What is the difference between a detector recipe and a responder recipe?

Detector recipes define what Cloud Guard looks for — they contain rules that evaluate your OCI resources against security best practices and compliance standards. Each detector rule specifies a condition, risk level (CRITICAL, HIGH, MEDIUM, LOW), and the resource types it monitors. Responder recipes define what happens when a detector finds a problem — they can automatically remediate issues, create notifications, or require manual approval before taking action.

Can I customize Oracle-managed Cloud Guard recipes?

You cannot modify Oracle-managed recipes directly, but you can clone them to create user-managed copies. Once cloned, you can enable or disable individual rules, adjust risk levels, modify rule parameters, and add conditions. Cloned recipes do not automatically receive updates when Oracle modifies the managed recipe, so you should periodically review Oracle's managed recipes for new rules you may want to incorporate.

How does Cloud Guard determine risk levels for detected problems?

Each detector rule has a configured risk level that represents the potential security impact. Cloud Guard aggregates these into a risk score for each target (compartment). Risk levels map to severity: CRITICAL problems like publicly exposed databases score highest, while LOW problems like missing tags score lowest. You can customize risk levels in cloned recipes to align with your organization's risk tolerance and compliance requirements.

Cloud Guard Recipe Builder

IAM & SecurityOCI

Build Cloud Guard detector recipe configurations with rules and risk levels.

OCI Cloud Guard Configuration

Build Cloud Guard detector recipe configurations for security monitoring and compliance.

Required Fields

compartmentIddisplayNamedetectorRecipeTypedetectorRules

{
  "compartmentId": "ocid1.compartment.oc1..aaaaaaaexample",
  "displayName": "custom-config-detector-recipe",
  "description": "Custom detector recipe for CIS benchmark compliance",
  "detectorRecipeType": "CONFIGURATION",
  "sourceDetectorRecipeId": "ocid1.cloudguarddetectorrecipe.oc1..aaaaaaaexample",
  "detectorRules": [
    {
      "detectorRuleId": "BUCKET_IS_PUBLIC",
      "details": {
        "isEnabled": true,
        "riskLevel": "CRITICAL",
        "condition": {
          "kind": "SIMPLE",
          "parameter": "publicAccessType",
          "operator": "NOT_EQUALS",
          "value": "NoPublicAccess"
        },
        "configurations": [
          {
            "configKey": "publicAccessType",
            "name": "Public access type",
            "value": "NoPublicAccess"
          }
        ]
      }
    },
    {
      "detectorRuleId": "VCN_SECURITY_LIST_ALLOWS_ALL_INGRESS",
      "details": {
        "isEnabled": true,
        "riskLevel": "HIGH",
        "condition": null,
        "configurations": []
      }
    }
  ],
  "freeformTags": {
    "compliance": "cis-benchmark"
  }
}

Generated Output

Output will appear here...

About This Tool

OCI Cloud Guard provides automated security monitoring by using detector and responder recipes that define what threats to look for and how to react. Detector recipes contain rules that identify security problems — like public buckets, instances without monitoring, or overly permissive policies — while responder recipes define automated or manual remediation actions. Building custom recipes requires understanding rule parameters, condition groups, risk levels, and managed list references. This tool helps you assemble detector and responder recipes with correct rule configurations, thresholds, and target mappings.

When to Use This Tool

•Building custom detector recipes that flag compute instances launched without Cloud Guard monitoring agents installed
•Creating responder recipes that automatically disable compromised user API keys and notify the security team
•Configuring detector rules with custom risk levels and condition groups for organization-specific compliance requirements
•Generating recipe configurations that integrate with OCI Events and Notifications for security alerting workflows

Frequently Asked Questions

What is the difference between a detector recipe and a responder recipe?: Detector recipes define what Cloud Guard looks for — they contain rules that evaluate your OCI resources against security best practices and compliance standards. Each detector rule specifies a condition, risk level (CRITICAL, HIGH, MEDIUM, LOW), and the resource types it monitors. Responder recipes define what happens when a detector finds a problem — they can automatically remediate issues, create notifications, or require manual approval before taking action.
Can I customize Oracle-managed Cloud Guard recipes?: You cannot modify Oracle-managed recipes directly, but you can clone them to create user-managed copies. Once cloned, you can enable or disable individual rules, adjust risk levels, modify rule parameters, and add conditions. Cloned recipes do not automatically receive updates when Oracle modifies the managed recipe, so you should periodically review Oracle's managed recipes for new rules you may want to incorporate.
How does Cloud Guard determine risk levels for detected problems?: Each detector rule has a configured risk level that represents the potential security impact. Cloud Guard aggregates these into a risk score for each target (compartment). Risk levels map to severity: CRITICAL problems like publicly exposed databases score highest, while LOW problems like missing tags score lowest. You can customize risk levels in cloned recipes to align with your organization's risk tolerance and compliance requirements.

Related Learning Guides

OCI Security Best Practices24 min read

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.