Create Oracle Cloud Infrastructure Connectors

Select a frequency at which the connector should poll the cloud provider and fetch data.

By default, the connector polling frequency is configured to be every 4 hours. As a result, the connector connects with the cloud provider every 4 hours to fetch the data.

You can configure frequency from one hour to a maximum of 24 hours. We recommend configuring a frequency of 4 hours or more for optimal use of your connector. Configuring a low polling frequency (less than 4 hours) can affect the connector's performance and may result in OCI API throttling error.

This lets you grant Qualys access to your OCI resources without sharing your OCI security credentials. 

To grant access to Qualys, you have to provide the following information.

Home Region

Set the region where you want to fetch OCI assets from.

1. To get the home region of your OCI account,

1. Navigate to your OCI account.

2. Go to Governance and Administration > Administration > Tenancy Details.

3. Identify the Home region and its identifier.

For example, if the Home region is US East (Ashburn), its region identifier is us-ashburn-1. 

2. Select the home region from the menu.

OCID

Oracle Cloud Infrastructure resources have an Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). It is part of the resource's information in the console and API.

Authenticate the Qualys connector by providing the Tenant and User OCID.

Tenant OCID

To get the Tenant OCID of your OCI account,

1. Navigate to your OCI account.

2. Go to Governance and Administration > Administration > Tenancy Details.

3. The Tenancy OCID is shown under the Tenancy Information.

4. Click Copy.
   

5. Paste it on the Tenant OCID field.

User OCID

You must first create an IAM user and assign the required permissions and policies on Oracle cloud console.

Create IAM User and Policy

Oracle Cloud Infrastructure Identity and Access Management (IAM) lets you control who has access to your cloud resources. You can control the type of access a group of users has and the resources.

1. To create an IAM User and Policy,

1. Navigate to Identity & Security > Identity > Users on the Oracle Cloud console.

2. Create local IAM user (for example, AuditUser).

3. Navigate to Identity > Groups > create group (for example, audit-group). Now, associate the user with the group.

4. Navigate to Identity > Policies > select root Compartment > Create Policy (for example, AuditPolicy).

5. Attach the group to the policy in the root compartment.

6. Policy Statements for AssetView Connectors:

   1. Allow group audit-group to inspect all-resources in tenancy

   2. Allow group audit-group to read instances in tenancy

   3. Allow group audit-group to read audit-events in tenancy

   4. Allow group audit-group to use virtual-network-family in tenancy

7. Policy Statements for AssetView+CSPM Connectors: 
   
   Allow group audit-group to read all-resources in tenancy

2. Once you create the user and assign the required permissions, you can copy the user’s OCID. Go to Identity > Users > User Details > Select the Users from the list.

3. The user OCID is shown under User Information. Copy and paste in the Connector creation wizard.

Private Key

You can obtain the Private Keys in a PEM format from your OCI account.

1. To obtain the Private Keys,

1. Navigate to your OCI Account.

2. Go to Identity > Users > User Details > API Keys > Add API Key > Select Generate API Key Pair.

3. Download the Private key and save it on your local file.

4. Click Add.

5. Once you have added the private key, OCI prompts the Configuration File Preview.

6. Copy the Private key's SHA fingerprint.

If you have closed the prompt, you can look for your recently added key in Users and copy the fingerprint from the Fingerprint column.

2. Upload the PEM file to the connector creation wizard and provide the fingerprint below.