Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Oracle Audit Logs | ✅ | oracle_audit_logs | NDJSON | Oracle Cloud | |||
Oracle Service Logs | ✅ | oracle_service_logs | NDJSON | Oracle Cloud |
Overview
Oracle Cloud is a comprehensive cloud services platform offering a wide array of services across SaaS (Software as a Service), PaaS (Platform as a Service), and IaaS (Infrastructure as a Service). With its data centers spread globally, Oracle Cloud provides advanced computing power, storage capabilities, and networking that can support the most demanding applications. It's designed to support enterprise-scale applications, offering robust security features, high availability, and scalability.
Sending Oracle logs to Hunters allows for continous logging with retention, as well as having the logs in the Hunters detection engine. The relevant logs for Hunters detection, which needs to be enabled per service, are:
VCN flow logs
Firewall logs
WAF logs
Supported data types
Oracle Audit Logs
Table name: oracle_audit_logs
Oracle Cloud audit logs are an essential part of the security and compliance framework for organizations using Oracle Cloud services. These logs provide detailed information about the activities performed by users, applications, and services in the Oracle Cloud environment.
Learn more here.
📘Audit Logs Version
Continuous export of Oracle Audit logs is currently available only for Audit Logs V1.
Oracle Service Logs
Table name: oracle_service_logs
Oracle Service Logs are audit logs from different Oracle Cloud services. Hunters currently supports the following Oracle Cloud logs:
VCN flow logs
Firewall logs
WAF logs
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Oracle logs via Oracle Cloud buckets.
To connect Oracle logs:
Follow this guide to complete the connection process.
Expected format
Logs are expected in JSON format.
Oracle Audit Logs
{
"data": {
"additionalDetails": {},
"availabilityDomain": "PHX-AD-3",
"compartmentId": "ocid1.tenancy.oc1..asdsadasd",
"compartmentName": "testsecurity",
"definedTags": null,
"eventGroupingId": "phx-1:asd-jrqHk-UiVVAhS9uK-KBkSzzjaZonusnL3",
"eventName": "GetNamespace",
"freeformTags": null,
"identity": {
"authType": null,
"callerId": null,
"callerName": null,
"consoleSessionId": null,
"credentials": "asd",
"ipAddress": "10.1.1.1",
"principalId": "ocid1.serviceconnector.oc1.phx.asd",
"principalName": "ocid1.serviceconnector.oc1.phx.asd",
"tenantId": null,
"userAgent": "Oracle-JavaSDK/2.66.1 (Linux/4.14.35-2047.532.3.el7uek.x86_64; Java/17.0.10; Java HotSpot(TM) 64-Bit Server VM/17.0.10+11-LTS-jvmci-23.0-b27)"
},
"message": "Namespace retrieved.",
"request": {
"action": "GET",
"headers": {
"Accept": [
"application/json"
],
"authorization": [
"Signature headers=headers headers"
],
"Connection": [
"Keep-Alive"
],
"date": [
"Wed, 31 Jan 2024 14:06:38 GMT"
],
"host": [
"objectstorage.us-phoenix-1.oraclecloud.com"
],
"opc-client-info": [
"Oracle-JavaSDK/2.66.1"
],
"opc-request-id": [
"197A5ABB17B948BEACE1231231239B9C"
],
"User-Agent": [
"Oracle-JavaSDK/2.66.1 (Linux/4.14.35-2047.532.3.el7uek.x86_64; Java/17.0.10; Java HotSpot(TM) 64-Bit Server VM/17.0.10+11-LTS-jvmci-23.0-b27)"
]
},
"id": "phx-1:asdasdasdasdasdasd-jrqHk-UiVVAhS9uK-KBkSzzjZonusnL3",
"parameters": {},
"path": "/n"
},
"resourceId": "/n",
"response": {
"headers": {
"access-control-allow-credentials": [
"true"
],
"access-control-allow-methods": [
"POST,PUT,GET,HEAD,DELETE,OPTIONS"
],
"access-control-allow-origin": [
"*"
],
"access-control-expose-headers": [
"access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-type,date,opc-client-info,opc-request-id,x-api-id"
],
"Content-Length": [
"14"
],
"Content-Type": [
"application/json"
],
"date": [
"Wed, 31 Jan 2024 14:06:38 GMT"
],
"opc-request-id": [
"phx-1:qSDtfP5YOFfGvAI24KIfQNb5dHGQmiM-jrqHk-UiVVAhS9uK-KBkSzzjZonusnL3"
],
"x-api-id": [
"native"
]
},
"message": null,
"payload": {
"id": "/n",
"resourceName": "/n"
},
"responseTime": "2024-01-31T14:06:38.366Z",
"status": "200"
},
"stateChange": null
},
"dataschema": "2.0",
"id": "1232132-bdf1-aa09-b21a-6f7b85ea2132",
"oracle": {
"compartmentid": "ocid1.tenancy.oc1..asdasdasdasd",
"ingestedtime": "2024-01-31T14:06:42.772Z",
"loggroupid": "_Audit",
"tenantid": "ocid1.tenancy.oc1..asdasdasdasdas"
},
"source": "/n",
"specversion": "1.0",
"time": "2024-01-31T14:06:38.366Z",
"type": "com.oraclecloud.objectstorage.getnamespace"
}
Oracle Service Logs
{
"datetime": 1638434349351,
"logContent": {
"data": {
"clientAddr": "192.168.0.33",
"countryCode": "ca",
"host": "192.168.0.103",
"listenerPort": "80",
"request": {
"httpVersion": "HTTP/1.1",
"id": "f8860949459e94181e650d4049615a01",
"method": "GET",
"path": "/console/css/%252e%252e%252fconsole.portal"
},
"requestProtection": {
"matchedData": "Matched Data: /%252e%252e%252f found within REQUEST_URI_RAW: /console/css/%252e%252e%252fconsole.portal;Matched Data: ../ found within REQUEST_URI: /console/css/../console.portal;Matched Data: ../ found within REQUEST_URI: /console/css/../console.portal",
"matchedIds": "9301000_v001;9301100_v001;9301100_v001;9300000_v001",
"matchedRules": "Recomended Rules"
},
"response": {
"code": "401",
"size": "139"
},
"responseProtection": {},
"responseProvider": "requestProtection/Recomended Rules",
"timestamp": "2021-12-02T08:39:05Z"
},
"id": "6ddc2351-d6a7-4a5e-b057-c04e50003f78-waf-388469",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..doaij2d890j9ffasf",
"ingestedtime": "2021-12-02T08:39:15.367Z",
"loggroupid": "ocid1.loggroup.oc1.iad.doaij2d890j9ffasf",
"logid": "ocid1.log.oc1.iad.doaij2d890j9ffasf",
"resourceid": "ocid1.webappfirewall.oc1.iad.doaij2d890j9ffasf",
"tenantid": "ocid1.tenancy.oc1..doaij2d890j9ffasf"
},
"source": "lb_shapetest2-400",
"specversion": "1.0",
"subject": "",
"time": "2021-12-02T08:39:09.351Z",
"type": "com.oraclecloud.loadbalancer.waf"
}
}