OCI Onboarding Process For CloudShield.AI

STEP 1: LOG IN AND VERIFY

Log in to Cloud Security portal using your credentials : 
https://acs-us.clouddefenseai.com/ 

After logging in, click on sidebar menu and open "Management" -> "Onboard Accounts" -> "Add New Account"

 Click on "Oracle Cloud Infrastructure (OCI)"

STEP 2: BASIC INFORMATION 

• Start with giving it a name. You can give any name for your account. Labels help you to identify the account. Some examples of labels are: US PROD, Dev server, etc.

STEP 3: BUSINESS UNIT

Choose a Business Unit from the dropdown list or create a new business unit.

STEP 4: CHOOSE REGIONS

We will only scan the regions that you choose here. You can choose any specific region or all regions.

After this step, users will be able to onboard with their OCI.

 The detailed instruction for OCI onboarding is given below.

OCI ONBOARDING INSTRUCTION FOR DETECTION AND REMEDIATION 

• USER WILL GET CHOICE LIKE GCP TO SELECT TYPE OF ONBOARDING

CloudDefense.AI supports following OCI onboarding:

• Detection and Remediation

Users will select the onboarding type (similar to GCP) and follow the appropriate steps below.

STEP 1: CREATE A USER

1. Log in to OCI Console.

2. Navigate to Identity & Security > Users.

3. Click  “Create User.“

4. Enter:

• Name: CDOnboarding@clouddefense.ai

• Description: User for CD onboarding

5. Click  “Create Use
   

6. Fetch the User OCID

• After creation, go to the User Details page

• Copy the User OCID
   

STEP 2: CREATE A GROUP

1. Go to Identity & Security > Select Domain > Groups.

2. Click  “Create Group.“

3. Enter the following:

• Name: CDOnboardingGroup

• Description: Group for CD onboarding users

4. Click  “Create Group.“

STEP 3: ASSIGN THE USER TO THE GROUP

1. Navigate to Identity & Security > Select Domain > Groups.

2. Select CDOnboardingGroup.

3. Click Add User.

4. Select CDOnboarding@clouddefense.ai and click Add.

STEP 4: CREATE A POLICY (ADMIN ACCESS)

1. Go to Identity & Security > Policies.

2. Click “Create Policy“.

3. Enter the following details:

• Name: CDOnboardingUserAdminAccess

• Description: Admin access for CDOnboardingGroup

• Policy Statements: “Allow group CDOnboardingGroup to manage all-resources in tenancy” 

4. Click “Create“.

STEP 5: GENERATE API KEYS FOR THE USER

1. Navigate to Identity & Security > Users.

2. Click CDOnboarding@clouddefense.ai.

3. Navigate to the API Keys tab.

4. Click Add API Key.

5. Choose Generate Key Pair.

6. Download the Private Key (.pem) file.

7. Copy the Fingerprint.

STEP 6: FETCH REQUIRED DETAILS

• User OCID: From Step 1

• Tenant OCID:  Go to Identity & Security > Tenancies. Copy the Tenancy OCID.

• Home Region: From the Regions dropdown select the Home Region

STEP 7: CREATE A NOTIFICATION TOPIC

1. Navigate to Application Integration > Notifications > Topics.

2. Click “Create Topic“.

3. Enter:

• Name: CDOnboardingTopic

• Compartment: Select appropriate compartment

4. Click “Create“.

STEP 8: CREATE A SUBSCRIPTION TO THE WEBHOOK

1. Go to Notifications > Subscriptions.

2. Click Create Subscription.

3. Enter:

Topic: CDOnboardingTopic

Protocol: HTTPS

Endpoint: https://oci-event-handler-314466988480.us-west1.run.app/

4. Click Create Subscription.

Verify the subscription via the confirmation link sent to the webhook.

FINAL SUMMARY OF REQUIRED DETAILS

• User OCID: xxxxxxxx

• API Key Fingerprint: xxxxxxxx

• Private Key File: oci_api_key.pem

• Tenant OCID: xxxxxxxx

• Home Region: us-ashburn-1 (example)