Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Retrieve Oracle Cloud Guard Problem Reports using a Python Script

Introduction

As organizations increasingly migrate their critical workloads to the cloud, securing cloud infrastructures has become paramount. Oracle Cloud Infrastructure (OCI) offers a comprehensive set of security services to protect cloud environments, and one of the standout tools in OCI’s security suite is Oracle Cloud Guard.

Oracle Cloud Guard helps enterprises protect their OCI resources by providing real-time visibility into security posture, threat detection, vulnerability management, and compliance checks. A key feature of Oracle Cloud Guard is its ability to generate problem reports, which can be invaluable for organizations looking to maintain a robust security posture.

The Oracle Cloud Guard console currently does not support exporting problem reports directly. This tutorial provides a Python script to generate and download these reports in both JSON and CSV formats. Once a problem is detected, Oracle Cloud Guard generates a problem report that includes details such as the description of the problem, risk level, affected resources, and more.

By using this script, customers can:

• Perform offline analysis of problem data.

• Ad-hoc upload reports to Security Information and Event Management (SIEM) solutions for enhanced threat detection and correlation.

• Integrate with analytical dashboards or other reporting tools to identify patterns, trends, and root causes.

This approach not only ensures operational efficiency but also empowers customers to gain deeper insights and maintain robust security postures.

Objectives

• Retrieve Oracle Cloud Guard problems report using a Python script.

Prerequisites

• Access permissions in Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) to view Oracle Cloud Guard. For more information, see Enable Oracle Cloud Guard.

• Access to an OCI Cloud Shell. For more information, see Required IAM Policy for OCI Cloud Shell.

Run the Python Script in OCI Cloud Shell

1. Log in to the OCI Console.

2. Click Cloud Shell to open OCI Cloud Shell.

   

3. Copy the following Python script and save it in your local machine as report.py to run in OCI Cloud Shell.

   import oci
   from datetime import datetime
   import json
   import csv
   config = oci.config.from_file()
   #print(config['tenancy'])
   #today = datetime.today()
   #print("Current date: ")
   #print(today)
   #firstdate = (today - timedelta(days=180))
   #print("Time first detected is: ")
   #print(firstdate)
   cloud_guard_client = oci.cloud_guard.CloudGuardClient(config)
   list_problems_response = cloud_guard_client.list_problems(
      compartment_id=config['tenancy'],
      compartment_id_in_subtree=True,
      access_level="ACCESSIBLE",
      #time_first_detected_greater_than_or_equal_to=firstdate,
      limit=1000000)
   response = list_problems_response.data
   #print(response)
   string = str(response)
   res_data = json.loads(string)
   output_file = "problem_report.json"
   with open(output_file, 'w') as json_file:
      json.dump(res_data, json_file)
   with open('problem_report.json') as json_file:
      data = json.load(json_file)
   prob_data = data['items']
   csv_file = open("problem_report.csv", "w", newline="")
   csv_writer = csv.writer(csv_file)
   count = 0
   for res in prob_data:
      if count == 0:
   
         # Writing headers of CSV file
         header = res.keys()
         csv_writer.writerow(header)
         count += 1
   
    # Writing data of CSV file
      csv_writer.writerow(res.values())
   print("Script executed successfully")
   print("\nReports are generated and saved")
   

4. Click the settings icon and click Upload to upload the Python script file from your local machine.

   

5. Run the Python script by using the following command.

   python3 report.py
   

6. Once successfully run, you can get to see the two files created in the folder named problem_report.json and problem_report.csv.

   

7. To download the report, click the settings icon and Download. Enter the path and file name of the report.

Note: Script will run and provide the report which will show problems which have occurred from the last 180 days. This is executed in the root compartment. Sub-compartment visible is set to true, the hierarchy of compartments is traversed and all compartments and sub-compartments in the tenancy are returned.

Next Steps

For organizations using OCI, leveraging Oracle Cloud Guard problem reports should be an integral part of your cloud security strategy. Regularly reviewing and acting upon these reports will help you safeguard your OCI resources, ensure compliance, and maintain the trust of your customers and stakeholders.

Related Links

• Python SDK for Oracle Cloud Guard

• Oracle Cloud Guard

• Processing Reported Problems

Acknowledgments

• Author - Samratha S P (Senior Cloud Engineer)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Retrieve Oracle Cloud Guard Problem Reports using a Python Script

G22987-01

December 2024

Copyright ©2024,

Oracle and/or its affiliates.