Using this feature you can run CIS benchmark tests (v1.2.0) for your Oracle Cloud Infra subscription. This includes CIS level 1 and level 2 checks for OCI as specified here: https://www.cisecurity.org/benchmark/oracle_cloud


Please setup OCI SDK and CLI as described here. Twigs uses default configuration file from following location “~/.oci/config” and it refers to the DEFAULT profile in the configuration file.

Steps involved

  • Open a new shell / terminal.
  • You can run the command: twigs oci_ci --assetid UNIQUE_ASSET_ID --assetname NAME_LABEL_FOR_ASSET
  • Asset id is not optional. Use a unique identifier for your OCI cloud instance as an asset.
  • After discovery is complete, you can login into ThreatWorx Console to view the newly discovered OCI instance as an asset as well as results of the CIS benchmark tests.
  • If you do not wish to run Oracle Best Practice checks, then you can include the “–no_obp” switch as follows: twigs oci_ci --assetid UNIQUE_ASSET_ID --assetname NAME_LABEL_FOR_ASSET --no_obp
  • Twigs will automatically mark/resolve any fixed issues that were discovered as part of a previous run.