Oracle Cloud
  • 12 Nov 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Oracle Cloud

  • Dark
    Light
  • PDF

Article summary

Oracle Cloud is a computing service providing servers, storage, network, applications and services.

Related Enforcement Actions:

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. User OCID - Specify the Oracle Cloud Identifier (OCID) for the Axonius user. For more details on User OCID, see Oracle Cloud Infrastructure Documentation - Where to Get the Tenancy's OCID and User's OCID.

  2. Oracle Key File - Upload an RSA key pair in PEM format (minimum 2048 bits). For more details on generating such key, see Oracle Cloud Infrastructure Documentation - How to Generate an API Signing Key.

  3. Key-Pair Fingerprint - Specify the key fingerprint. To get the key fingerprint, you need to upload the PEM public key in the Oracle Cloud console. For more details, see Oracle Cloud Infrastructure Documentation - How to Upload the Public Key.

  4. Tenancy OCID - Specify your tenancy Oracle Cloud Identifier (OCID). For more details on User OCID, see Oracle Cloud Infrastructure Documentation - Where to Get the Tenancy's OCID and User's OCID.

  5. Oracle Cloud Infrastructure Region - Specify your Region Identifier. For the complete region list, see Oracle Cloud Infrastructure Documentation - Regions and Availability Domains.

  6. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  7. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  8. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Oracle%20Cloud

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Oracle Cloud services to fetch as devices - Select the Oracle Cloud services to fetch as devices. You can select from VM Clusters, Database Service, Kubernetes Clusters and and Auto Scaling Groups.
  2. List of tags to parse as fields - Enter a comma-separated list of tag keys to be saved as fields.
Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

Required Permissions

To fetch information from Oracle Cloud API, you first need to create a user for Axonius, and put that user in at least one IAM group with any desired read-only permissions. For more details, see Oracle Cloud Infrastructure Documentation - Adding Users.

To add the appropriate permissions for the type of data you want to fetch, follow these steps on your Oracle console:

  1. From the left hand navigation menu, select Identity & Security > Policies.
  2. Use the compartment selector at the top of the Policies page to select which compartment you want to apply the policy to. For tenancy-wide policies, you usually need to select the root compartment.
  3. After adding the appropriate compartment, you need to add permissions to the policy. Either select an existing policy to edit or click Create Policy to create a new one.
  4. In the Policy Editor, add a Policy Statement - for example, Allow group Admins to read users in tenancy. Then, click Create or Save Changes.

All the permissions and policy statements you can add are listed below.

CategoryPermissionPolicy Statement
Compute Servicelist_instancesAllow group <group_name> to read instances in compartment <compartment_name>
Compute Servicelist_vnic_attachmentsAllow group <group_name> to read vnic-attachments in compartment <compartment_name>
Compute Servicelist_image/get_imageAllow group <group_name> to read images in compartment <compartment_name>
Networking Servicelist_network_security_group_security_rulesAllow group <group_name> to read network-security-groups in compartment <compartment_name>
Networking Servicelist_public_ipsAllow group <group_name> to read virtual-network-family in compartment <compartment_name>
Networking Servicelist_security_listsAllow group <group_name> to read security-lists in compartment <compartment_name>
Networking Serviceget_subnetAllow group <group_name> to inspect subnets in compartment <compartment_name>
Networking Serviceget_private_ipAllow group <group_name> to read virtual-network-family in compartment <compartment_name>
Networking Serviceget_vnicAllow group <group_name> to read vnic in compartment <compartment_name>
Networking Servicelist_vcnsAllow group <group_name> to read vcns in compartment <compartment_name>
Networking Serviceget_security_listAllow group <group_name> to read security-lists in compartment <compartment_name>
Database Servicelist_db_systemsAllow group <group_name> to read db-systems in compartment <compartment_name>
Database Servicelist_db_homesAllow group <group_name> to read db-homes in compartment <compartment_name>
Database Servicelist_databasesAllow group <group_name> to read databases in compartment <compartment_name>
Database Servicelist_autonomous_databasesAllow group <group_name> to read autonomous-databases in compartment <compartment_name>
Database Servicelist_pluggable_databasesAllow group <group_name> to read pluggable-databases in compartment <compartment_name>
Database Serviceget_db_system/list_db_systemsAllow group <group_name> to read db-systems in compartment <compartment_name>
NoSQL Database Servicelist_tablesAllow group <group_name> to read tables in compartment <compartment_name>
Container Engine for Kubernetes (OKE)list_clustersAllow group <group_name> to read clusters in compartment <compartment_name>
Identity and Access Management (IAM)get_compartmentAllow group <group_name> to read compartments in tenancy
Identity and Access Management (IAM)list_compartmentsAllow group <group_name> to read compartments in tenancy
Identity and Access Management (IAM)list_usersAllow group <group_name> to read users in tenancy
Identity and Access Management (IAM)list_groupsAllow group <group_name> to read groups in tenancy
Identity and Access Management (IAM)list_api_keysAllow group <group_name> to read api-keys in compartment <compartment_name>
Identity and Access Management (IAM)list_user_group_membershipsAllow group <group_name> to read group-memberships in compartment <compartment_name>
OCI Auto Scalinglist_auto_scaling_configurationsAllow group <group_name> to read auto-scaling-configurations in compartment <compartment_name>



Was this article helpful?