3 Steps to kick-start OCI monitoring in CASB

Introduction

Oracle CASB Cloud Service is used for security monitoring the cloud footprint of SaaS, PaaS and IaaS components. CASB, when configured to monitor Oracle Cloud Infrastructure (OCI), can detect risk, anomalies and potential security violations.

In OCI, the target of CASB monitoring is a compartment. Once an OCI compartment is configured in CASB, out-of-box baseline monitoring kicks in to find security anomalies. However, policies still need to be configured to truly start monitoring the events of interest to an organization.

This is where the following 3 steps will get you from baseline monitoring to assuredly monitoring indeed. Let’s see those.

 

Step1: Login to CASB console, select “Policy Management” and go to “Managed” Tab. In this example the usecase i picked is to configure a policy to monitor changes on OCI admins group. There is a managed policy provided out of box for this usecase but the group it monitors is set to a placeholder value.

Since ‘Managed’ Policies are non-editable, choose ‘Copy To Custom’ from Action dropdown to copy a policy to a custom policy.

 

 

 

By default a custom policy created from managed policy will have the Name appended with Date and TimeStamp and placed under ‘Custom’ Tab.

 

Step 2: Login(or access by api) to OCI tenant and get the OCID of the ‘Administrators’ group or any group to be monitored and alerted on.

 

 

Step 3: Back in the CASB console, update the previously created policy and set the OCID of administrators group and submit, as seen in few key screen captures below.