Active Response, Log Forwarding, and Security Monitoring

You can configure Oracle Cloud Guard® to send the necessary logs to Arctic Wolf® for security monitoring.

Configure Oracle Cloud Guard for Arctic Wolf monitoring

You can configure Oracle Cloud Guard® to send the necessary logs to Arctic Wolf® for security monitoring.

Note: Oracle Cloud Guard log monitoring is not supported for government-specific Oracle Cloud Infrastructure (OCI) regions.

These resources are required:

Access to the Oracle Cloud Console with administrator permissions
OpenSSL software library
Python 3
Linux or Mac OS X
Note: For Windows support, contact your Concierge Security® Team (CST).

Create a group

Sign in to the Oracle Cloud Console with administrator permissions.
In the navigation menu, click Identity & Security > Domains.
In the Name column, click Default.
On the User management tab, in the Groups section, click Create group.
On the Create group page, enter a name and description for the group.
Click Create.

Create a policy

Sign in to the Oracle Cloud Console with administrator permissions.
In the navigation menu, click Identity & Security > Policies.
On the Policies page, click Create Policy.
On the Create Policy page, configure these settings:
- Name — Enter a name for the policy.
- Description — Enter a description for the policy.
- Compartment — Select the root compartment from the list.
In the Policy Builder section, click Show manual editor.
In the field, enter:
CODE
allow group <new_group> to read cloud-guard-family in tenancy allow group <new_group> to read compartments in tenancy
```
allow group <new_group> to read cloud-guard-family in tenancy
allow group <new_group> to read compartments in tenancy
```
Where:
- new_group is the group that you created in Create a group.
Click Create.

Create a user

Sign in to the Oracle Cloud Console with administrator permissions.
In the navigation menu, click Identity & Security > Domains.
In the Name column, click Default.
On the User management tab, in the Users section, click Create.
On the Create user page, configure these settings:
- First name — Enter the first name of the user.
- Last name — Enter the last name of the user.
- Username / Email — Enter an email address for the user.
- Use the email address as the username — Make sure that the toggle is in the on position.
- Groups — Select the group that you created in Create a group.
Click Create.

Generate private and public API keys

Open your preferred terminal application.
Run this command to create an .oci directory to store the key:
CODE
mkdir ~/.oci
```
mkdir ~/.oci
```
Run this command to navigate to the Oracle Cloud Infrastructure directory:
CODE
cd ~/.oci/
```
cd ~/.oci/
```
Run this command to generate a private key that is encrypted with your own passphrase:
CODE
openssl genrsa -out oci_api_key.pem -aes128 2048
```
openssl genrsa -out oci_api_key.pem -aes128 2048
```
Run this command to start the Python interpreter:
CODE
python
```
python
```
Run this command to open the private key:
CODE
f = open('oci_api_key.pem')
```
f = open('oci_api_key.pem')
```
Run this command to read the private key:
CODE
f.read()
```
f.read()
```
Copy the output from f.read() and paste it into a new JSON file with this format:
JSON
{"content": "-----ADD PRIVATE KEY-----\n..."}
```
{"content": "-----ADD PRIVATE KEY-----\n..."}
```
You will provide this file to Arctic Wolf later.
Run this command to close the private key and exit the interpreter:
CODE
f.close()
```
f.close()
```
Run this command to change the file permission so that only you can read the file:
CODE
chmod go-rwx oci_api_key.pem
```
chmod go-rwx oci_api_key.pem
```
Run this command to generate a public key from your private key:
CODE
openssl rsa -pubout -in oci_api_key.pem -out oci_api_key_public.pem
```
openssl rsa -pubout -in oci_api_key.pem -out oci_api_key_public.pem
```
You will provide the public key to Oracle and the private key to Arctic Wolf.

Add a public API key

Sign in to the Oracle Cloud Console with administrator permissions.
In the navigation menu, click Identity & Security > Domains.
In the Name column, click Default.
On the User management tab, in the Users section, click the user that you created in Create a user.
On the user page, on the API keys tab, click Add API key.
In the Add API key panel, select Choose public key file.
Upload the public key file that you generated in Generate private and public API keys.
Click Add.
The Configuration file preview window opens.
In the Configuration file preview window, copy the user, fingerprint, tenancy, and region values and paste them in a safe, encrypted location.
You will provide these values to Arctic Wolf later.

Provide Oracle Cloud Guard credentials to Arctic Wolf

Sign in to the Arctic Wolf Unified Portal.
In the navigation menu, click Data Collection > Cloud Sensors.
Click Add Account +.
On the Add Account page, click Oracle Cloud Guard.
Configure these settings:
- Account Name — Enter a unique and descriptive name for the account.
- Tenancy OCID — Enter the tenancy value from Add a public API key.
- User OCID — Enter the user value from Add a public API key.
- Fingerprint — Enter the fingerprint value from Add a public API key.
- Private Key — Click Choose File, and then upload the JSON file from Generate private and public API keys.
- Passphrase — Enter the passphrase that you used in Generate private and public API keys.
- Region — In the list, select the region from Add a public API key.
- Credential Expiry — (Optional) Enter the credential expiration date, if applicable.
Click Test and submit credentials.
Delete the private and public key files from your computer.

Cloud Detection and Response (CDR) Integrations and Log Forwarding Managed Detection and Response (MDR) Installation or Configuration Public

Dernière mise à jour : April 6, 2026