[MUSIC] Welcome back. In this lesson, we are going to look at Oracle Cloud Guard. Oracle Cloud Guard is a very unique feature available within Oracle Cloud Infrastructure. What is Oracle Cloud guard? Cloud Guard is a service that falls under the category of security cloud security posture management. It helps to monitor and identify potential security issues, and then remediate them. What is really interesting about Cloud Guard is that it can completely automate the remediation. As you can see here, the two key aspects, you detect a problem. And there are a couple of ways you do that. You can check configurations, you can monitor activities, and then you can apply a response, and you can automate this response. So how does this really work in practice? So the first thing you do is you specify a target, and a target basically sets the scope of resources to be examined. For OCI, compartments can be target, and their child compartment can be the target. So target is nothing but resources to be examined. Then you have detectors, and these detectors are basically identify issues. Detectors are Cloud Guard components that identify issues with resources or user actions, and alert when an issue is found. So as you can see here, if there's a public instance where it should not be, it will flag that, if there's a public bucket, it would flag that, etc. Then you have problems, and problems are potential security issues. So in a way, think about problems as being notifications that a configuration or activity is a potential security issue. And then finally, we have responders, which provide notification and corrective actions for security problems. So as you can see here, if the instance is public, you could stop that instance, if a bucket is public, you could disable that bucket or make it private, and so on and so forth. You could decide what kind of responders you want. Now, let us look at this in action. So the scenario here is a public bucket, and you don't want this bucket to be public, you want this to be a private bucket because that's sort of aligns with your security posture. So first, what Cloud Guard does suppose this bucket is living in a compartment, which is monitored by Cloud Guard. Cloud Guard is running these configuration monitoring. So it's looking at your bucket, and it triggers a flag, saying that this particular bucket is public. And it marks flags that has a critical issue, and a problem gets created. So think about problem as sort of a ticket, so it gets created, saying bucket is public. And at the same time, because it assigns a score, it says it's a critical risk, so it notifies that that is a critical risk. And then there are responders which look at that, and they say that, is my responder enabled on for this kind of issue? And if the answer is yes, it can also have additional functionalities. So things like Cloud Event, it could go to Cloud Event, triggered that as an event, and then you could get notification out of that. You could also go to OCI Functions, which is our serverless service. And it could do something else, it could slack you or something like that, right? So it could have some other feature built in. So the responder looks at that, and then it hands it over to a Cloud Guard operator. This is a policy which you write, which says, can I remediate the problem? Do I have the permission to remediate the problem? Because one interesting thing about Cloud Guard is you could automate all this. And if the answer is yes, then it responds, and it makes the bucket private. And that's how you go to that critical risk on, and the situation turns to green again. So this is sort of an end-to-end workflow on how Cloud Guard works. A lot of this is transparent, you don't see it. And it's a great way to automatically detect issues and fix problems. Just to recap, Cloud Guard is a service that falls under the category of cloud security posture management. It helps to monitor and identify potential security issues, and then remediate them. You could also automatically remediate these problems. I hope you found this lesson useful. Thanks for watching.
