Skip to content

Commit

Permalink
Rel 1.0 (#1)
Browse files Browse the repository at this point in the history 
* Cleaned uo

* First release
  • Loading branch information
@jomurmann
jomurmann authored Mar 13, 2024
1 parent 615d6be commit 9d6aca3
Show file tree
Hide file tree
Showing 37 changed files with 633 additions and 1,660 deletions.
Empty file added 1-Logging-Monitoring-and-Alerting/.gitkeep
View file
Empty file.
165 changes: 165 additions & 0 deletions 1-Logging-Monitoring-and-Alerting/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
# Logging, Monitoring and Alerting

The ability to proactively have logs on Security related events presented for triage to the relevant resources is key to the detection and prevention of Cyber Security Incidents. Many organizations utilize Security Information and Event Management (SIEM) platforms to corelate and analyze logs and alerts from relevant assets.

The following table summarizes the curated list of resource URLs for this domain:
<table>
<tr>
<th>Resource Title</th>
<th>URL</th>
</tr>
<tr>
<td colspan="2" align="center"><h2>Enable Resource Logging</h2></td>
</tr>
<tr>
<td>Enabling Logging for a resource</td>
<td>https://docs.oracle.com/en-us/iaas/Content/Logging/Task/enabling_logging.htm</td>
</tr>
<tr>
<td>VCN flow logs</td>
<td>https://blogs.oracle.com/cloud-infrastructure/post/announcing-vcn-flow-logs-general-availability-for-oracle-cloud-infrastructure</td>
</tr>
<tr>
<td>VCN Flow logs concepts</td>
<td>https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/vcn-flow-logs.htm</td>
</tr>
<tr>
<td>OCI Flow Logs Enhancements</td>
<td>https://blogs.oracle.com/cloud-infrastructure/post/oci-flow-logs-enhancements-network-monitoring</td>
</tr>
<tr>
<td colspan="2" align="center"><h2>SIEM Integration</h2></td>
</tr>
<tr>
<td>Design Guidance for SIEM Integration</td>
<td>https://docs.oracle.com/en/solutions/oci-aggregate-logs-siem/index.html</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Splunk SIEM Integration</strong></td>
</tr>
<tr>
<td>Splunk Addon for OCI - Setup documentation on Git Hub</td>
<td>https://github.com/splunk/Splunk-Addon-for-OCI/tree/main/README</td>
</tr>
<tr>
<td>Splunk Addon for OCI - (direct link to the Addon)</td>
<td>https://splunkbase.splunk.com/app/5222</td>
</tr>
<tr>
<td>App for Dashboards in Splunk(To visualize data coming from Oracle Cloud Infrastructure (OCI))</td>
<td>https://splunkbase.splunk.com/app/5289</td>
</tr>
<tr>
<td>Implement a SIEM system in Splunk using logs streamed from Oracle Cloud(Example Terraform code)</td>
<td>https://docs.oracle.com/en/solutions/logs-stream-splunk</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Azure Sentinel Integration</strong></td>
</tr>
<tr>
<td>Azure Market place sentinel solution</td>
<td>https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-ocilogs</td>
</tr>
<tr>
<td>OCI(using Azure Functions) connector</td>
<td>https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/oracle-cloud-infrastructure-using-azure-functions</td>
</tr>
<tr>
<td>Step by step guide for recieving logs from OCI by using the Microsoft Azure Sentinel OCI connector(Azure Functions)</td>
<td>https://docs.oracle.com/en/learn/stream-oci-logs-to-azure-sentinel/index.html</td>
</tr>
<tr>
<td>Step by step guide for sending logs to Microsoft Azure Sentinel using OCI Functions</td>
<td>https://docs.oracle.com/en/learn/oci-logs-ms-azure-sentinel/index.html</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Qradar Integration</strong></td>
</tr>
<tr>
<td>Qradar Integration Overview (Step by step guide for Qradar Integration - Coming soon)</td>
<td>https://blogs.oracle.com/cloud-infrastructure/post/observe-oracle-cloud-infrastructure-with-ibm-qradar</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Rapid7 Integration</strong></td>
</tr>
<tr>
<td>Rapid7 InsightIDR Integration</td>
<td>https://blogs.oracle.com/cloud-infrastructure/post/ingest-oci-service-logs-to-rapid7-insightidr</td>
</tr>
<tr>
<td>Forward Logs from Oracle Cloud Infrastructure to Rapid7 InsightOps</td>
<td>https://docs.oracle.com/en/learn/forward-log-from-oci-to-insightops/index.html</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Logstash Integration</strong></td>
</tr>
<tr>
<td>Logstash Integration</td>
<td>https://docs.oracle.com/en/learn/oci-logs-streaming-kafka-logstash/index.html</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Datadog Integration</strong></td>
</tr>
<tr>
<td>Datadog Integration(using OCI Functions)</td>
<td>https://docs.datadoghq.com/integrations/oracle_cloud_infrastructure</td>
</tr>
<tr>
<td>Datadog Integration(using OCI Functions)</td>
<td>https://docs.oracle.com/en/learn/logs_oci_datadog/index.html</td>
</tr>
<tr>
<td>Datadog Observability Pipelines(Generic Integration pattern)</td>
<td>https://docs.datadoghq.com/observability_pipelines
(Use OCI Streams as source of type 'kafka' and 'datadog logs' as destination)</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Sumologic Integration</strong></td>
</tr>
<tr>
<td>Sumologic Integration</td>
<td>https://docs.oracle.com/en/learn/blog_sumologic/index.html</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>OCI Logging Analytics</strong></td>
</tr>
<tr>
<td>Oracle Cloud Infrastructure Security Fundamentals Dashboards using OCI Logging Analytics</td>
<td>https://www.ateam-oracle.com/post/security-fundamentals-dashboards-using-logging-analytics</td>
</tr>
<tr>
<td>OCI Security Fundamentals Dashboards - Manage Logging Analytics Storage</td>
<td>https://www.ateam-oracle.com/post/oci-security-fundamentals-dashboards-manage-logging-analytics-storage</td>
</tr>
<tr>
<td>OCI Logging Analytics Best Practices Series - Management Agent Tuning</td>
<td>https://www.ateam-oracle.com/post/oci-logging-analytics-best-practices-management-agent-tuning</td>
</tr>
<tr>
<td>OCI Logging Analytics Best Practices Series - Cost Optimization</td>
<td>https://www.ateam-oracle.com/post/oci-logging-analytics-best-practices-series-cost-optimization</td>
</tr>
<tr>
<td>OCI Logging Analytics Best Practices Series - Custom Log Sources and Parsers Tips</td>
<td>https://www.ateam-oracle.com/post/oci-logging-analytics-best-practices-log-parsing-and-enrichment</td>
</tr>
<tr>
<td colspan="2" align="center"><h2>Notifications,Monitoring & Alerting</h2></td>
</tr>
<tr>
<td>Notification Overview</td>
<td> https://docs.oracle.com/en-us/iaas/Content/Notification/Concepts/notificationoverview.htm</td>
</tr>
<tr>
<td>Notifications for Network changes</td>
<td>https://www.ateam-oracle.com/post/oci-observability-and-management-for-networking---part-two---notifications-for-network-changes</td>
</tr>
<tr>
<td>OCI basic monitor/alarms setup for FastConnect and VPN using native services</td>
<td>https://www.ateam-oracle.com/post/oci-basic-monitoralarms-setup-for-fc-and-vpn-using-native-services</td>
</tr>
<tr>
<td>Notifications for Network Outages</td>
<td>https://www.ateam-oracle.com/post/oci-observability-and-management-for-networking---part-three---notifications-for-network-outages</td>
</tr>
</table>
1 change: 1 addition & 0 deletions 2-Security-Posture-Management/.gitkeep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@

123 changes: 123 additions & 0 deletions 2-Security-Posture-Management/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
# Security Posture Management

Visibility into your tenancy’s security posture by continuous scanning and alerting on deviation from defined security baselines is critical. This can prevent insecure configuration and drift that could expose attack vectors.

The following table summarizes the curated list of resource URLs for this domain:
<table>
<tr>
<th>Resource Title</th>
<th>URL</th>
</tr>
<tr>
<td colspan="2" align="center"><strong>Oracle Cloud Guard</strong></td>
</tr>
<tr>
<td>Intro to Cloud Guard</td>
<td>https://youtu.be/WrEBDKJxSjo</td>
</tr>
<tr>
<td>Oracle Cloud Guard: Quick-Start Guide</td>
<td> https://www.oracle.com/security/cloud-security/cloud-guard/get-started/</td>
</tr>
<tr>
<td>Getting started with Cloud Guard</td>
<td>https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm</td>
</tr>
<tr>
<td>Tuning Oracle Cloud Guard</td>
<td>https://www.ateam-oracle.com/post/tuning-oracle-cloud-guard</td>
</tr>
<tr>
<td>Configuring Cloud Guard Notifications</td>
<td>https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/cloud-guard/using/export-notifs-config.htm</td>
</tr>
<tr>
<td>Setting up Notifications for Oracle Cloud guard</td>
<td>https://blogs.oracle.com/cloudsecurity/post/quick-tip-4---setting-up-notifications-for-oracle-cloud-guard-in-3-easy-steps</td>
</tr>
<tr>
<td>Sending Cloud Guard events to a 3rd party SIEM system</td>
<td>https://docs.oracle.com/en/solutions/oci-aggregate-logs-siem/index.html</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Prisma Cloud</strong></td>
</tr>
<tr>
<td>Add your OCI Tenant to Prisma Cloud</td>
<td>https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-your-oci-account/add-oci-tenant-to-prisma-cloud</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>WIZ</strong></td>
</tr>
<tr>
<td>Wiz - Graph-based cloud security approach to OCI</td>
<td>https://blogs.oracle.com/cloudmarketplace/post/wiz-graph-based-cloud-security-approach-to-oci</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Check Point CloudGuard CSPM</strong></td>
</tr>
<tr>
<td>How to Onboard Oracle Cloud Infrastructure (OCI) to Check Point CloudGuard CSPM</td>
<td>https://youtu.be/d4MoFMvpBGA</td>
</tr>
<tr>
<td>Onboarding Oracle Cloud Infrastructure Environments</td>
<td>https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Getting-Started/OnboardOCI.htm</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Lacework</strong></td>
</tr>
<tr>
<td>Integrate Lacework with OCI</td>
<td>https://docs.lacework.net/onboarding/oci-integrate-lacework-overview</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Zscaler Posture Control (ZPC)</strong></td>
</tr>
<tr>
<td>Onboarding an Oracle Cloud Infrastructure (OCI) Tenant</td>
<td>https://help.zscaler.com/zpc/onboarding-oracle-cloud-infrastructure-oci-tenant</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Orca Security</strong></td>
</tr>
<tr>
<td>Comprehensive Security Coverage for Oracle Cloud</td>
<td>https://orca.security/resources/video/comprehensive-security-oracle-cloud</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Qualys TotalCloud</strong></td>
</tr>
<tr>
<td>Create Oracle Cloud Infrastructure Connectors</td>
<td>https://docs.qualys.com/en/conn/latest/oci/oci_connectors.htm</td>
</tr>
<tr>
<td colspan="2" align="center"><strong>Vulnerability scanning</strong></td>
</tr>
<tr>
<td>OCI Vulnerability Scanning Service - Getting started</td>
<td>https://docs.oracle.com/en-us/iaas/scanning/using/overview.htm</td>
</tr>
<tr>
<td>OCI Vulnerability Scanning service with Qualys Agent workshop on LiveLabs</td>
<td>https://blogs.oracle.com/cloudmarketplace/post/oci-vss-qualys-agent-livelabs</td>
</tr>
<tr>
<td>Qualys OCI Vulnerability Scanning Service BYOL</td>
<td>https://www.qualys.com/docs/qualys-cloud-platform-oci-onboarding-guide.pdf</td>
</tr>
<tr>
<td>Qualys Security Offerings for Oracle Cloud Infrastructure</td>
<td> https://blog.qualys.com/product-tech/2022/11/30/qualys-broadens-security-offerings-for-oracle-cloud-infrastructure</td>
</tr>
<tr>
<td>Using CIS Hardened Images for your VMs</td>
<td>https://blogs.oracle.com/cloud-infrastructure/post/hardened-images-from-the-center-for-internet-security-on-oracle-cloud-marketplace</td>
</tr>
<tr>
<td>Using 3rd party Vulnerability scanner</td>
<td>If you are using a 3rd party enterprise-wide Vulnerability scanning tool (ex: Tenable Nessus, Rapid7, and others) our general recommendation is to use it for your OCI compute instances too.</td>
</tr>
</table>

Empty file added 3-Identity-and-Access-Management/.gitkeep
View file
Empty file.
Loading

0 comments on commit 9d6aca3

Please sign in to comment.