Skip to content

Commit

Permalink
Knowledge content update and SFD readme update (#71)
Browse files Browse the repository at this point in the history
* Update to Readme with latest knowledge content

* Update SFD readme
  • Loading branch information
jujufugh authored Nov 9, 2024
1 parent 9616131 commit 0fe8a11
Show file tree
Hide file tree
Showing 10 changed files with 40 additions and 25 deletions.
7 changes: 6 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,12 @@ Logging Analytics knowledge content consists of one or more of the following:
| :arrow_double_down: Oracle E-Business Suite | Packaged App | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :soon:
| :arrow_double_down: Oracle Integration Cloud | OCI Cloud Service | :heavy_check_mark: | :gift: | :raising_hand: |:raising_hand:| :no_entry_sign:
| :arrow_double_down: Security Fundamentals Dashboards | OCI Cloud Service | :heavy_check_mark: | :gift: | :raising_hand: |:raising_hand:| :no_entry_sign:
| :arrow_double_down: APEX Monitoring | OCI Cloud Service | :heavy_check_mark: | :gift: | :raising_hand: |:raising_hand:| :no_entry_sign:
| :arrow_double_down: APEX Monitoring | OCI Cloud Service | :heavy_check_mark: | :heavy_check_mark: | :raising_hand: |:raising_hand:| :no_entry_sign:
| :arrow_double_down: GPU Cluster Monitoring | OCI Cloud Service | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |:raising_hand:| :no_entry_sign:
| :arrow_double_down: Oracle Enterprise Manager monitored by O&M Services | OCI Cloud Service or On-prem | :heavy_check_mark: | :heavy_check_mark: | :raising_hand: |:raising_hand:| :no_entry_sign:
| :arrow_double_down: ZFS Storage Appliance Monitoring | OCI Cloud Service | :heavy_check_mark: | :heavy_check_mark: | :raising_hand: |:raising_hand:| :no_entry_sign:
| :arrow_double_down: GenAI Solutions Monitoring using APM | OCI Cloud Service | :heavy_check_mark: | :raising_hand: | :raising_hand: |:raising_hand:| :no_entry_sign:


Legend

Expand Down
58 changes: 34 additions & 24 deletions knowledge-content/MAP/security-fundamentals-dashboards/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Security Fundamentals Dashboards for MAP
# Security Fundamentals Dashboards

[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/jujufugh/oci-o11y-solutions/releases/download/sfd-la-2.1/sfd-la-2.1.zip)

Expand All @@ -9,14 +9,15 @@
![Out-of-Box Dashboard for Identity Security](images/identity_security_dashboard_identity_domain2.png)

* Network Dashboard
![Out-of-Box Dashboard for Network Security](images/network_analytics_dashboard_screenshot.png)
![Out-of-Box Dashboard for Network Security](images/sfd-network-security-vcn.png)
![Out-of-Box Dashboard for Network Security](images/sfd-network-security-vcn-changes.png)
![Out-of-Box Dashboard for Network Security](images/sfd-network-security-lb.png)
![Out-of-Box Dashboard for Network Security](images/sfd-network-security-waf.png)
![Out-of-Box Dashboard for Network Security](images/sfd-network-security-nfw.png)

* Security Operations
![Out-of-Box Dashboard for Security Operations](images/security_operations_dashboard.png)

### Enable Security Fundamentals Dashboards

![Enable Security Fundamentals Dashboards in 4 days](images/SFD_full_workflow_diagram_square.png)

### Security Fundamentals Dashboards Onboarding
* Logging Analytics should be set up in your tenancy
Expand All @@ -26,11 +27,17 @@
* [Prerequisite IAM Policies](https://docs.oracle.com/en-us/iaas/logging-analytics/doc/prerequisite-iam-policies.html)
* [Enable Access to Logging Analytics and Its Resources](https://docs.oracle.com/en-us/iaas/logging-analytics/doc/enable-access-logging-analytics-and-its-resources.html)

* Enable logs for Network Security
* [Enable Logs for VCN Flow Logs](https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/vcn-flow-logs-enable.htm#:~:text=Enable%20VCN%20Flow%20Logs%20for,balancers%2C%20or%20network%20load%20balancers.&text=Open%20the%20navigation%20menu%2C%20click,Click%20Enable%20flow%20logs.)
* [Enable Logs for OCI Network Firewall Traffic Logs and Threat Logs](https://docs.oracle.com/en-us/iaas/Content/network-firewall/enable-logs.htm#:~:text=Enable%20the%20Oracle%20Cloud%20Infrastructure,Click%20Enable%20Service%20Log.)
* [Enable Logs for OCI Load Balancer Access Logs and Error Logs](https://docs.oracle.com/en-us/iaas/Content/Balance/Tasks/enable_log.htm)
* [Enable Logs for OCI Web Application Firewall](https://docs.oracle.com/en-us/iaas/Content/Logging/Reference/details_for_lbwaf.htm)

### Security Fundamentals Dashboards Log Ingestion
* [Ingest OCI VCN Flow Logs into OCI Logging Analytics](https://blogs.oracle.com/observability/post/how-to-ingest-oci-vcn-flow-logs-into-oci-logging-analytics)
* [Ingest OCI Audit logs into OCI Logging Analytics](https://redthunder.blog/2021/06/01/getting-insights-with-oci-audit-log-with-logging-analytics-via-service-connector/)

* Enable Threat Intelligence Integration
* Enable Threat Intelligence Enrichment for Log Sources
Logging Analytics is integrated with Oracle Threat Intelligence to automatically receive the threat feed as the logs are ingested. The feature is available for all the log sources in the regions where both Logging Analytics and Oracle Threat Intelligence services are enabled. The Threat IPs widget makes use of this feature, which is not enabled by default.
To enable:

Expand All @@ -39,24 +46,27 @@
3. Edit each source. On the Edit screen, click the “Field Enrichment” tab. Ensure the "Enabled" checkbox is checked for the "Geo location" function
4. Edit the "Geo location" function by clicking the three dots, and check "Threat Intelligence enrichment" checkbox.
5. If it is not, check the checkbox and click "Save Changes"
6. Repeat above 5 steps for "OCI Audit Logs" Log Source.

### Security Fundamentals Dashboards Deployment
Download the files to your local workstation. There are 3 files with “.json” extension corresponding to the 3 security dashboards
1. Identity Security: Identity Security.json
2. Network Security: Network Security.json
3. Security Operations: Security Operations.json

Follow these steps to import the JSON files:
1. Login to tenancy
2. Navigate to LA Dashboards Console -> Observability & Management -> Logging Analytics -> Dashboards
3. Click on “Import Dashboards”
4. Navigate to folder containing dashboards and select the first dashboard JSON file
5. Select “Specify a compartment for all dashboards” and choose compartment
6. Select “Specify a compartment for all saved searches” and choose compartment
7. Click on “Import”
8. Repeat steps 3-7 for the second JSON file
9. Navigate to LA Administration -> VCN Flow Log and Audit Log Source -> Field Enrichment tab -> Enable Threat Intelligence enrichment for Public IP or Source IP
6. Repeat above 5 steps for OCI Network Firewall Traffic Logs, OCI Network Firewall Threat Logs, OCI Load Balancer Access Logs, OCI Load Balancer Error Logs, OCI WAF Logs, OCI Audit Logs Sources.

### Security Fundamentals Dashboards Deployment using OCI Marketplace App
Security Fundamentals Dashboards (SFD) OCI Marketplace App offers a seamless, one-click solution for customers to effortlessly deploy SFD dashboards and automate the collection of essential security-related logs in Logging Analytics. This streamlined approach simplifies the setup of comprehensive security monitoring across OCI environments, empowering customers to enhance their cloud security posture with minimal effort.

To launch the Marketplace app:

* In OCI console, Navigate to Marketplace -> All Applications
* Search “Security Fundamentals Dashboards”
* Check I have reviewed and accept the Oracle standard Terms and Restrictions.
* ![Security Fundamentals Dashboards Marketplace App](images/sfd-network-security-marketplace-app1.png)
* Click Launch Stack
* Review the Stack Information and Click Next
* Select the Dashboard Compartment from the dropdown to deploy the dashboards
* Check Create Service Connector for IAM Identity Domain Audit?
* Update the Logging Analytics Log Group Name if needed
* Switch Service Connector Hub State from INACTIVE to ACTIVE
* Check Include Network Related Logs? checkbox
* Add the Logging service Network related logs Log Group OCIDs
* Click Next for the final Review, Click Create to run the stack
* ![Security Fundamentals Dashboards Launch the Stack](images/sfd-network-security-marketplace-app3.png)

It may take some time for the data to start flowing into the dashboard. You will not see any data unless there are activities on the target system(s) that would be picked up by the corresponding widget/query.

Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 0fe8a11

Please sign in to comment.