Log Types: Oracle Cloud Infrastructure
- Svetlana Sheptiy
- Andrew Madge
- Augustus Rodrigo Manuzon
Overview
OCI IDCS, or Oracle Identity Cloud Service, is Oracle's IAM platform in the cloud. It manages user identities, authentication, and access controls. IDCS audit logs record user authentication, authorization, and security-related events, vital for security monitoring and compliance.
Key aspects of IDCS audit logs:
Authentication and Authorization Events:
Capture login attempts and authorization changes.
User Lifecycle Events:
Record account creation, modification, and deletion, including password changes.
Security Policy Enforcement:
Log events enforcing security policies like password policies and multi-factor authentication.
Admin Activities:
Log administrative actions such as policy and role modifications.
Integration with SIEM and Monitoring Tools:
Integrate with SIEM systems for real-time monitoring and analysis.
Compliance and Reporting:
Support compliance efforts by providing activity records for audits and reports.
Access Controls:
Control access to audit logs through role-based access controls.
IDCS audit logs enhance organizational security by providing insights into authentication, authorization, and administrative activities. They aid in incident detection, compliance demonstration, and ensuring IAM process integrity.
Collection
Snare Central can be configured to collect logs from Oracle Cloud IDCS, to get access to an almost real-time feed of logs, by the Snare Central using the appropriate REST API is called periodically for ingestion. This setup integrates log data from Oracle Cloud into Snare Central, allowing for analysis and monitoring of identity and access-related activities. Refer to Snare Central Configuration for Oracle Audit Log Collection User Guide
Â
Supported Log Types for Collection by Snare Central
Currently Snare Central only supports the collection of OCI’s IDCS Audit Logs via REST API query
Â
Notes