Onboard Oracle Cloud Infrastructure (OCI) Accounts for Agentless Scanning
Agentless scanning lets you inspect the risks and vulnerabilities of a virtual machine without having to install an agent or affecting the execution of the instance. Prisma Cloud gives you the flexibility to choose between agentless and agent-based security using Defenders. Currently, Prisma Cloud supports agentless scanning on Oracle Cloud Infrastructure (OCI) for vulnerabilities and compliance. To learn more about how agentless scanning works, see the How Agentless Scanning Works?[How Agentless Scanning Works?]
This guide enables Agentless scanning for Prisma Cloud Enterprise Edition (PCEE, SaaS) in OCI.
The procedure shows you how to complete the following tasks.
- Create an OCI compartment to run the needed instances in OCI that perform the agentless scanning.
- Create a new OCI user for Prisma Cloud to access OCI.
- Create an API key in OCI for the new user.
- Configure the Prisma Cloud console to access the OCI resources.
- Apply the needed permissions in OCI.
- Start an agentless scan.
Create an OCI Compartment
- Go to the Oracle Cloud console.
- In the menu, go toIdentity & Security > Compartments.
- ClickCreate Compartment.
- Enter a name and a description for the compartment.
- ClickCreate Compartment.To scan all resources across all regions, you must create the resources for the different regions in the compartment. Make sure to create all needed resources with the same name in all regions.
Create a New OCI User
- In the menu, go toIdentity & Security > Users.
- ClickCreate User.
- SelectIAM User.
- Enter aNameand aDescriptionfor the user.
Create an API Access Key
- On the user page, go toResources > API Key.
- SelectGenerate API Key Pair.
- ClickDownload Private Key.
- TheConfiguration File Previewopens.
- Copy the key-value pair for user into a text file.
- Copy the key-value pair for fingerprint into a text file.
- Copy the key-value pair for tenancy into a text file.
- Save the text file.
Configure the Prisma Cloud Console
- Log in to the Prisma Cloud administrative console.
- SelectCompute > Manage > Cloud accounts.
- ClickAdd account.
- UnderSelect cloud provider, pickOracle.
- Provide a name for the account.
- UnderTenancy, paste the value you got from the OCIConfiguration File Preview.
- UnderUser, paste the value you got from the OCIConfiguration File Preview.
- UnderFingerprint, paste the value you got from the OCIConfiguration File Preview.
- Open the downloaded private key and paste it underPrivate key.
- Select the public URL that the Prisma Cloud Console uses to connect to OCI.
- Enter the name of the created OCI compartment.
- Configure anyAdvanced settingsyou need.Any resources like VCN, subnet, or security group you want to use must exist in the compartment you created. Create the resources using the same name in every region you wish to scan.
- UnderDownload permission templates, clickDownload.
- ClickAdd account.