SOCFortress Integrations — Oracle Cloud Infrastructure (OCI)

SOCFortress
5 min readOct 10, 2023

--

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of logs and events generated in Oracle Cloud Infrastructure (OCI) using a single pane of glass.

About Oracle Cloud Infrastructure (OCI)

Oracle Cloud Infrastructure (OCI) is a cloud computing platform provided by Oracle Corporation. It offers a suite of cloud services that include computing, storage, networking, database, and various other infrastructure-related services. OCI is designed to provide high performance, security, and scalability for businesses and organizations looking to deploy and manage their applications and workloads in the cloud.

Key features and components of Oracle Cloud Infrastructure include:

  • Compute: OCI provides both virtual machine (VM) instances and bare metal instances, allowing users to choose between fully virtualized environments or dedicated hardware for their workloads.
  • Storage: OCI offers a range of storage options, including block storage, object storage, and file storage. It also includes features like snapshots, backup, and data replication for ensuring data durability and availability.
  • Networking: OCI provides networking services such as virtual networking, load balancing, DNS services, and Virtual Private Networks (VPNs). It emphasizes network isolation and security.
  • Database: Oracle offers a variety of database services on OCI, including the Oracle Database service, MySQL Database service, and NoSQL Database service. These services are optimized for performance, security, and scalability.
  • Security: OCI focuses on providing a secure environment for cloud workloads. It offers features such as Identity and Access Management (IAM), security zones, network security groups, encryption, and monitoring tools to protect data and resources.
  • Autonomous Services: Oracle Autonomous Database is a cloud database service that uses machine learning and automation to manage and secure the database, reducing manual tasks and potential for human errors.
  • Serverless and Container Services: OCI offers serverless computing with its Oracle Functions service, which enables developers to build and run event-driven applications without provisioning or managing servers. Additionally, it provides container services using Kubernetes for managing containerized applications.
  • Analytics and AI: Oracle Cloud Infrastructure also provides services for analytics, machine learning, and artificial intelligence. This includes services for data warehousing, big data, and AI model training.
  • Integration and Development Tools: OCI offers tools and services for application development, integration, and deployment. This includes services for DevOps, continuous integration/continuous deployment (CI/CD), and more.
  • Hybrid Cloud: OCI provides tools and services for connecting on-premises environments with the cloud, allowing organizations to build hybrid cloud solutions.
  • Global Reach: Oracle Cloud Infrastructure has data centers located around the world, allowing users to deploy their resources in multiple regions to meet performance and compliance requirements.

Oracle Cloud Infrastructure (OCI) provides a comprehensive logging and monitoring framework that allows you to capture, analyze, and manage logs and events generated by your resources and services.

Logging Services:

OCI offers the following logging services to capture various types of logs and events:

  • Logging Service (Logging): This service allows you to collect logs from different OCI services and resources and centralize them in a single location. You can define log sources, create log groups, and use log streams to organize and manage your logs effectively. These logs can be used for monitoring, troubleshooting, and compliance purposes.
  • Audit Service (Audit): The OCI Audit service records actions taken by users, applications, or services within your tenancy. It provides detailed information about who performed an action, what action was taken, and when it occurred. This is crucial for tracking changes, understanding security events, and meeting compliance requirements.
  • Event Service (Events): The OCI Event service allows you to define rules that trigger actions based on events occurring in your tenancy. This can include automated responses to specific events, such as launching an instance when a certain condition is met. It’s a powerful way to automate operational tasks.

Ingesting Oracle Cloud Infrastructure Logs and Events.

Service Connector Hub

The Service Connector Hub allows you to automate workflows and integrate services across your Oracle Cloud tenancy.

Use Cases:
The OCI Service Connector Hub is versatile and can be used for various use cases, such as:

  • Automatically scaling resources based on workload metrics.
  • Creating resources in response to specific events, like provisioning an instance when a certain metric exceeds a threshold.
  • Sending notifications when important events occur.
  • Implementing complex, multi-step workflows that involve multiple services.

Event Delivery and Transformation: The Service Connector Hub enables you to configure actions that should be taken when events occur. These actions can include sending notifications, invoking Functions, calling APIs, creating resources, or modifying configurations.

Integration with Notifications and Functions: You can integrate workflows with OCI Notifications to trigger alerts when specific events occur.

Service Architecture for Log Collection in OCI:

Streams and Apache Kafka:

Streams are designed to handle real-time data streams and processing. Apache Kafka is a popular open-source stream processing platform, and OCI Streaming offers a fully managed Kafka-compatible service. This allows you to leverage Kafka’s capabilities while benefiting from the managed infrastructure and integration with other OCI services. Here’s an overview of using OCI Streaming with Kafka:

  • Stream: A stream in OCI Streaming is similar to a Kafka topic. It’s a logical channel to which you can publish messages and from which you can consume messages.
  • Group: A group is a set of consumers that work together to consume messages from a stream. It allows for load balancing and fault tolerance.
  • Partition: A partition is a unit of parallelism within a stream. Messages are distributed across partitions, allowing for horizontal scalability and efficient data processing.

Kafka Connector:

A Kafka Connector is a component that enables seamless integration between Apache Kafka and external data sources or sinks. It allows you to easily stream data to and from Kafka topics, enabling data pipelines and real-time data processing.

Source connectors enable you to pull data from external sources and publish it to Kafka topics. For example, you can use source connectors to ingest data from databases, file systems, message queues, and other systems into Kafka.

Sink Connectors allow you to stream data from Kafka topics to external systems. Sink connectors are commonly used for scenarios such as storing data in databases, sending data to data warehouses, or integrating with other analytics or storage platforms.

Visualizations

OCI — Events Summary:

OCI — Audit Logs:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

--

--

SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).