n
                                                                                                                                                                                  • Why Cloud Guard was chosen:<\/strong><\/li>\n
                                                                                                                                                                                  • Native OCI integration and compartment-based governance.<\/li>\n
                                                                                                                                                                                  • Standardized recipes for consistent monitoring.<\/li>\n
                                                                                                                                                                                  • Event-driven integration into the SOC workflow.<\/li>\n
                                                                                                                                                                                  • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                                                  • Reduced exposure time for risky changes.<\/li>\n
                                                                                                                                                                                  • Clear accountability per compartment.<\/li>\n
                                                                                                                                                                                  • Auditable trail of detection \u2192 triage \u2192 remediation.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                    Startup\/small-team example: SaaS team on OCI<\/h3>\n\n\n\n
                                                                                                                                                                                      \n
                                                                                                                                                                                    • Problem:<\/strong> A startup has a small DevOps team managing dev\/stage\/prod compartments. Security reviews happen ad hoc; mistakes like open ports happen during incident debugging.<\/li>\n
                                                                                                                                                                                    • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                                                    • Cloud Guard enabled and a single reporting region.<\/li>\n
                                                                                                                                                                                    • Targets:
                                                                                                                                                                                        \n
                                                                                                                                                                                      • One target for prod with default detectors and notify-only responders.<\/li>\n
                                                                                                                                                                                      • One target for dev\/stage with fewer notifications (only critical\/high).<\/li>\n<\/ul>\n<\/li>\n
                                                                                                                                                                                      • OCI Events + Notifications sends high-severity problems to a shared on-call email and a chatops webhook (if used).<\/li>\n
                                                                                                                                                                                      • Why Cloud Guard was chosen:<\/strong><\/li>\n
                                                                                                                                                                                      • Low operational overhead and fast setup.<\/li>\n
                                                                                                                                                                                      • Helps the team catch common cloud misconfigurations without building tooling.<\/li>\n
                                                                                                                                                                                      • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                                                      • Fewer \u201cforgotten temporary changes.\u201d<\/li>\n
                                                                                                                                                                                      • Faster feedback loop when risky config is introduced.<\/li>\n
                                                                                                                                                                                      • Improved baseline security posture with minimal budget.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                        16. FAQ<\/h2>\n\n\n\n
                                                                                                                                                                                        1) Is \u201cCloud Guard\u201d the current service name in Oracle Cloud?<\/h3>\n\n\n\n
                                                                                                                                                                                        Yes\u2014Cloud Guard<\/strong> is the OCI service name used in the Oracle Cloud Console and documentation. Always confirm current naming in the official docs: https:\/\/docs.oracle.com\/en-us\/iaas\/cloud-guard\/home.htm<\/p>\n\n\n\n
                                                                                                                                                                                        2) Is Cloud Guard free?<\/h3>\n\n\n\n
                                                                                                                                                                                        Cloud Guard is commonly listed as no additional charge<\/strong> on OCI pricing (verify for your region\/contract). You may still pay for integrated services (Notifications, Functions, Logging, data egress). See: https:\/\/www.oracle.com\/cloud\/price-list\/<\/p>\n\n\n\n
                                                                                                                                                                                        3) What is the \u201creporting region\u201d?<\/h3>\n\n\n\n
                                                                                                                                                                                        It is the region where Cloud Guard stores\/aggregates its reporting data for the tenancy. Choose it intentionally for operations and data residency. Verify exact behavior and change constraints in docs.<\/p>\n\n\n\n
                                                                                                                                                                                        4) Do I need to enable Cloud Guard in every region?<\/h3>\n\n\n\n
                                                                                                                                                                                        Often, yes\u2014Cloud Guard coverage depends on region enablement for the regions where resources run. Confirm region behavior in current documentation for your tenancy.<\/p>\n\n\n\n
                                                                                                                                                                                        5) What is a target in Cloud Guard?<\/h3>\n\n\n\n
                                                                                                                                                                                        A target<\/strong> defines the scope Cloud Guard monitors (commonly one or more compartments) and the detector\/responder recipes applied to that scope.<\/p>\n\n\n\n
                                                                                                                                                                                        6) What\u2019s the difference between detector recipes and responder recipes?<\/h3>\n\n\n\n
                                                                                                                                                                                          \n
                                                                                                                                                                                        • Detector recipes<\/strong> define what Cloud Guard detects<\/em>.<\/li>\n
                                                                                                                                                                                        • Responder recipes<\/strong> define how Cloud Guard responds<\/em> (notify or take actions, depending on rule support).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                          7) Can Cloud Guard automatically fix issues?<\/h3>\n\n\n\n
                                                                                                                                                                                          It can support automated response via responders for certain scenarios, but capabilities vary. Start with notify-only, then carefully test responders and permissions before enabling auto-remediation. Verify current responder actions in docs.<\/p>\n\n\n\n
                                                                                                                                                                                          8) How quickly will Cloud Guard detect a risky change?<\/h3>\n\n\n\n
                                                                                                                                                                                          Detection timing varies by detector type and service signals. Some issues may appear within minutes; others may take longer. Plan for non-instant detection and verify expectations with official documentation.<\/p>\n\n\n\n
                                                                                                                                                                                          9) Does Cloud Guard replace OCI Audit?<\/h3>\n\n\n\n
                                                                                                                                                                                          No. OCI Audit<\/strong> records API calls and changes. Cloud Guard uses signals to create higher-level security problems and guidance. Use both: Audit for forensics; Cloud Guard for detection and triage.<\/p>\n\n\n\n
                                                                                                                                                                                          10) Does Cloud Guard replace a SIEM?<\/h3>\n\n\n\n
                                                                                                                                                                                          No. Cloud Guard provides security findings for OCI and a problems workflow. A SIEM provides broad log ingestion, long retention, advanced correlation, and forensic search across many sources.<\/p>\n\n\n\n
                                                                                                                                                                                          11) Can I integrate Cloud Guard with email, Slack, or ticketing?<\/h3>\n\n\n\n
                                                                                                                                                                                          Yes, commonly through OCI Events<\/strong> and Notifications<\/strong>, optionally with Functions<\/strong> or an HTTPS subscription endpoint. Exact integration patterns depend on your tooling.<\/p>\n\n\n\n
                                                                                                                                                                                          12) How do I reduce false positives?<\/h3>\n\n\n\n
                                                                                                                                                                                            \n
                                                                                                                                                                                          • Use managed lists<\/strong> for approved exceptions.<\/li>\n
                                                                                                                                                                                          • Clone and tune detector recipes<\/strong>.<\/li>\n
                                                                                                                                                                                          • Adjust alert routing: page only for high\/critical; ticket for medium; dashboard for low.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                            13) Can different teams manage their own Cloud Guard settings?<\/h3>\n\n\n\n
                                                                                                                                                                                            Usually, Cloud Guard configuration is centralized for governance, while teams remediate issues in their compartments. You can delegate read-only access and remediation responsibilities while keeping recipe\/target control with security admins.<\/p>\n\n\n\n
                                                                                                                                                                                            14) What should I do before enabling responders that change resources?<\/h3>\n\n\n\n
                                                                                                                                                                                              \n
                                                                                                                                                                                            • Test in non-production targets first.<\/li>\n
                                                                                                                                                                                            • Review required IAM permissions and blast radius.<\/li>\n
                                                                                                                                                                                            • Create a rollback plan and change-management process.<\/li>\n
                                                                                                                                                                                            • Start with human-in-the-loop (notify-only) mode.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                              15) What\u2019s a good first deployment approach?<\/h3>\n\n\n\n
                                                                                                                                                                                                \n
                                                                                                                                                                                              • Enable Cloud Guard.<\/li>\n
                                                                                                                                                                                              • Create targets for prod and nonprod.<\/li>\n
                                                                                                                                                                                              • Start with default recipes.<\/li>\n
                                                                                                                                                                                              • Integrate problem events to Notifications via Events.<\/li>\n
                                                                                                                                                                                              • Tune over 2\u20134 weeks based on signal quality.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                17. Top Online Resources to Learn Cloud Guard<\/h2>\n\n\n\n
                                                                                                                                                                                                \n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                                                Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                                Official documentation<\/td>\nOCI Cloud Guard Docs<\/td>\nAuthoritative feature descriptions, concepts (targets\/recipes\/problems), configuration guidance. https:\/\/docs.oracle.com\/en-us\/iaas\/cloud-guard\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                Official pricing<\/td>\nOCI Price List<\/td>\nVerify Cloud Guard pricing status and related service costs. https:\/\/www.oracle.com\/cloud\/price-list\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                Pricing calculator<\/td>\nOCI Cost Estimator<\/td>\nModel costs for integrated services (Notifications, Functions, Logging). https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<\/tr>\n
                                                                                                                                                                                                Official docs (IAM)<\/td>\nOCI Identity and Access Management Docs<\/td>\nRequired to implement least privilege and safe responders. https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                Official docs (Events)<\/td>\nOCI Events Service Docs<\/td>\nBuild event-driven alerting\/automation from Cloud Guard problems. https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Events\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                Official docs (Notifications)<\/td>\nOCI Notifications Docs<\/td>\nConfigure topics\/subscriptions for Cloud Guard alerts. https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Notification\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                Official docs (Audit)<\/td>\nOCI Audit Docs<\/td>\nInvestigate changes related to Cloud Guard findings. https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Audit\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                Official architecture<\/td>\nOCI Architecture Center<\/td>\nReference architectures for governance\/security patterns (search for Cloud Guard and security posture). https:\/\/docs.oracle.com\/en\/solutions\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                Hands-on labs<\/td>\nOracle LiveLabs<\/td>\nFree guided labs; search catalog for \u201cCloud Guard\u201d and OCI security labs. https:\/\/apexapps.oracle.com\/pls\/apex\/r\/dbpm\/livelabs\/home<\/td>\n<\/tr>\n
                                                                                                                                                                                                CLI tooling<\/td>\nOCI CLI Documentation<\/td>\nAutomate Cloud Guard-related workflows (verify current CLI commands). https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                                18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                                                                                The following providers may offer training related to Oracle Cloud, DevOps, SRE, and cloud security practices. Verify current course titles and Oracle Cloud\/Cloud Guard coverage on their websites.<\/p>\n\n\n\n
                                                                                                                                                                                                \n\n\n\n\n\n\n\n\n
                                                                                                                                                                                                Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                                DevOpsSchool.com<\/td>\nDevOps engineers, SREs, platform teams, beginners to advanced<\/td>\nDevOps tooling, cloud operations, security fundamentals (verify OCI-specific coverage)<\/td>\nCheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                ScmGalaxy.com<\/td>\nBeginners, engineers transitioning to DevOps<\/td>\nSCM, DevOps foundations, CI\/CD, operations practices<\/td>\nCheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                CLoudOpsNow.in<\/td>\nCloud engineers, operations teams<\/td>\nCloud operations, monitoring, reliability practices<\/td>\nCheck website<\/td>\nhttps:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                SreSchool.com<\/td>\nSREs, operations engineers, architects<\/td>\nReliability engineering, incident response, monitoring<\/td>\nCheck website<\/td>\nhttps:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                AiOpsSchool.com<\/td>\nSREs, ops teams, automation engineers<\/td>\nAIOps concepts, automation, observability<\/td>\nCheck website<\/td>\nhttps:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                                19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                                                                                These sites are presented as trainer\/platform resources. Verify current Oracle Cloud and Cloud Guard offerings directly.<\/p>\n\n\n\n
                                                                                                                                                                                                \n\n\n\n\n\n\n\n
                                                                                                                                                                                                Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                                RajeshKumar.xyz<\/td>\nDevOps\/cloud training content (verify OCI focus)<\/td>\nBeginners to intermediate engineers<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                devopstrainer.in<\/td>\nDevOps and cloud training (verify OCI modules)<\/td>\nDevOps engineers, platform teams<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                devopsfreelancer.com<\/td>\nFreelance DevOps guidance and services (verify training availability)<\/td>\nSmall teams, startups<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                devopssupport.in<\/td>\nDevOps support and training resources (verify OCI content)<\/td>\nOps\/DevOps practitioners<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                                20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                                                                                These organizations may provide consulting related to DevOps, cloud operations, and security programs. Verify Oracle Cloud and Cloud Guard-specific consulting offerings on their sites.<\/p>\n\n\n\n
                                                                                                                                                                                                \n\n\n\n\n\n\n
                                                                                                                                                                                                Company<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                                cotocus.com<\/td>\nCloud\/DevOps consulting (verify OCI specialization)<\/td>\nCloud adoption, operations, automation<\/td>\nCloud governance setup, alerting pipelines, security posture operationalization<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                DevOpsSchool.com<\/td>\nTraining + consulting services (verify current portfolio)<\/td>\nDevOps transformation, platform enablement<\/td>\nBuilding incident response workflows around Cloud Guard events; implementing compartment\/tag governance<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                DEVOPSCONSULTING.IN<\/td>\nDevOps consulting (verify current offerings)<\/td>\nCI\/CD, infra automation, cloud ops<\/td>\nIntegrating Cloud Guard notifications into ticketing\/chatops; building runbooks and automation<\/td>\nhttps:\/\/devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                                21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                                                                                What to learn before Cloud Guard<\/h3>\n\n\n\n
                                                                                                                                                                                                  \n
                                                                                                                                                                                                • OCI fundamentals:<\/li>\n
                                                                                                                                                                                                • Tenancy, regions, availability domains<\/li>\n
                                                                                                                                                                                                • Compartments and organization design<\/li>\n
                                                                                                                                                                                                • OCI IAM:<\/li>\n
                                                                                                                                                                                                • users, groups, policies, dynamic groups<\/li>\n
                                                                                                                                                                                                • least privilege and compartment boundaries<\/li>\n
                                                                                                                                                                                                • OCI networking basics:<\/li>\n
                                                                                                                                                                                                • VCNs, subnets, route tables, security lists, NSGs<\/li>\n
                                                                                                                                                                                                • OCI observability basics:<\/li>\n
                                                                                                                                                                                                • Audit<\/li>\n
                                                                                                                                                                                                • Events<\/li>\n
                                                                                                                                                                                                • Notifications<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                  What to learn after Cloud Guard<\/h3>\n\n\n\n
                                                                                                                                                                                                    \n
                                                                                                                                                                                                  • Security automation:<\/li>\n
                                                                                                                                                                                                  • OCI Events \u2192 Functions pipelines<\/li>\n
                                                                                                                                                                                                  • webhook integrations to ITSM\/chatops<\/li>\n
                                                                                                                                                                                                  • Governance:<\/li>\n
                                                                                                                                                                                                  • tagging strategies, policy-as-code, change control<\/li>\n
                                                                                                                                                                                                  • Advanced security services:<\/li>\n
                                                                                                                                                                                                  • OCI Vault (secrets and keys)<\/li>\n
                                                                                                                                                                                                  • Vulnerability scanning (verify the current OCI service scope)<\/li>\n
                                                                                                                                                                                                  • Central logging\/analytics and SIEM integrations<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                    Job roles that use Cloud Guard<\/h3>\n\n\n\n
                                                                                                                                                                                                      \n
                                                                                                                                                                                                    • Cloud Security Engineer \/ Cloud Security Architect<\/li>\n
                                                                                                                                                                                                    • SOC Analyst (cloud-focused)<\/li>\n
                                                                                                                                                                                                    • Platform Engineer (landing zone owner)<\/li>\n
                                                                                                                                                                                                    • DevOps Engineer \/ SRE (incident response and remediation)<\/li>\n
                                                                                                                                                                                                    • Compliance \/ Risk Analyst (control evidence)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                      Certification path (if available)<\/h3>\n\n\n\n
                                                                                                                                                                                                      Oracle certifications change over time. Look for current Oracle Cloud certifications and security-related tracks on Oracle University and official certification pages. Verify current certification alignment with Cloud Guard:\nhttps:\/\/education.oracle.com\/<\/p>\n\n\n\n
                                                                                                                                                                                                      Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                                                                        \n
                                                                                                                                                                                                      • Build a \u201csecurity baseline\u201d:<\/li>\n
                                                                                                                                                                                                      • create prod\/nonprod targets<\/li>\n
                                                                                                                                                                                                      • tune detector recipes<\/li>\n
                                                                                                                                                                                                      • create managed lists for approved CIDRs<\/li>\n
                                                                                                                                                                                                      • Implement alert routing:<\/li>\n
                                                                                                                                                                                                      • critical\/high \u2192 paging or priority email<\/li>\n
                                                                                                                                                                                                      • medium \u2192 ticket<\/li>\n
                                                                                                                                                                                                      • low \u2192 daily digest<\/li>\n
                                                                                                                                                                                                      • Build an automation prototype:<\/li>\n
                                                                                                                                                                                                      • Events \u2192 Function \u2192 create ticket + enrich with compartment tags<\/li>\n
                                                                                                                                                                                                      • Create a monthly posture report workflow:<\/li>\n
                                                                                                                                                                                                      • export problem summaries<\/li>\n
                                                                                                                                                                                                      • track top recurring problems and remediation times<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                        22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                                                                          \n
                                                                                                                                                                                                        • OCI (Oracle Cloud Infrastructure):<\/strong> Oracle Cloud platform providing compute, networking, storage, and managed services.<\/li>\n
                                                                                                                                                                                                        • Tenancy:<\/strong> Your top-level OCI account boundary containing compartments, policies, and resources.<\/li>\n
                                                                                                                                                                                                        • Region:<\/strong> Geographic area where OCI resources run; Cloud Guard enablement can be region-dependent.<\/li>\n
                                                                                                                                                                                                        • Reporting region:<\/strong> The region where Cloud Guard stores\/aggregates its reporting data for the tenancy.<\/li>\n
                                                                                                                                                                                                        • Compartment:<\/strong> A logical container for organizing OCI resources and applying IAM policies.<\/li>\n
                                                                                                                                                                                                        • Target (Cloud Guard):<\/strong> Defines the scope Cloud Guard monitors (often a compartment) and which recipes apply.<\/li>\n
                                                                                                                                                                                                        • Detector:<\/strong> A rule or capability that identifies risky configuration or suspicious activity.<\/li>\n
                                                                                                                                                                                                        • Detector recipe:<\/strong> A packaged set of detector rules applied to a target.<\/li>\n
                                                                                                                                                                                                        • Responder:<\/strong> A rule or capability that reacts to a problem (notification and\/or remediation depending on support).<\/li>\n
                                                                                                                                                                                                        • Responder recipe:<\/strong> A packaged set of responder rules applied to a target.<\/li>\n
                                                                                                                                                                                                        • Managed list:<\/strong> A centrally managed allowlist\/denylist used by detectors for tuning.<\/li>\n
                                                                                                                                                                                                        • Problem:<\/strong> A prioritized security issue created by Cloud Guard from findings, typically with risk\/severity and remediation guidance.<\/li>\n
                                                                                                                                                                                                        • OCI Events:<\/strong> Service that routes events from OCI services to actions\/targets for automation.<\/li>\n
                                                                                                                                                                                                        • OCI Notifications:<\/strong> Service that delivers messages to subscribers (email, SMS, HTTPS, etc., depending on configuration).<\/li>\n
                                                                                                                                                                                                        • Security list \/ NSG:<\/strong> OCI virtual firewall constructs controlling allowed ingress\/egress to subnets or VNICs.<\/li>\n
                                                                                                                                                                                                        • Least privilege:<\/strong> Security practice of granting only the minimum permissions needed to perform a task.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                          23. Summary<\/h2>\n\n\n\n
                                                                                                                                                                                                          Cloud Guard<\/strong> in Oracle Cloud<\/strong> (Security, Identity, and Compliance) is OCI\u2019s native service for continuous security posture monitoring and threat\/activity detection signals, turning findings into prioritized problems<\/strong> and enabling operational response through recipes<\/strong>, targets<\/strong>, and integrations like Events<\/strong> and Notifications<\/strong>.<\/p>\n\n\n\n
                                                                                                                                                                                                          It matters because OCI environments change constantly\u2014Cloud Guard helps you detect risky exposure and policy drift early, route issues to the right owners, and build a repeatable triage and remediation workflow.<\/p>\n\n\n\n
                                                                                                                                                                                                          Cost-wise, Cloud Guard is commonly listed as no additional charge<\/strong> (verify on Oracle\u2019s pricing pages), but real costs show up in integrations and operations<\/strong>: notifications volume, automation executions, logging\/retention, and on-call time if you don\u2019t tune recipes.<\/p>\n\n\n\n
                                                                                                                                                                                                          Use Cloud Guard when you need OCI-native, compartment-aware, continuous security monitoring with a clear problems workflow. Pair it with strong IAM design, event-driven alerting, and (if needed) deeper logging\/SIEM capabilities.<\/p>\n\n\n\n
                                                                                                                                                                                                          Next step: review the official Cloud Guard docs and run a controlled pilot in a non-production compartment, then expand to production with tuned recipes and an incident-ready response process.<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                                                                          Security, Identity, and Compliance<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62,39],"tags":[],"class_list":["post-975","post","type-post","status-publish","format-standard","hentry","category-oracle-cloud","category-security-identity-and-compliance"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=975"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/975\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}