- 12 Nov 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Oracle Cloud
- Updated on 12 Nov 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Oracle Cloud is a computing service providing servers, storage, network, applications and services.
Related Enforcement Actions:
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
Parameters
User OCID - Specify the Oracle Cloud Identifier (OCID) for the Axonius user. For more details on User OCID, see Oracle Cloud Infrastructure Documentation - Where to Get the Tenancy's OCID and User's OCID.
Oracle Key File - Upload an RSA key pair in PEM format (minimum 2048 bits). For more details on generating such key, see Oracle Cloud Infrastructure Documentation - How to Generate an API Signing Key.
Key-Pair Fingerprint - Specify the key fingerprint. To get the key fingerprint, you need to upload the PEM public key in the Oracle Cloud console. For more details, see Oracle Cloud Infrastructure Documentation - How to Upload the Public Key.
Tenancy OCID - Specify your tenancy Oracle Cloud Identifier (OCID). For more details on User OCID, see Oracle Cloud Infrastructure Documentation - Where to Get the Tenancy's OCID and User's OCID.
Oracle Cloud Infrastructure Region - Specify your Region Identifier. For the complete region list, see Oracle Cloud Infrastructure Documentation - Regions and Availability Domains.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Oracle Cloud services to fetch as devices - Select the Oracle Cloud services to fetch as devices. You can select from VM Clusters, Database Service, Kubernetes Clusters and and Auto Scaling Groups.
- List of tags to parse as fields - Enter a comma-separated list of tag keys to be saved as fields.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Required Permissions
To fetch information from Oracle Cloud API, you first need to create a user for Axonius, and put that user in at least one IAM group with any desired read-only permissions. For more details, see Oracle Cloud Infrastructure Documentation - Adding Users.
To add the appropriate permissions for the type of data you want to fetch, follow these steps on your Oracle console:
- From the left hand navigation menu, select Identity & Security > Policies.
- Use the compartment selector at the top of the Policies page to select which compartment you want to apply the policy to. For tenancy-wide policies, you usually need to select the root compartment.
- After adding the appropriate compartment, you need to add permissions to the policy. Either select an existing policy to edit or click Create Policy to create a new one.
- In the Policy Editor, add a Policy Statement - for example,
Allow group Admins to read users in tenancy
. Then, click Create or Save Changes.
All the permissions and policy statements you can add are listed below.
Category | Permission | Policy Statement |
---|---|---|
Compute Service | list_instances | Allow group <group_name> to read instances in compartment <compartment_name> |
Compute Service | list_vnic_attachments | Allow group <group_name> to read vnic-attachments in compartment <compartment_name> |
Compute Service | list_image/get_image | Allow group <group_name> to read images in compartment <compartment_name> |
Networking Service | list_network_security_group_security_rules | Allow group <group_name> to read network-security-groups in compartment <compartment_name> |
Networking Service | list_public_ips | Allow group <group_name> to read virtual-network-family in compartment <compartment_name> |
Networking Service | list_security_lists | Allow group <group_name> to read security-lists in compartment <compartment_name> |
Networking Service | get_subnet | Allow group <group_name> to inspect subnets in compartment <compartment_name> |
Networking Service | get_private_ip | Allow group <group_name> to read virtual-network-family in compartment <compartment_name> |
Networking Service | get_vnic | Allow group <group_name> to read vnic in compartment <compartment_name> |
Networking Service | list_vcns | Allow group <group_name> to read vcns in compartment <compartment_name> |
Networking Service | get_security_list | Allow group <group_name> to read security-lists in compartment <compartment_name> |
Database Service | list_db_systems | Allow group <group_name> to read db-systems in compartment <compartment_name> |
Database Service | list_db_homes | Allow group <group_name> to read db-homes in compartment <compartment_name> |
Database Service | list_databases | Allow group <group_name> to read databases in compartment <compartment_name> |
Database Service | list_autonomous_databases | Allow group <group_name> to read autonomous-databases in compartment <compartment_name> |
Database Service | list_pluggable_databases | Allow group <group_name> to read pluggable-databases in compartment <compartment_name> |
Database Service | get_db_system/list_db_systems | Allow group <group_name> to read db-systems in compartment <compartment_name> |
NoSQL Database Service | list_tables | Allow group <group_name> to read tables in compartment <compartment_name> |
Container Engine for Kubernetes (OKE) | list_clusters | Allow group <group_name> to read clusters in compartment <compartment_name> |
Identity and Access Management (IAM) | get_compartment | Allow group <group_name> to read compartments in tenancy |
Identity and Access Management (IAM) | list_compartments | Allow group <group_name> to read compartments in tenancy |
Identity and Access Management (IAM) | list_users | Allow group <group_name> to read users in tenancy |
Identity and Access Management (IAM) | list_groups | Allow group <group_name> to read groups in tenancy |
Identity and Access Management (IAM) | list_api_keys | Allow group <group_name> to read api-keys in compartment <compartment_name> |
Identity and Access Management (IAM) | list_user_group_memberships | Allow group <group_name> to read group-memberships in compartment <compartment_name> |
OCI Auto Scaling | list_auto_scaling_configurations | Allow group <group_name> to read auto-scaling-configurations in compartment <compartment_name> |