This image shows 3 Oracle Cloud Infrastructure (OCI) regions providing streaming data to a security information and event management (SIEM) platform. The 2 subscribed regions have similar topologies to the reporting region described below except that they do not include the Oracle Cloud Guard component:

The Oracle Cloud Guard reporting region provides 3 compartments and the following services:

• Oracle Cloud Infrastructure Audit: Audit information from the region feeds into the service connector hub in the security compartment.
• Oracle Cloud Guard: In conjunction with Oracle Cloud Infrastructure Events feeds into Oracle Cloud Infrastructure Streaming in the security compartment (present only in the reporting region).
• Oracle Data Safe: In conjunction with Oracle Cloud Infrastructure Events feeds into Oracle Cloud Infrastructure Streaming in the security compartment.
• Oracle Cloud Infrastructure Events

The network compartment provides a single virtual cloud network (VCN) with 2 subnets. Subnet 10.0.30.0/24 provides a load balancer to handle traffic to multiple virtual machines (VMs) and their virtual network interface cards (VNICs). Subnet 10.0.31.0/24 provides multiple VMs. Load balancer logs and subnet flow logs feed into the logging service in the security compartment. Audit information from the compartment feeds into the service connector hub in the security compartment.

The app compartment provides object storage and auditing. Audit information from the compartment feeds into the service connector hub in the security compartment. Object storage date feeds into the logging service in the security compartment.

The security compartment provides logging audit and logging services that feed into a service connector hub and then to Oracle Cloud Infrastructure Streaming for access by the SIEM.