oracle.oci.oci_cloud_guard_detector_recipe_facts – Fetches details about one or multiple DetectorRecipe resources in Oracle Cloud Infrastructure

Note

This plugin is part of the oracle.oci collection (version 4.14.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install oracle.oci.

To use it in a playbook, specify: oracle.oci.oci_cloud_guard_detector_recipe_facts.

New in version 2.9.0: of oracle.oci

Synopsis

  • Fetches details about one or multiple DetectorRecipe resources in Oracle Cloud Infrastructure

  • Returns a list of all Detector Recipes in a compartment

  • The ListDetectorRecipes operation returns only the detector recipes in compartmentId passed. The list does not include any subcompartments of the compartmentId passed.

  • The parameter accessLevel specifies whether to return only those compartments for which the requestor has INSPECT permissions on at least one resource directly or indirectly (ACCESSIBLE) (the resource can be in a subcompartment) or to return Not Authorized if Principal doesn’t have access to even one of the child compartments. This is valid only when compartmentIdInSubtree is set to true.

  • The parameter compartmentIdInSubtree applies when you perform ListDetectorRecipes on the compartmentId passed and when it is set to true, the entire hierarchy of compartments can be returned. To get a full list of all compartments and subcompartments in the tenancy (root compartment), set the parameter compartmentIdInSubtree to true and accessLevel to ACCESSIBLE.

  • If detector_recipe_id is specified, the details of a single DetectorRecipe will be returned.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
access_level
string
    Choices:
  • RESTRICTED
  • ACCESSIBLE
Valid values are `RESTRICTED` and `ACCESSIBLE`. Default is `RESTRICTED`. Setting this to `ACCESSIBLE` returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to `RESTRICTED` permissions are checked and no partial results are displayed.
api_user
string
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_fingerprint
string
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_key_file
string
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided.
api_user_key_pass_phrase
string
Passphrase used by the key referenced in api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location).
auth_purpose
string
    Choices:
  • service_principal
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
auth_type
string
    Choices:
  • api_key ←
  • instance_principal
  • instance_obo_user
  • resource_principal
The type of authentication to use for making API requests. By default auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance.
cert_bundle
string
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
compartment_id
string
The ID of the compartment in which to list resources.
Required to list multiple detector_recipes.
compartment_id_in_subtree
boolean
    Choices:
  • no
  • yes
Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned depending on the the setting of `accessLevel`.
config_file_location
string
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
config_profile_name
string
The profile to load from the config file referenced by config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location.
detector_recipe_id
string
DetectorRecipe OCID
Required to get a specific detector_recipe.

aliases: id
display_name
string
A filter to return only resources that match the entire display name given.

aliases: name
lifecycle_state
string
    Choices:
  • CREATING
  • UPDATING
  • ACTIVE
  • INACTIVE
  • DELETING
  • DELETED
  • FAILED
The field life cycle state. Only one state can be provided. Default value for state is active. If no value is specified state is active.
region
string
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions.
resource_metadata_only
boolean
    Choices:
  • no
  • yes
Default is false. When set to true, the list of all Oracle Managed Resources Metadata supported by Cloud Guard are returned.
sort_by
string
    Choices:
  • timeCreated
  • displayName
The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending. If no value is specified timeCreated is default.
sort_order
string
    Choices:
  • ASC
  • DESC
The sort order to use, either 'asc' or 'desc'.
tenancy
string
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm

Examples

- name: Get a specific detector_recipe
  oci_cloud_guard_detector_recipe_facts:
    # required
    detector_recipe_id: "ocid1.detectorrecipe.oc1..xxxxxxEXAMPLExxxxxx"

- name: List detector_recipes
  oci_cloud_guard_detector_recipe_facts:
    # required
    compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"

    # optional
    display_name: display_name_example
    resource_metadata_only: true
    lifecycle_state: CREATING
    compartment_id_in_subtree: true
    access_level: RESTRICTED
    sort_order: ASC
    sort_by: timeCreated

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
detector_recipes
complex
on success
List of DetectorRecipe resources

Sample:
[{'compartment_id': 'ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx', 'defined_tags': {'Operations': {'CostCenter': 'US'}}, 'description': 'description_example', 'detector': 'IAAS_ACTIVITY_DETECTOR', 'detector_rules': [{'candidate_responder_rules': [{'display_name': 'display_name_example', 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'is_preferred': True}], 'data_source_id': 'ocid1.datasource.oc1..xxxxxxEXAMPLExxxxxx', 'description': 'description_example', 'details': {'condition': {'composite_operator': 'AND', 'kind': 'COMPOSITE', 'left_operand': {'kind': 'COMPOSITE'}, 'operator': 'IN', 'parameter': 'parameter_example', 'right_operand': {'kind': 'COMPOSITE'}, 'value': 'value_example', 'value_type': 'MANAGED'}, 'configurations': [{'config_key': 'config_key_example', 'data_type': 'data_type_example', 'name': 'name_example', 'value': 'value_example', 'values': [{'list_type': 'MANAGED', 'managed_list_type': 'managed_list_type_example', 'value': 'value_example'}]}], 'is_configuration_allowed': True, 'is_enabled': True, 'labels': [], 'problem_threshold': 56, 'risk_level': 'CRITICAL', 'sighting_types': [{'description': 'description_example', 'display_name': 'display_name_example', 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'mitre_link': 'mitre_link_example', 'tactic': 'tactic_example', 'techniques': []}], 'target_types': []}, 'detector': 'IAAS_ACTIVITY_DETECTOR', 'detector_rule_id': 'ocid1.detectorrule.oc1..xxxxxxEXAMPLExxxxxx', 'display_name': 'display_name_example', 'entities_mappings': [{'display_name': 'display_name_example', 'entity_type': 'EXTERNAL_IP', 'query_field': 'query_field_example'}], 'lifecycle_details': 'lifecycle_details_example', 'lifecycle_state': 'CREATING', 'managed_list_types': [], 'recommendation': 'recommendation_example', 'resource_type': 'resource_type_example', 'service_type': 'service_type_example', 'time_created': '2013-10-20T19:20:30+01:00', 'time_updated': '2013-10-20T19:20:30+01:00'}], 'display_name': 'display_name_example', 'effective_detector_rules': [{'candidate_responder_rules': [{'display_name': 'display_name_example', 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'is_preferred': True}], 'data_source_id': 'ocid1.datasource.oc1..xxxxxxEXAMPLExxxxxx', 'description': 'description_example', 'details': {'condition': {'composite_operator': 'AND', 'kind': 'COMPOSITE', 'left_operand': {'kind': 'COMPOSITE'}, 'operator': 'IN', 'parameter': 'parameter_example', 'right_operand': {'kind': 'COMPOSITE'}, 'value': 'value_example', 'value_type': 'MANAGED'}, 'configurations': [{'config_key': 'config_key_example', 'data_type': 'data_type_example', 'name': 'name_example', 'value': 'value_example', 'values': [{'list_type': 'MANAGED', 'managed_list_type': 'managed_list_type_example', 'value': 'value_example'}]}], 'is_configuration_allowed': True, 'is_enabled': True, 'labels': [], 'problem_threshold': 56, 'risk_level': 'CRITICAL', 'sighting_types': [{'description': 'description_example', 'display_name': 'display_name_example', 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'mitre_link': 'mitre_link_example', 'tactic': 'tactic_example', 'techniques': []}], 'target_types': []}, 'detector': 'IAAS_ACTIVITY_DETECTOR', 'detector_rule_id': 'ocid1.detectorrule.oc1..xxxxxxEXAMPLExxxxxx', 'display_name': 'display_name_example', 'entities_mappings': [{'display_name': 'display_name_example', 'entity_type': 'EXTERNAL_IP', 'query_field': 'query_field_example'}], 'lifecycle_details': 'lifecycle_details_example', 'lifecycle_state': 'CREATING', 'managed_list_types': [], 'recommendation': 'recommendation_example', 'resource_type': 'resource_type_example', 'service_type': 'service_type_example', 'time_created': '2013-10-20T19:20:30+01:00', 'time_updated': '2013-10-20T19:20:30+01:00'}], 'freeform_tags': {'Department': 'Finance'}, 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'lifecycle_state': 'CREATING', 'owner': 'CUSTOMER', 'source_data_retention': 56, 'source_detector_recipe_id': 'ocid1.sourcedetectorrecipe.oc1..xxxxxxEXAMPLExxxxxx', 'system_tags': {}, 'target_ids': [], 'time_created': '2013-10-20T19:20:30+01:00', 'time_updated': '2013-10-20T19:20:30+01:00'}]
 
compartment_id
string
on success
compartmentId of detector recipe

Sample:
ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
 
defined_tags
dictionary
on success
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: `{"foo-namespace": {"bar-key": "value"}}`

Sample:
{'Operations': {'CostCenter': 'US'}}
 
description
string
on success
Detector recipe description.

Sample:
description_example
 
detector
string
on success
Type of detector

Sample:
IAAS_ACTIVITY_DETECTOR
 
detector_rules
complex
on success
List of detector rules for the detector type for recipe - user input

   
candidate_responder_rules
complex
on success
List of CandidateResponderRule related to this rule

     
display_name
string
on success
The display name of the Responder rule

Sample:
display_name_example
     
id
string
on success
The unique identifier of the Responder rule

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
     
is_preferred
boolean
on success
Preferred state

Sample:
True
   
data_source_id
string
on success
The id of the attached DataSource.

Sample:
ocid1.datasource.oc1..xxxxxxEXAMPLExxxxxx
   
description
string
on success
Description for DetectorRecipeDetectorRule.

Sample:
description_example
   
details
complex
on success

     
condition
complex
on success

       
composite_operator
string
on success

Sample:
AND
       
kind
string
on success
Type of condition object

Sample:
COMPOSITE
       
left_operand
complex
on success

         
kind
string
on success
Type of condition object

Sample:
COMPOSITE
       
operator
string
on success
type of operator

Sample:
IN
       
parameter
string
on success
parameter Key

Sample:
parameter_example
       
right_operand
complex
on success

         
kind
string
on success
Type of condition object

Sample:
COMPOSITE
       
value
string
on success
type of operator

Sample:
value_example
       
value_type
string
on success
type of value

Sample:
MANAGED
     
configurations
complex
on success
Configuration details

       
config_key
string
on success
Unique name of the configuration

Sample:
config_key_example
       
data_type
string
on success
configuration data type

Sample:
data_type_example
       
name
string
on success
configuration name

Sample:
name_example
       
value
string
on success
configuration value

Sample:
value_example
       
values
complex
on success
List of configuration values

         
list_type
string
on success
configuration list item type, either CUSTOM or MANAGED

Sample:
MANAGED
         
managed_list_type
string
on success
type of the managed list

Sample:
managed_list_type_example
         
value
string
on success
configuration value

Sample:
value_example
     
is_configuration_allowed
boolean
on success
configuration allowed or not

Sample:
True
     
is_enabled
boolean
on success
Enables the control

Sample:
True
     
labels
list / elements=string
on success
user defined labels for a detector rule

     
problem_threshold
integer
on success
Cutover point for an elevated resource Risk Score to create a Problem

Sample:
56
     
risk_level
string
on success
The Risk Level

Sample:
CRITICAL
     
sighting_types
complex
on success
List of sighting types

       
description
string
on success
Description of the sighting type

Sample:
description_example
       
display_name
string
on success
Name of the sighting type

Sample:
display_name_example
       
id
string
on success
The unique identifier of sighting type

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
        mitre_link
string
on success
Link of the sighting type

Sample:
mitre_link_example
       
tactic
string
on success
Mitre Att&ck tactic

Sample:
tactic_example
       
techniques
list / elements=string
on success
List of Mitre Att&ck Techniques

     
target_types
list / elements=string
on success
List of target types for which the detector rule is applicable

   
detector
string
on success
detector for the rule

Sample:
IAAS_ACTIVITY_DETECTOR
   
detector_rule_id
string
on success
The unique identifier of the detector rule.

Sample:
ocid1.detectorrule.oc1..xxxxxxEXAMPLExxxxxx
   
display_name
string
on success
Display name for DetectorRecipeDetectorRule.

Sample:
display_name_example
   
entities_mappings
complex
on success
Data Source entities mapping for a Detector Rule

     
display_name
string
on success
The display name of entity

Sample:
display_name_example
     
entity_type
string
on success
Possible type of entity

Sample:
EXTERNAL_IP
     
query_field
string
on success
The entity value mapped to a data source query

Sample:
query_field_example
   
lifecycle_details
string
on success
A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

Sample:
lifecycle_details_example
   
lifecycle_state
string
on success
The current state of the DetectorRule.

Sample:
CREATING
   
managed_list_types
list / elements=string
on success
List of cloudguard managed list types related to this rule

   
recommendation
string
on success
Recommendation for DetectorRecipeDetectorRule

Sample:
recommendation_example
   
resource_type
string
on success
resource type of the configuration to which the rule is applied

Sample:
resource_type_example
   
service_type
string
on success
service type of the configuration to which the rule is applied

Sample:
service_type_example
   
time_created
string
on success
The date and time the detector recipe rule was created. Format defined by RFC3339.

Sample:
2013-10-20T19:20:30+01:00
   
time_updated
string
on success
The date and time the detector recipe rule was updated. Format defined by RFC3339.

Sample:
2013-10-20T19:20:30+01:00
 
display_name
string
on success
DisplayName of detector recipe.

Sample:
display_name_example
 
effective_detector_rules
complex
on success
List of effective detector rules for the detector type for recipe after applying defaults
Returned for get operation

   
candidate_responder_rules
complex
on success
List of CandidateResponderRule related to this rule

     
display_name
string
on success
The display name of the Responder rule

Sample:
display_name_example
     
id
string
on success
The unique identifier of the Responder rule

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
     
is_preferred
boolean
on success
Preferred state

Sample:
True
   
data_source_id
string
on success
The id of the attached DataSource.

Sample:
ocid1.datasource.oc1..xxxxxxEXAMPLExxxxxx
   
description
string
on success
Description for DetectorRecipeDetectorRule.

Sample:
description_example
   
details
complex
on success

     
condition
complex
on success

       
composite_operator
string
on success

Sample:
AND
       
kind
string
on success
Type of condition object

Sample:
COMPOSITE
       
left_operand
complex
on success

         
kind
string
on success
Type of condition object

Sample:
COMPOSITE
       
operator
string
on success
type of operator

Sample:
IN
       
parameter
string
on success
parameter Key

Sample:
parameter_example
       
right_operand
complex
on success

         
kind
string
on success
Type of condition object

Sample:
COMPOSITE
       
value
string
on success
type of operator

Sample:
value_example
       
value_type
string
on success
type of value

Sample:
MANAGED
     
configurations
complex
on success
Configuration details

       
config_key
string
on success
Unique name of the configuration

Sample:
config_key_example
       
data_type
string
on success
configuration data type

Sample:
data_type_example
       
name
string
on success
configuration name

Sample:
name_example
       
value
string
on success
configuration value

Sample:
value_example
       
values
complex
on success
List of configuration values

         
list_type
string
on success
configuration list item type, either CUSTOM or MANAGED

Sample:
MANAGED
         
managed_list_type
string
on success
type of the managed list

Sample:
managed_list_type_example
         
value
string
on success
configuration value

Sample:
value_example
     
is_configuration_allowed
boolean
on success
configuration allowed or not

Sample:
True
     
is_enabled
boolean
on success
Enables the control

Sample:
True
     
labels
list / elements=string
on success
user defined labels for a detector rule

     
problem_threshold
integer
on success
Cutover point for an elevated resource Risk Score to create a Problem

Sample:
56
     
risk_level
string
on success
The Risk Level

Sample:
CRITICAL
     
sighting_types
complex
on success
List of sighting types

       
description
string
on success
Description of the sighting type

Sample:
description_example
       
display_name
string
on success
Name of the sighting type

Sample:
display_name_example
       
id
string
on success
The unique identifier of sighting type

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
        mitre_link
string
on success
Link of the sighting type

Sample:
mitre_link_example
       
tactic
string
on success
Mitre Att&ck tactic

Sample:
tactic_example
       
techniques
list / elements=string
on success
List of Mitre Att&ck Techniques

     
target_types
list / elements=string
on success
List of target types for which the detector rule is applicable

   
detector
string
on success
detector for the rule

Sample:
IAAS_ACTIVITY_DETECTOR
   
detector_rule_id
string
on success
The unique identifier of the detector rule.

Sample:
ocid1.detectorrule.oc1..xxxxxxEXAMPLExxxxxx
   
display_name
string
on success
Display name for DetectorRecipeDetectorRule.

Sample:
display_name_example
   
entities_mappings
complex
on success
Data Source entities mapping for a Detector Rule

     
display_name
string
on success
The display name of entity

Sample:
display_name_example
     
entity_type
string
on success
Possible type of entity

Sample:
EXTERNAL_IP
     
query_field
string
on success
The entity value mapped to a data source query

Sample:
query_field_example
   
lifecycle_details
string
on success
A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

Sample:
lifecycle_details_example
   
lifecycle_state
string
on success
The current state of the DetectorRule.

Sample:
CREATING
   
managed_list_types
list / elements=string
on success
List of cloudguard managed list types related to this rule

   
recommendation
string
on success
Recommendation for DetectorRecipeDetectorRule

Sample:
recommendation_example
   
resource_type
string
on success
resource type of the configuration to which the rule is applied

Sample:
resource_type_example
   
service_type
string
on success
service type of the configuration to which the rule is applied

Sample:
service_type_example
   
time_created
string
on success
The date and time the detector recipe rule was created. Format defined by RFC3339.

Sample:
2013-10-20T19:20:30+01:00
   
time_updated
string
on success
The date and time the detector recipe rule was updated. Format defined by RFC3339.

Sample:
2013-10-20T19:20:30+01:00
 
freeform_tags
dictionary
on success
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: `{"bar-key": "value"}`
Avoid entering confidential information.

Sample:
{'Department': 'Finance'}
 
id
string
on success
Ocid for detector recipe

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
 
lifecycle_state
string
on success
The current state of the resource.

Sample:
CREATING
 
owner
string
on success
Owner of detector recipe

Sample:
CUSTOMER
 
source_data_retention
integer
on success
The number of days for which source data is retained

Sample:
56
 
source_detector_recipe_id
string
on success
Recipe Ocid of the Source Recipe to be cloned

Sample:
ocid1.sourcedetectorrecipe.oc1..xxxxxxEXAMPLExxxxxx
 
system_tags
dictionary
on success
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. System tags can be viewed by users, but can only be created by the system.
Example: `{"orcl-cloud": {"free-tier-retained": "true"}}`

 
target_ids
list / elements=string
on success
The recipe attached to targets
Returned for get operation

 
time_created
string
on success
The date and time the detector recipe was created. Format defined by RFC3339.

Sample:
2013-10-20T19:20:30+01:00
 
time_updated
string
on success
The date and time the detector recipe was updated. Format defined by RFC3339.

Sample:
2013-10-20T19:20:30+01:00


Authors

  • Oracle (@oracle)