Skip to main content

Integrate Oracle Cloud

Overview

This guide covers setting up an IAM Auditor Group, assigning read-only access and security audit policies, generating an API key, and configuring the connector using your tenancy credentials.

Prerequisites

  • Administrator access to the target OCI tenancy.
  • An active OCI Domain.

Steps

1. Create the Auditor Group

  1. Log into your Oracle Cloud Infrastructure Account.
  2. Navigate to Identity & SecurityDomains and click on your active domain (usually named Default).
  3. Under the User Management menu, click Groups, then click Create group.
  4. Enter deeptraq@security-auditors as the name and add a description (e.g., "Group for DeepTraq Security Scanner auditing tools").
  5. Click Create.

2. Add User to the Auditor Group

  1. Click on the newly created deeptraq@security-auditors group.
  2. Click Assign users to group.
  3. Search for your dedicated DeepTraQ user account, select it, and click Add to assign the user to the group.

3. Create the Audit Policy

  1. Navigate to Identity & SecurityPolicies (located in the main sidebar, outside of Domains).
  2. Click Create Policy.
  3. Name the policy deeptraq@audit-policy-v1.0 and ensure the Compartment is set to root (your main tenancy).
  4. Click Show Manual Editor and paste the following permission into the Policy Builder: Allow group 'Default'/'deeptraq@security-auditors' to read all-resources in tenancy (Note: If your domain name is different from 'Default', replace 'Default' with your actual domain name in the policy statement.)
  5. Click Create to save the policy.

4. Generate API Key for Authentication

  1. Navigate back to Identity & SecurityDomains → your domain → Users.
  2. Select the user you assigned to the deeptraq@security-auditors group.
  3. Navigate to the API Keys section for this user and click Add API Key.
  4. Select Generate API Key Pair and click Download Private Key. Save this .pem file securely.
  5. Click Add.
  6. A "Configuration File Preview" dialog will appear. Copy the entire configuration snippet displayed (this contains your User OCID, Fingerprint, Tenancy OCID, and Region).

5. Create the Connector in DeepTraQ

  1. In the DeepTraQ Integrations tab, select Oracle Cloud Infrastructure (OCI) from the dropdown.
  2. Enter the desired Connector Name, Description, and Tags.
  3. In the Scan Credentials section, locate the Config textbox. Paste the Configuration File Preview snippet you copied from OCI.
  4. Important: Manually delete the last line of the pasted snippet that contains the key_file=<not_used> path.
  5. Locate the Private Key textbox. Open your downloaded .pem file in a text editor, copy the entire content (including the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- lines), and paste it here. Remove any extra OCI API key text if present.
  6. Configure your Scan Settings to schedule a one-time scan or set up periodic scanning (Daily, Weekly, Bi-Weekly, or Monthly).
  7. Customize your Scan Options, such as saving all scan artifacts, logging information-level vulnerabilities, or selecting specific OCI services to scan.
  8. Click Add to complete your Oracle connection.

Field Reference

FieldDescriptionExample
ConfigThe configuration snippet copied from the OCI API Key creation screen, with the key_file line removed.[DEFAULT]

user=ocid1.user.oc1...

fingerprint=xx:xx...

tenancy=ocid1.tenancy...

region=us-ashburn-1 | | Private Key | The exact string contents of the downloaded .pem file, including the begin/end header lines. | -----BEGIN PRIVATE KEY-----

MIIEvgI...

-----END PRIVATE KEY----- |