Rules Contributing to Suspicious OCI Logging Activity Alert

This topic covers a feature that is not available for all customers yet. See Early Access Program Features and Topics Under Development.

The following rules are used to identify suspicious logging activity in OCI. Any one or more of these will trigger the Suspicious OCI Logging Activity Alert. Details for each rule can be viewed by clicking the More Details link in the description.

Title

Description

OCI Log Group Deletion

Identifies the deletion of a specified OCI LogGroup. When a log group is deleted, all the archived log entries associated with the log group are also permanently deleted.

OCI Log Object Deletion

Identifies the deletion of an OCI log object, which permanently deletes all associated archived log entries.

OCI Log Object Updated

Identifies an update to an existing OCI log object with configuration that specifies the delivery of log files.