Skip to main content

Secure Oracle Cloud Infrastructure (OCI) with Mondoo

Rely on Mondoo to continuously secure your Oracle Cloud (OCI) environment. Mondoo regularly checks your OCI tenancy for misconfigurations and vulnerabilities that can put your organization at risk.

Create an OCI integration to give Mondoo the access it needs to assess your tenancy.

Prerequisites

  • Owner or Editor access to the Mondoo space where you want to add the OCI integration

  • Access to an OCI tenancy

Add an OCI integration

  1. In the Mondoo Console, access the Integrations > Add > Oracle Cloud Infrastructure page in one of two ways:

    • New space setup: After creating a new Mondoo account or creating a new space, the initial setup guide welcomes you. Select BROWSE INTEGRATIONS and then select Oracle Cloud Infrastructure.

      Welcome to Mondoo Page

    • INTEGRATIONS page: Navigate to INTEGRATIONS. Under Cloud, select Oracle Cloud Infrastructure.

      Cloud integrations

  2. In the Choose an integration name box, enter a name for the integration. Make it a name that lets you easily recognize the OCI tenancy.

    Add an Oracle Cloud Infrastructure - OCI - Mondoo integration

  3. In a different browser tab, log into the Oracle Cloud Console.

  4. In the top-right corner of the Oracle Cloud Console, select the User Profile icon and select My Profile.

    OCI - my profile

  5. In the bottom-left Resources menu, select API keys and select the Add API key button.

    OCI - API keys

To learn about API keys, read Required Keys and OCIDs in the OCI documentation.

  1. Select the Download private key button to download a PEM certificate to use for the Mondoo OCI integration.

    OCI - Add API key

  2. Select the Add button.

    OCI shows a configuration file snippet. Select Copy to copy the snippet.

    OCI configuration file snippet

  3. Return to the tab where you're creating an integration in the Mondoo Console. In the Provide the config file snippet box, paste the snippet you copied.

    Add a Mondoo OCI integration

  4. Upload the PEM certificate that you downloaded when you added an OCI API key: In the Drag and drop your .pem file here box, select the cloud icon and choose the file to upload.

  5. Select the START SCANNING button.

  6. On the Recommended Policies page, enable the policies on which you want to base assessments of your OCI environment. To learn more, read Manage Policies.

View your OCI integration

  1. In the side navigation bar, under Integrations, select Oracle Cloud Infrastructure.

    OCI integrations list

  2. In the list of OCI integrations, select the integration you want to view.

    OCI integration

Statuses

The possible statuses for an OCI integration are:

  • ACTIVE: The integration is active/healthy.
  • ERROR: Mondoo detected an error when attempting to scan.

Remove an integration

To remove an integration, select the trash can icon. A confirmation prompt displays. Once you confirm the deletion, Mondoo removes the configured integration and stops triggering scans of the OCI tenancy.

Next steps