Cloud Guard

Posted on June 25, 2022 by waseemparkar

Cloud Guard

Cloud Guard Features

Cloud Guard Events

Cloud Guard

Oracle Cloud Guard is an OCI service that helps customers monitor, identify, achieve, and maintain a strong security posture on the Oracle Cloud.

Cloud Guard gives a unified view of cloud security posture across OCI tenancy.

Sample OCI tenancy problems identified by Cloud Guard:

How to operationalize Cloud Guard Events

Aim: to receive alarms for any problems detected by OCI Cloud Guard.

Recommended to setup notification/ Subscription/Rule for both Email & HTTPS Webhook

  1. Create topic
  2. Create Subscribers
  3. Create Rule

Go to Notification and create a topic:

https://XXX.oraclecloud.com/notification/topics?region=XXX

Next create Subscription for that topic

Recommended to create subscription for both Email & HTTPS Webhook

Next Create Rule.

https://XXX.oraclecloud.com/events/rules?region=XXX

Next choose Action

Select the Topic created previously.

Aspects of OCI Cloud Guard:

Detect targeted malicious behavior

Continuously monitor cloud environments using targeted behavior models aligned with the MITRE ATT&CK framework with Cloud Guard Threat Detector. Resources are profiled and sightings are created when actions match tracked techniques. Sightings are correlated and scored to provide a complete picture of attacks and their progression. Cloud Guard problems with detailed evidence and history are created for resources with elevated risk scores and can be used to trigger responder recipes or downstream workflows.

Global and centralized security approach

Adopt a cloud security posture management strategy with a global and centralized approach to secure Oracle Cloud Infrastructure customer tenancies.

Improve security operations efficiency

Automate the remediation of security threats for simple and complex issues using security recipes to help optimize security operations team resources.

Comprehensive Risk Posture

Address high priority cloud security issues

Assess and view the security and risk posture of Oracle Cloud Infrastructure customer tenancies with a console user interface as well as programmatic interfaces such as Oracle Cloud Infrastructure APIs, command line interfaces, software development kits, and more

This entry was posted in Oracle Cloud and tagged , , . Bookmark the permalink.

Leave a comment