InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Configuring Oracle Cloud Infrastructure (OCI)

InsightCloudSec includes support for Oracle Cloud Infrastructure (OCI). While initial support for this new Cloud Service Provider will be limited, we expect to rapidly expand the supported features and services for OCI over the course of 2021.

As with all of our features, if you have questions or concerns, reach out to us through support-[email protected].

Getting Started with OCI

In OCI a tenant is the top level construct. It is analogous to a project in GCP or a subscription within Azure. There are several steps that must be taken within the Oracle console to enable InsightCloudSec to get access to a tenant, and this page will outlines those steps.

Additional Resources on OCI are available as follows:

Permissions

You must have administrative level privileges to execute these steps. Check out our User Entitlements Matrix for more details on InsightCloudSec permissions/entitlements.

Refer to Oracle's documentation for more details how OCI manages permissions/policies.

Connecting a Tenant

Steps to Complete in the Oracle Console

1. Login to the Oracle console.

  • Note that you will have to enter in the tenant name that you want to allow InsightCloudSec to access.

2. Click on the menu icon at the top left and scroll down to "Identity > Users".

Oracle Console: Identity --> UsersOracle Console: Identity --> Users

Oracle Console: Identity --> Users

3. Create a new Group (e.g., InsightCloudSec).

  • Groups are required as IAM permissions are linked to groups and not individual accounts.
Oracle Console - Create GroupOracle Console - Create Group

Oracle Console - Create Group

4. Create a new User account (e.g., InsightCloudSec) by completing the form and clicking "Create".

Oracle Console - Create User FormOracle Console - Create User Form

Oracle Console - Create User Form

5. Click on "Add API Key" to generate an API key that will be used.

  • You will need to download the PEM file and copy the information in the pop up. (This information will look similar to the example shown below).
Oracle Console - Sample API KeyOracle Console - Sample API Key

Oracle Console - Sample API Key

6. Associate the user account you have created with the group (e.g., InsightCloudSec) that you created above in Step #3.

7. Create a new policy (e.g., InsightCloudSecAccess).

8. In the Policy Builder section, select "Customized (Advanced)" and insert one of the policy documents provided below (Read-Only and Power User are both available).

  • Refer to Oracle's documentation for more details how OCI manages permissions/policies.
  • Note: Verify that the group name (e.g., group InsightCloudSec) matches whatever group name you selected in Step #3.

Read-Only Policy

Allow group InsightCloudSec to read alarms in tenancy
Allow group InsightCloudSec to read audit-events in tenancy
Allow group InsightCloudSec to read authentication-policies in tenancy
Allow group InsightCloudSec to read autonomous-data-warehouse-family in tenancy
Allow group InsightCloudSec to read autonomous-database-family in tenancy
Allow group InsightCloudSec to read buckets in tenancy
Allow group InsightCloudSec to read cloudevents-rules in tenancy
Allow group InsightCloudSec to read cloud-guard-config in tenancy
Allow group InsightCloudSec to read cloud-guard-problems in tenancy
Allow group InsightCloudSec to read cluster-family in tenancy
Allow group InsightCloudSec to read compartments in tenancy
Allow group InsightCloudSec to read database-family in tenancy
Allow group InsightCloudSec to read dedicated-vm-hosts in tenancy
Allow group InsightCloudSec to read file-systems in tenancy
Allow group InsightCloudSec to read groups in tenancy
Allow group InsightCloudSec to read instance-images in tenancy
Allow group InsightCloudSec to read instances in tenancy
Allow group InsightCloudSec to read keys in tenancy
Allow group InsightCloudSec to read metrics in tenancy
Allow group InsightCloudSec to read mysql-family in tenancy
Allow group InsightCloudSec to read nosql-tables in tenancy
Allow group InsightCloudSec to read ons-family in tenancy
Allow group InsightCloudSec to read policies in tenancy
Allow group InsightCloudSec to read secrets in tenancy
Allow group InsightCloudSec to read tag-defaults in tenancy
Allow group InsightCloudSec to read tenancies in tenancy
Allow group InsightCloudSec to read users in tenancy
Allow group InsightCloudSec to read vaults in tenancy
Allow group InsightCloudSec to use virtual-network-family in tenancy
Allow group InsightCloudSec to read volume-attachments in tenancy
Allow group InsightCloudSec to read volume-family in tenancy

Power User Policy

Allow group InsightCloudSec to read alarms in tenancy
Allow group InsightCloudSec to read audit-events in tenancy
Allow group InsightCloudSec to read authentication-policies in tenancy
Allow group InsightCloudSec to read autonomous-data-warehouse-family in tenancy
Allow group InsightCloudSec to read autonomous-database-family in tenancy
Allow group InsightCloudSec to manage buckets in tenancy
Allow group InsightCloudSec to read cloudevents-rules in tenancy
Allow group InsightCloudSec to read cloud-guard-config in tenancy
Allow group InsightCloudSec to read cloud-guard-problems in tenancy
Allow group InsightCloudSec to read cluster-family in tenancy
Allow group InsightCloudSec to read compartments in tenancy
Allow group InsightCloudSec to manage database-family in tenancy
Allow group InsightCloudSec to read dedicated-vm-hosts in tenancy
Allow group InsightCloudSec to manage file-systems in tenancy
Allow group InsightCloudSec to read groups in tenancy
Allow group InsightCloudSec to read instance-images in tenancy
Allow group InsightCloudSec to manage instances in tenancy
Allow group InsightCloudSec to read keys in tenancy
Allow group InsightCloudSec to read metrics in tenancy
Allow group InsightCloudSec to read mysql-family in tenancy
Allow group InsightCloudSec to read nosql-tables in tenancy
Allow group InsightCloudSec to read ons-family in tenancy
Allow group InsightCloudSec to read policies in tenancy
Allow group InsightCloudSec to read secrets in tenancy
Allow group InsightCloudSec to read tag-defaults in tenancy
Allow group InsightCloudSec to read tenancies in tenancy
Allow group InsightCloudSec to manage users in tenancy
Allow group InsightCloudSec to read vaults in tenancy
Allow group InsightCloudSec to manage virtual-network-family in tenancy
Allow group InsightCloudSec to read volume-attachments in tenancy
Allow group InsightCloudSec to manage volume-family in tenancy
Oracle Console - Create PolicyOracle Console - Create Policy

Oracle Console - Create Policy

Steps to Complete in InsightCloudSec

1. From your InsightCloudSec platform, navigate to "Cloud --> Clouds" and select "Add a Cloud".

2. Select Oracle from the drop-down menu and complete the form.

3. You will need to provide the credentials obtained/created in Step #5 of the process in the Oracle console.

  • For the "Key Content" you will want to supply the certificate information in the PEM file that you downloaded.

4. Click "Add Cloud" to complete this process when you've filled out the form.

InsightCloudSec - Add a CloudInsightCloudSec - Add a Cloud

InsightCloudSec - Add a Cloud

Updated 15 days ago

Configuring Oracle Cloud Infrastructure (OCI)


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.