Oracle Cloud Infrastructure
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.0.9 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-06-01 |
| Last Updated | 2026-02-11 |
| Solution Folder | Oracle Cloud Infrastructure |
| Marketplace | Azure Marketplace · Rating: ★★★★★ 5.0/5 (1 ratings) · Popularity: 🟢 High (81%) |
The Oracle Cloud Infrastructure (OCI) solution provides the capability to ingest OCI Logs from OCI Stream into Microsoft Sentinel using the OCI Streaming REST API.
Underlying Microsoft Technologies used:
This Solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
• Microsoft Sentinel Codeless Connector Framework
Contents
Data Connectors
This solution provides 1 data connector(s) (plus 2 discovered⚠️):
- Oracle Cloud Infrastructure (via CCP) – Preview ⚠️ 🔶
- Oracle Cloud Infrastructure (via Codeless Connector Framework) 🔶
- [DEPRECATED] Oracle Cloud Infrastructure ⚠️ 🔶
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
OCI_LogsV2_CL 🔶 |
Oracle Cloud Infrastructure (via CCP) – Preview, Oracle Cloud Infrastructure (via Codeless Connector Framework) | Analytics, Hunting, Workbooks |
OCI_Logs_CL 🔶 |
[DEPRECATED] Oracle Cloud Infrastructure | Analytics, Hunting, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 22 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 10 |
| Hunting Queries | 10 |
| Workbooks | 1 |
| Parsers | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| OCI - Discovery activity | Medium | Discovery | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Event rule deleted | High | DefenseEvasion | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Inbound SSH connection | Medium | InitialAccess | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Insecure metadata endpoint | High | Discovery | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Instance metadata access | Medium | Discovery | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Multiple instances launched | Medium | Impact | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Multiple instances terminated | High | Impact | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Multiple rejects on rare ports | Medium | Reconnaissance | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - SSH scanner | High | Reconnaissance | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Unexpected user agent | Medium | InitialAccess | OCI_LogsV2_CLOCI_Logs_CL |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| OCI - Delete operations | Impact | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Deleted users | Impact | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Destination ports (inbound traffic) | InitialAccess | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Destination ports (outbound traffic) | Exfiltration | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Launched instances | Impact | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - New users | InitialAccess, Persistence | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Terminated instances | Impact | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Update activities | Impact | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - Updated instances | DefenseEvasion | OCI_LogsV2_CLOCI_Logs_CL |
| OCI - User source IP addresses | Impact | OCI_LogsV2_CLOCI_Logs_CL |
Workbooks
| Name | Tables Used |
|---|---|
| OracleCloudInfrastructureOCI | OCI_LogsV2_CLOCI_Logs_CL |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| OCILogs | - | OCI_LogsV2_CL (read)OCI_Logs_CL (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.9 | 10-02-2026 | Add support for group Cursor |
| 3.0.8 | 05-02-2026 | fix name in package 3.0.7 |
| 3.0.7 | 26-01-2026 | Improve Instructions part of the connector with more InfoMessage. |
| 3.0.6 | 09-12-2025 | Support Multistream + multi partition. |
| 3.0.5 | 13-11-2025 | Updated partition id text box's description with zero-based indexing. |
| 3.0.4 | 22-09-2025 | Updated the OCI CCF Data Connector instructions to include information about the partition ID limitation. |
| 3.0.3 | 25-08-2025 | Moving OCI CCF Data Connector to GA |
| 3.0.2 | 14-07-2025 | Introduced new CCF Connector to the Solution - "OCI-Connector-CCP-Definition". |
| 3.0.1 | 05-10-2023 | Manual deployment instructions updated for Data Connector. |
| 3.0.0 | 21-08-2023 | Modified the Parser by adding Columnifexists condition to avoid errors. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊