Note:

Retrieve Oracle Cloud Guard Problem Reports using a Python Script

Introduction

As organizations increasingly migrate their critical workloads to the cloud, securing cloud infrastructures has become paramount. Oracle Cloud Infrastructure (OCI) offers a comprehensive set of security services to protect cloud environments, and one of the standout tools in OCI’s security suite is Oracle Cloud Guard.

Oracle Cloud Guard helps enterprises protect their OCI resources by providing real-time visibility into security posture, threat detection, vulnerability management, and compliance checks. A key feature of Oracle Cloud Guard is its ability to generate problem reports, which can be invaluable for organizations looking to maintain a robust security posture.

The Oracle Cloud Guard console currently does not support exporting problem reports directly. This tutorial provides a Python script to generate and download these reports in both JSON and CSV formats. Once a problem is detected, Oracle Cloud Guard generates a problem report that includes details such as the description of the problem, risk level, affected resources, and more.

By using this script, customers can:

This approach not only ensures operational efficiency but also empowers customers to gain deeper insights and maintain robust security postures.

Objectives

Prerequisites

Run the Python Script in OCI Cloud Shell

  1. Log in to the OCI Console.

  2. Click Cloud Shell to open OCI Cloud Shell.

    Cloudshell

  3. Copy the following Python script and save it in your local machine as report.py to run in OCI Cloud Shell.

    import oci
    from datetime import datetime
    import json
    import csv
    config = oci.config.from_file()
    #print(config['tenancy'])
    #today = datetime.today()
    #print("Current date: ")
    #print(today)
    #firstdate = (today - timedelta(days=180))
    #print("Time first detected is: ")
    #print(firstdate)
    cloud_guard_client = oci.cloud_guard.CloudGuardClient(config)
    list_problems_response = cloud_guard_client.list_problems(
       compartment_id=config['tenancy'],
       compartment_id_in_subtree=True,
       access_level="ACCESSIBLE",
       #time_first_detected_greater_than_or_equal_to=firstdate,
       limit=1000000)
    response = list_problems_response.data
    #print(response)
    string = str(response)
    res_data = json.loads(string)
    output_file = "problem_report.json"
    with open(output_file, 'w') as json_file:
       json.dump(res_data, json_file)
    with open('problem_report.json') as json_file:
       data = json.load(json_file)
    prob_data = data['items']
    csv_file = open("problem_report.csv", "w", newline="")
    csv_writer = csv.writer(csv_file)
    count = 0
    for res in prob_data:
       if count == 0:
    
          # Writing headers of CSV file
          header = res.keys()
          csv_writer.writerow(header)
          count += 1
    
     # Writing data of CSV file
       csv_writer.writerow(res.values())
    print("Script executed successfully")
    print("\nReports are generated and saved")
    
  4. Click the settings icon and click Upload to upload the Python script file from your local machine.

    Cloudshell upload

  5. Run the Python script by using the following command.

    python3 report.py
    
  6. Once successfully run, you can get to see the two files created in the folder named problem_report.json and problem_report.csv.

    Console Output

  7. To download the report, click the settings icon and Download. Enter the path and file name of the report.

Note: Script will run and provide the report which will show problems which have occurred from the last 180 days. This is executed in the root compartment. Sub-compartment visible is set to true, the hierarchy of compartments is traversed and all compartments and sub-compartments in the tenancy are returned.

Next Steps

For organizations using OCI, leveraging Oracle Cloud Guard problem reports should be an integral part of your cloud security strategy. Regularly reviewing and acting upon these reports will help you safeguard your OCI resources, ensure compliance, and maintain the trust of your customers and stakeholders.

Acknowledgments

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.