Oracle Cloud Infrastructure Event Collector
#
This Integration is part of the Oracle Cloud Infrastructure (OCI) Pack.Supported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
This integration fetches audit log events from an Oracle Cloud Infrastructure resources. Audit log events can be used for security audits, to track usage of and changes to Oracle Cloud Infrastructure resources, and to help ensure compliance with standards or regulations.
#
API ReferencesOracle Cloud Infrastructure Audit Logs API documentation Oracle Cloud Infrastructure Audit API Endpoints (available Regions)
#
Configure Oracle Cloud Infrastructure Event Collector on Cortex XSIAM- Navigate to Settings > Configurations > Automation & Feed Integrations.
- Search for Oracle Cloud Infrastructure.
- Click Add instance to create and configure a new integration instance.
#
OCI Related ParametersOracle Cloud Infrastructure SDKs and CLI require basic configuration information, which is achieved by using configuration parameters either with a configuration file or a runtime defined configuration dictionary. This integration uses the runtime defined configuration dictionary. More about OCI configuration here.
Parameter | Description | Required |
---|---|---|
Tenancy OCID | OCID of your tenancy. To get the value, see Required Keys and OCIDs. | True |
User OCID | OCID of the user calling the API. To get the value, see Required Keys and OCIDs. Example: ocid1.user.oc1..<unique_ID> | True |
API Key Fingerprint | Fingerprint for the public key that was added to this user. To get the value, see Required Keys and OCIDs. | True |
Private Key | Private Key for authentication. Important: The key pair must be in PEM format. For instructions on generating a key pair in PEM format, see Required Keys and OCIDs. | True |
API Private Key Type | The type of the private key. The possible values are: PKCS#1 and PKCS#8. The default value is PKCS#8. A link explaining the difference between the 2 types see link | False |
Region | An Oracle Cloud Infrastructure region. See Regions and Availability Domains. Example: us-ashburn-1 | True |
Compartment OCID | An Oracle Cloud Identifier compartment. The default value is the Tenancy OCID parameter. See Finding the OCID of a Compartment. | False |
First fetch time | First fetch time (< number > < time unit >, e.g., 12 hours, 1 day, 3 months). Default is 3 days. | False |
Trust any certificate (not secure) | Use SSL secure connection or ‘None’. | False |
User system proxy settings | Runs the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration. | False |
- Click Test to validate the URLs, tokens, and connection.
#
CommandsYou can execute the following command from the Cortex XSIAM CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
oracle-cloud-infrastructure-get-eventsManual command to fetch and display events.
#
Base Commandoracle-cloud-infrastructure-get-events
#
InputArgument Name | Description | Required |
---|---|---|
should_push_events | Set this argument to true in order to create events, otherwise the command will only display them. Default is false. | True |