Follow the foundational configuration OCI onboarding wizard to enable audit log collection and asset discovery, and Cortex Cloud creates a custom authentication template to be deployed in OCI.
Notice
Onboarding Oracle Cloud Infrastructure (OCI) using the foundational configuration is included with Cortex Cloud NG SIEM, Cortex Cloud Enterprise, and Cortex Cloud Enterprise+ licenses. For more details on the CSP onboarding tiers and licensing, see Understand CSP onboarding tiers and licensing.
This procedure describes foundational onboarding, which includes support of asset discovery and audit log collection. For the procedure describing comprehensive onboarding, see How to onboard Oracle Cloud Infrastructure.
After completing the prerequisites, follow these instructions to onboard your Oracle Cloud Infrastructure (OCI) environment to Cortex Cloud.
In Cortex Cloud, select → .
On the Data Sources & Integrations page, click + Add New.
On the Add Data Sources or Integrations page, search for Oracle Cloud Infrastructure, then hover over it and click Add.
In Instance Name, enter a unique instance name.
If you don't enter a name, Cortex Cloud applies the default name,
OCI-<TENANCY_OCID>. Cortex Cloud does not prevent you from reusing instance names, but it is best practice to use a unique name for every cloud instance.
Click Show advanced settings to define the following advanced settings:
Scope Modifications: You can modify the scope by including or excluding specific Compartments. If you choose to include specific compartments, only the specified compartments and their sub-compartments will be included. This setting will affect future sub-compartments added to your OCI environment after onboarding. If you choose to exclude specific compartments, this setting will also affect their sub-compartments.
Note: The root compartment is always onboarded, and only the sub-compartment scope can be modified.
Excluded compartments are not visible in Cortex Cloud.
Cloud Tags: Define tags and tag values to be added to any new resource created by Cortex Cloud in OCI. Note: The
managed_by = paloaltonetworkstag is automatically added to all resources. This tag is mandatory. You cannot edit or remove this tag.Log Collection Configuration: To maximize security coverage, enable the collection of audit logs. This may require additional cloud service provider permissions. For detailed information on the permissions required, see Cloud service provider permissions. Enter the following details for each preexisting OCI storage bucket that you intend to use for log collection:
Region: The geographic OCI region where the bucket is located. For example, "us-phoenix-1".
Bucket Name: The name of the OCI storage bucket.
Compartment OCID: The Oracle Cloud Identifier (OCID) of the compartment that contains the bucket.
Click Save. Cortex Cloud generates a Terraform authentication template based on the settings you configured in the OCI onboarding wizard. Cortex Cloud creates an instance in the pending state. For details on pending instances, see Lifecycle and expiration.
Download the OCI authentication template by clicking Download Terraform.
The Terraform authentication template is reusable and can be executed as many times as you want to create new instances with the settings you defined in the wizard. The Terraform authentication template is valid for seven days from when it was created.
Click Close.
Next step: Deploy the Terraform authentication template in OCI.