Follow the OCI onboarding wizard and Cortex XDR creates a custom authentication template to be applied in OCI.
Notice
Requires a Cortex XDR license that has the Cloud Posture Security or Cloud Runtime Security add-on.
After completing the prerequisites, follow these instructions to onboard your Oracle Cloud Infrastructure (OCI) environment to Cortex XDR.
In Cortex XDR, select → .
On the Data Sources & Integrations page, click + Add New.
On the Add Data Sources or Integrations page, search for Oracle Cloud Infrastructure, then hover over it and click Add.
In Instance Name, enter a unique instance name.
If you don't enter a name, Cortex XDR applies the default name,
OCI-<TENANCY_OCID>. Cortex XDR does not prevent you from reusing instance names, but it is best practice to use a unique name for every cloud instance.
Click Show advanced settings to define the following advanced settings:
Scope Modifications: You can modify the scope by including or excluding specific Compartments. If you choose to include specific compartments, only the specified compartments and their sub-compartments will be included. This setting will affect future sub-compartments added to your OCI environment after onboarding. If you choose to exclude specific compartments, this setting will also affect their sub-compartments.
Note: The root compartment is always onboarded, and only the sub-compartment scope can be modified.
Excluded compartments are not visible in Cortex XDR.
Additional Security Capabilities: Choose which security capabilities you want to benefit from. Some security capabilities are enabled by default and can be modified. Adding security capability typically requires additional cloud provider permissions. For detailed information on the permissions required, see Cloud service provider permissions.
Data security posture management: An agentless data security scanner that discovers, classifies, protects, and governs sensitive data.
Registry scanning: A container registry scanner that scans registry images for vulnerabilities. malware, and secrets. For more details, see Configure registry scanning for cloud accounts
Serverless functions scanning: Implement serverless scanning to detect and remediate vulnerabilities within serverless functions during the development lifecycle. Seamless integration into CI/CD pipelines enables automated security scans for a continuously secure pre-production environment.
Agentless disk scanning: (Recommended) Implement agentless disk scanning to remotely detect and remediate vulnerabilities during the development lifecycle.
Cloud Tags: Define tags and tag values to be added to any new resource created by Cortex XDR in OCI. Note: The
managed_by = paloaltonetworkstag is automatically added to all resources. This tag is mandatory. You cannot edit or remove this tag.Log Collection Configuration: To maximize security coverage, enable the collection of audit logs. This may require additional cloud service provider permissions. For detailed information on the permissions required, see Cloud service provider permissions. Enter the following details for each preexisting OCI storage bucket that you intend to use for log collection:
Region: The geographic OCI region where the bucket is located. For example, "us-phoenix-1".
Bucket Name: The name of the OCI storage bucket.
Compartment OCID: The Oracle Cloud Identifier (OCID) of the compartment that contains the bucket.
Click Save. Cortex XDR generates a Terraform authentication template based on the settings you configured in the OCI onboarding wizard. Cortex XDR creates an instance in the pending state. For details on pending instances, see Lifecycle and expiration.
Download the OCI authentication template by clicking Download Terraform.
The Terraform authentication template is reusable and can be executed as many times as you want to create new instances with the settings you defined in the wizard. The Terraform authentication template is valid for seven days from when it was created.
Click Close.
Next step: Deploy the Terraform authentication template in OCI.