1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Administrator’s Guide (Compute)
    5. Agentless Scanning
    6. Onboard Accounts for Agentless Scanning
    7. Onboard Oracle Cloud Infrastructure (OCI) Accounts for Agentless Scanning

    Onboard Oracle Cloud Infrastructure (OCI) Accounts for Agentless Scanning

    Agentless scanning lets you inspect the risks and vulnerabilities of a virtual machine without having to install an agent or affecting the execution of the instance. Prisma Cloud gives you the flexibility to choose between agentless and agent-based security using Defenders. Currently, Prisma Cloud supports agentless scanning on Oracle Cloud Infrastructure (OCI) for vulnerabilities and compliance. To learn more about how agentless scanning works, see the How Agentless Scanning Works?[How Agentless Scanning Works?]
    This guide enables Agentless scanning for Prisma Cloud Enterprise Edition (PCEE, SaaS) in OCI.
    The procedure shows you how to complete the following tasks.
    1. Create an OCI compartment to run the needed instances in OCI that perform the agentless scanning.
    2. Create a new OCI user for Prisma Cloud to access OCI.
    3. Create an API key in OCI for the new user.
    4. Configure the Prisma Cloud console to access the OCI resources.
    5. Apply the needed permissions in OCI.
    6. Start an agentless scan.

    Create an OCI Compartment

    1. Go to the Oracle Cloud console.
    2. In the menu, go to
      Identity & Security > Compartments
      .
    3. Click
      Create Compartment
      .
    4. Enter a name and a description for the compartment.
    5. Click
      Create Compartment
      .
      To scan all resources across all regions, you must create the resources for the different regions in the compartment. Make sure to create all needed resources with the same name in all regions.

    Create a New OCI User

    1. In the menu, go to
      Identity & Security > Users
      .
    2. Click
      Create User
      .
    3. Select
      IAM User
      .
    4. Enter a
      Name
       and a
      Description
       for the user.
    5. Click
      Create
      .

    Create an API Access Key

    1. On the user page, go to
      Resources > API Key
      .
    2. Select
      Generate API Key Pair
      .
    3. Click
      Download Private Key
      .
    4. Click
      Add
      .
    5. The
      Configuration File Preview
       opens.
      1. Copy the key-value pair for user into a text file.
      2. Copy the key-value pair for fingerprint into a text file.
      3. Copy the key-value pair for tenancy into a text file.
      4. Save the text file.
    6. Click
      Close
      .

    Configure the Prisma Cloud Console

    1. Log in to the Prisma Cloud administrative console.
    2. Select
      Compute > Manage > Cloud accounts
      .
    3. Click
      Add account
      .
    4. Under
      Select cloud provider
      , pick
      Oracle
      .
    5. Provide a name for the account.
    6. Under
      Tenancy
      , paste the value you got from the OCI
      Configuration File Preview
      .
    7. Under
      User
      , paste the value you got from the OCI
      Configuration File Preview
      .
    8. Under
      Fingerprint
      , paste the value you got from the OCI
      Configuration File Preview
      .
    9. Open the downloaded private key and paste it under
      Private key
      .
    10. Click
      Next
      .
    11. Select the public URL that the Prisma Cloud Console uses to connect to OCI.
    12. Enter the name of the created OCI compartment.
    13. Configure any
      Advanced settings
       you need.
      Any resources like VCN, subnet, or security group you want to use must exist in the compartment you created. Create the resources using the same name in every region you wish to scan.
    14. Under
      Download permission templates
      , click
      Download
      .
    15. Click
      Add account
      .