1. Using Oracle CASB Cloud Service
  2. Setting Up Cloud Applications for Monitoring
  3. Setting Up Oracle Cloud Infrastructure (OCI)
  4. Working with OCI Security Control Baseline Settings and Templates
  5. About Security Control Templates and Application Instances

About Security Control Templates and Application Instances

Understand the security control template features that are available to make it easier to manage security control baseline settings across multiple OCI application instances.

When you are monitoring a lot of OCI instances in Oracle CASB Cloud Service, security control templates make it easy to manage the security control baseline settings for groups of instances that should have the same settings, in order to comply with your security policies. Even if you do not create security control templates, you can use the related bulk update feature to copy a security control setting from one OCI instance to multiple instances at once.

Security Control Templates

A security control template contains settings for all the security controls for an OCI application instance that is registered in Oracle CASB Cloud Service.

  • No predefined security control templates are provided in Oracle CASB Cloud Service - you have to create them. See Creating a Template.

  • A security control template contains settings for all the security controls for an OCI application instance that is registered in Oracle CASB Cloud Service.

  • Attaching a template to an OCI instance causes all the security control settings from the template to be copied into the OCI instance, where they become read-only. The template settings are in control, as long as the OCI instance has the template attached. See Attaching a Template to an OCI Application Instance.

  • Exceptions settings are an exception. Some security controls have an Exceptions section. Any settings in these Exceptions sections are only stored for the individual OCI instances. Exceptions settings are not affected when you attach a template to an OCI instance - they remain editable.

    Whether or not you use security control templates, you can copy the Exceptions settings from a single security control in an OCI instance to multiple OCI instances.

Bulk Updates of Security Control Settings

You can use the current settings for a security control from one OCI instance to update the same security control in multiple templates or multiple OCI instances. See Updating a Security Control's Settings in Multiple Templates or Application Instances.

  • Open the source OCI instance, from which you wish to update multiple templates or OCI instances, on the Update security contol baseline page.

  • Select the individual templates or OCI instances to be updated. You can update the same security control setting in multiple templates or OCI instances at the same time.

  • Exceptions settings are an exception. Bulk updates of security controlExceptions settings must be done separately - see the next section below.

Bulk Updates of Exceptions Settings

You can use the current Exceptions settings for a security control from one OCI instance to update the Exceptions settings for the same security control in multiple OCI instances. See Updating an Exception Setting in Multiple Application Instances.

  • Open the source OCI instance, from which you wish to update multiple OCI instances, on the Update security contol baseline page.

  • Select the individual OCI instances to be updated. You can update the same security control Exceptions settings in multiple OCI instances at the same time.

  • The Exceptions settings only are updated. Bulk updates of other security control settings must be done separately - see the section above.