Oracle Cloud

Visualize OCI compute instances, virtual machine hosts, domains, access policies, oracle object storage, vaults, nosql services, streaming services , devops, functions, redis, resource manager , map OCI users to employees, and monitor changes through queries and alerts.

Installation guide
Oracle Cloud data model

Installation

To install Oracle Cloud Infrastructure, you will need access to an admin account within your OCI instance. Additionally, you must provide the following credentials from Oracle Cloud to successfully initiate the integration:

Private Key
Tenancy OCID
User OCID
Fingerprint
Region
Passcode (if used to generate the Private Key)

Configuration on Oracle Cloud

Log into OCI as the root user or user with the required permissions (see below) and navigate to My profile in the top-right corner of the screen. From there:

Under Resources, select API Keys > Add API Key.
Generate a new key pair, choose a public key, or paste your desired public key then click Add.
The configuration file preview will contain your User OCID, Tenancy OCID, Region and Fingerprint. Retain these values for use within the JupiterOne integration configuration.

Required Permissions

COMPARTMENT_INSPECT
DOMAIN_INSPECT
GROUP_INSPECT
USER_INSPECT
POLICY_READ
DEVOPS_BUILD_PIPELINE_INSPECT
DEVOPS_DEPLOY_ENVIRONMENT_INSPECT
DEVOPS_DEPLOY_PIPELINE_INSPECT
DEVOPS_PROJECT_INSPECT
DEVOPS_REPOSITORY_INSPECT
FN_FUNCTION_LIST
FN_APP_LIST
INSTANCE_READ
DEDICATED_VM_HOST_INSPECT
NOSQL_INDEX_READ
NOSQL_TABLE_INSPECT
BUCKET_READ
REDIS_CLUSTER_INSPECT
ORM_STACK_INSPECT
STREAM_INSPECT
STREAM_POOL_INSPECT
KEY_INSPECT
VAULT_INSPECT
SECRET_INSPECT
CG_PROBLEM_INSPECT

Example policy

Allow group SandboxGroup to read all-resources in tenancy where any { request.permission='COMPARTMENT_INSPECT', request.permission='DOMAIN_INSPECT', request.permission='GROUP_INSPECT', request.permission='USER_INSPECT', request.permission='POLICY_READ', request.permission='DEVOPS_BUILD_PIPELINE_INSPECT', request.permission='DEVOPS_DEPLOY_ENVIRONMENT_INSPECT', request.permission='DEVOPS_DEPLOY_PIPELINE_INSPECT', request.permission='DEVOPS_PROJECT_INSPECT', request.permission='DEVOPS_REPOSITORY_INSPECT', request.permission='FN_FUNCTION_LIST', request.permission='FN_APP_LIST', request.permission='INSTANCE_READ', request.permission='DEDICATED_VM_HOST_INSPECT', request.permission='NOSQL_INDEX_READ', request.permission='NOSQL_TABLE_INSPECT', request.permission='BUCKET_READ', request.permission='REDIS_CLUSTER_INSPECT', request.permission='ORM_STACK_INSPECT', request.permission='STREAM_INSPECT', request.permission='STREAM_POOL_INSPECT', request.permission='KEY_INSPECT', request.permission='VAULT_INSPECT', request.permission='SECRET_INSPECT', request.permission='CG_PROBLEM_INSPECT'}

Configuration in JupiterOne

To install the Oracle Cloud integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Oracle Cloud. Click New Instance to begin configuring the integration.

Creating an Oracle Cloud instance requires the following:

The Account Name used to identify the AirWatch account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.
Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.
Your Oracle Cloud Private Key.
The Tenancy OCID, User OCID, and Fingerprint, and Region values associated to your Private Key.
Optionally, you may supply the Private Key Passphrase if your Private Key was generated with it.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.

Data Model

Entities

The following entities are created:

Resources	Entity `_type`	Entity `_class`
ADB Protected Database	`oci_adb_protected_database`	Database
Account	`oci_compartment`	Account
Alert Object	`oci_alert_object`	Alert
Authentication Policy	`oci_authentication_policy`	Policy
Block Volume	`oci_block_volume`	DataStore
Boot Disk Image	`oci_boot_disk_image`	Image
Boot Volume	`oci_boot_volume`	DataStore
CachingService	`oci_caching`	Service
CloudGuard Problems	`oci_cloudguard_problem`	Finding
CloudGuard Service	`oci_cloudguard`	Service
ComputeInstance	`oci_compute_instance`	Host
DedicatedVMHost	`oci_dedicated_vm_host`	Host
DevopsBuildPipeline	`oci_devops_build_pipeline`	Configuration
DevopsDeployEnvironment	`oci_devops_deploy_environment`	Configuration
DevopsDeployPipeline	`oci_devops_deploy_pipeline`	Configuration
DevopsProject	`oci_devops_project`	Resource
DevopsRepository	`oci_devops_repository`	Configuration
DevopsService	`oci_devops_service`	Service
Domain	`oci_domain`	Group
File system	`oci_file_system`	DataStore
FunctionsFunction	`oci_functions_function`	Function
FunctionsService	`oci_functions`	Service
Group	`oci_group`	UserGroup
Kms key	`oci_kms_key`	Key
Logging Object	`oci_logging_object`	Logs
Mount Target	`oci_mount_target`	DataStore
NOSQL Index	`oci_nosql_index`	Database
NOSQL Service	`oci_nosql`	Service
NOSQL table	`oci_nosql_table`	DataStore
Network Security Group	`oci_network_security_group`	Firewall
Network Security Rule	`oci_network_security_rule`	Rule
Notification Topic	`oci_notification_topic`	DataObject
OAC Analytics Instance	`oci_oac_analytics_instance`	Host
OIC Integration Instance	`oci_oic_integration_instance`	Host
ObjectStorageBucket	`oci_objectstorage_bucket`	DataStore
OracleObjectStorage	`oci_objectstorage`	Service
Policy	`oci_access_policy`	AccessPolicy
RedisCluster	`oci_caching_redis_cluster`	Database, DataStore, Cluster
ResourceManagerService	`oci_resourcemanager`	Service
ResourceManagerStacks	`oci_resourcemanager_stack`	Configuration
Security List	`oci_security_list`	Firewall
Streaming Pool	`oci_streaming_stream_pool`	Configuration
Streaming Service	`oci_streaming`	Service
Streaming Stream	`oci_streaming_stream`	DataCollection
Subscription	`oci_subscription`	Subscription
UseCase	`oci_use_case`	AccessRole
User	`oci_user`	User
Vault Service	`oci_vault`	Service
Vault secret	`oci_vault_secret`	Secret
Virtual Cloud Network	`oci_virtual_cloud_network`	Network
Volume group	`oci_volume_group`	Group
vault	`oci_kms_vault`	Configuration

Relationships

The following relationships are created:

Source Entity `_type`	Relationship `_class`	Target Entity `_type`
`oci_access_policy`	HAS	`oci_use_case`
`oci_boot_volume`	USES	`oci_boot_disk_image`
`oci_boot_volume`	HAS	`oci_kms_key`
`oci_caching`	HAS	`oci_caching_redis_cluster`
`oci_cloudguard`	IDENTIFIED	`oci_cloudguard_problem`
`oci_compartment`	HAS	`oci_access_policy`
`oci_compartment`	HAS	`oci_adb_protected_database`
`oci_compartment`	HAS	`oci_alert_object`
`oci_compartment`	HAS	`oci_authentication_policy`
`oci_compartment`	HAS	`oci_boot_disk_image`
`oci_compartment`	HAS	`oci_caching`
`oci_compartment`	HAS	`oci_cloudguard`
`oci_compartment`	CONTAINS	`oci_compartment`
`oci_compartment`	HAS	`oci_compute_instance`
`oci_compartment`	HAS	`oci_dedicated_vm_host`
`oci_compartment`	HAS	`oci_devops_service`
`oci_compartment`	HAS	`oci_domain`
`oci_compartment`	HAS	`oci_functions`
`oci_compartment`	HAS	`oci_logging_object`
`oci_compartment`	HAS	`oci_network_security_group`
`oci_compartment`	HAS	`oci_nosql`
`oci_compartment`	HAS	`oci_notification_topic`
`oci_compartment`	HAS	`oci_objectstorage`
`oci_compartment`	HAS	`oci_resourcemanager`
`oci_compartment`	HAS	`oci_streaming`
`oci_compartment`	HAS	`oci_subscription`
`oci_compartment`	HAS	`oci_vault`
`oci_compartment`	HAS	`oci_virtual_cloud_network`
`oci_compartment`	HAS	`oci_volume_group`
`oci_compute_instance`	HAS	`oci_boot_volume`
`oci_dedicated_vm_host`	HAS	`oci_compute_instance`
`oci_devops_project`	USES	`oci_devops_build_pipeline`
`oci_devops_project`	USES	`oci_devops_deploy_environment`
`oci_devops_project`	USES	`oci_devops_deploy_pipeline`
`oci_devops_project`	USES	`oci_devops_repository`
`oci_devops_service`	HAS	`oci_devops_project`
`oci_domain`	HAS	`oci_group`
`oci_domain`	HAS	`oci_user`
`oci_file_system`	HAS	`oci_kms_key`
`oci_functions`	HAS	`oci_functions_function`
`oci_group`	HAS	`oci_user`
`oci_kms_key`	PROTECTS	`oci_block_volume`
`oci_kms_key`	PROTECTS	`oci_oac_analytics_instance`
`oci_kms_vault`	HAS	`oci_kms_key`
`oci_kms_vault`	HAS	`oci_vault_secret`
`oci_network_security_group`	PROTECTS	`oci_mount_target`
`oci_network_security_group`	HAS	`oci_network_security_rule`
`oci_nosql`	HAS	`oci_nosql_index`
`oci_nosql`	HAS	`oci_nosql_table`
`oci_nosql_table`	HAS	`oci_nosql_index`
`oci_oac_analytics_instance`	ALLOWS	`oci_virtual_cloud_network`
`oci_objectstorage`	HAS	`oci_objectstorage_bucket`
`oci_oic_integration_instance`	ALLOWS	`oci_virtual_cloud_network`
`oci_resource`	HAS	`oci_cloudguard_problem`
`oci_resourcemanager`	HAS	`oci_resourcemanager_stack`
`oci_streaming`	HAS	`oci_streaming_stream_pool`
`oci_streaming_stream_pool`	HAS	`oci_streaming_stream`
`oci_use_case`	ASSIGNED	`oci_compartment`
`oci_use_case`	ASSIGNED	`oci_group`
`oci_vault`	HAS	`oci_kms_vault`
`oci_virtual_cloud_network`	HAS	`oci_network_security_group`
`oci_virtual_cloud_network`	HAS	`oci_security_list`
`oci_volume_group`	HAS	`oci_block_volume`
`oci_volume_group`	HAS	`oci_boot_volume`

Oracle Cloud

Installation​

Configuration on Oracle Cloud​

Required Permissions​

Example policy​

Configuration in JupiterOne​

Next steps​

Data Model​

Entities​

Relationships​