Overview
Using this feature you can run CIS benchmark tests (v1.2.0) for your Oracle Cloud Infra subscription. This includes CIS level 1 and level 2 checks for OCI as specified here: https://www.cisecurity.org/benchmark/oracle_cloud
Pre-requisites
Please setup OCI SDK and CLI as described here. Twigs uses default configuration file from following location “~/.oci/config” and it refers to the DEFAULT profile in the configuration file. You can specify your custom configuration file location and profile name on the twigs command-line.
Steps involved
- Open a new shell / terminal.
- You can run the command:
twigs oci_ci --assetid UNIQUE_ASSET_ID --assetname NAME_LABEL_FOR_ASSET [--config_file CONFIG_FILE] [--config_profile CONFIG_PROFILE]
- Asset id is not optional. Use a unique identifier for your OCI cloud instance as an asset.
- After discovery is complete, you can login into ThreatWorx Console to view the newly discovered OCI instance as an asset as well as results of the CIS benchmark tests.
- You can specify your custom configuration file location (CONFIG_FILE) and profile name (CONFIG_PROFILE) on the twigs command-line.
- If you do not wish to run Oracle Best Practice checks, then you can include the “–no_obp” switch as follows:
twigs oci_ci --assetid UNIQUE_ASSET_ID --assetname NAME_LABEL_FOR_ASSET --no_obp - Twigs will automatically mark/resolve any fixed issues that were discovered as part of a previous run.
Example
$ twigs oci_ci --assetid prod_oci_cis --assetname "Production OCI CIS"
Run CIS benchmark checks (CSPM) for your OCI Cloud environment. Note you need to configure OCI SDK and CLI first.
$ twigs oci_ci --assetid prod_oci_cis --assetname "Production OCI CIS" --no_obp
Run CIS benchmark checks (CSPM) for your OCI Cloud environment, but do not run “Oracle Best Practice” checks.