Hi
Can someone suggest how i can integrate oracle cloud with google chronicle?
Oracle cloud with chronicle
+11You can search our supported SIEM Parsers here to see which Oracle products are supported - https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
- OCI_
AUDIT - OCI_
FLOW - ORACLE_
CLOUD_ AUDIT
There are no integration guides available at the time of writing, so I would recommend you refer to the Oracle Cloud documentation on how these sources can be exported. I would start by reviewing our Feed Management feature - https://cloud.google.com/chronicle/docs/administration/feed-management - e.g., can Oracle export to a WebHook. If it appears they require a text file or syslog then you can use the Chronicle Collection agent - https://cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent
+10- Bronze 2
You can search our supported SIEM Parsers here to see which Oracle products are supported - https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
- OCI_
AUDIT - OCI_
FLOW - ORACLE_
CLOUD_ AUDIT
There are no integration guides available at the time of writing, so I would recommend you refer to the Oracle Cloud documentation on how these sources can be exported. I would start by reviewing our Feed Management feature - https://cloud.google.com/chronicle/docs/administration/feed-management - e.g., can Oracle export to a WebHook. If it appears they require a text file or syslog then you can use the Chronicle Collection agent - https://cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent
@cmmartin_google : Yeah got confirmation that product name is oracle cloud guard and saw in the parser it is not supported currently . Is there any ETA when this will be done ?
+11@cmmartin_google : Yeah got confirmation that product name is oracle cloud guard and saw in the parser it is not supported currently . Is there any ETA when this will be done ?
I would recommend you will need to either 1) raise a support request with Google Cloud, or via your Partner to request an integration, or 2) build this as a custom integration (which can be done in tandem with 1).
I don't have visibility of the backlog for integrations myself, and so can't provide an ETA.
+16@cmmartin_google : Yeah got confirmation that product name is oracle cloud guard and saw in the parser it is not supported currently . Is there any ETA when this will be done ?
You’d need to submit a ticket if that doesn’t parse what you need. Or, you could create a custom parser by copying one of the Oracle parsers then modifying the code accordingly.
+10- Bronze 2
I would recommend you will need to either 1) raise a support request with Google Cloud, or via your Partner to request an integration, or 2) build this as a custom integration (which can be done in tandem with 1).
I don't have visibility of the backlog for integrations myself, and so can't provide an ETA.
@cmmartin_google / @dnehoda if a support ticket is raised how much time frame are we talking about?
I also have an additional question if a log source doesn't even a ingestion label for example hoxhunt , what is the process and how much time does it take to create an ingestion label?
+16@cmmartin_google / @dnehoda if a support ticket is raised how much time frame are we talking about?
I also have an additional question if a log source doesn't even a ingestion label for example hoxhunt , what is the process and how much time does it take to create an ingestion label?
Most likely 6 weeks.
+10- Bronze 2
Most likely 6 weeks.
@dnehoda thanks for the info. So it takes 6 weeks to create a parser post raising a ticket.
I have one additional question how much time does it take to create an ingestion label. We have one log source which we are planning to onboard name is hoxhunt but we are not seeing its ingestion label in supported parser web page. So want to know the process and time it requires to create ingestion label
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.