This directory contains scripts for querying OCI Cloud Guard and Security Zones data.
get_cg_sz_data.py supports two top-level workflows:
exportfor bulk Cloud Guard / Security Zones exportsproblemfor enriched problem details (problem, sightings, impacted resources, endpoints)
If no arguments are provided, the script prints the help menu.
- Download the script:
wget https://raw.githubusercontent.com/Halimer/oci-scripts/master/cloud_guard/get_cg_sz_data.py- Create a virtual environment:
python3 -m venv oci_scripts_venv- Source the environment:
source oci_scripts_venv/bin/activate- Install dependencies:
pip3 install ocipython3 get_cg_sz_data.py [-t PROFILE] [-p PROXY] [-ip] [-dt] [--region REGION] {export,problem} ...-t,--profile: OCI config profile name-p,--proxy: HTTPS proxy (example:proxy.example.com:80)-ip: Use instance principals auth-dt: Use delegation token auth--region: Override region in loaded config
Exports Cloud Guard and/or Security Zones datasets.
python3 get_cg_sz_data.py export {cloud-guard|security-zones|all} [--output {json,csv}] [--output-file FILE] [--pretty]- Default output format is
csv - CSV mode writes the legacy files in current directory:
all_responders.csvall_detectors.csvall_problems.csvall_recommendations.csvsecurity_zone_policies.csv
- JSON mode returns a consolidated payload to stdout or
--output-file
Gets one enriched problem record by OCID, including:
sightingsimpacted_resourcesper sightingendpointsper sighting
python3 get_cg_sz_data.py problem get --problem-ocid OCID [--output {json,csv}] [--output-file FILE] [--pretty]- Default output format is
json - CSV mode writes a summary row for the problem record
Gets enriched details for all problems (optionally filtered).
python3 get_cg_sz_data.py problem list [--detector-name NAME] [--output {json,csv}] [--output-file FILE] [--pretty]--detector-nameis case-insensitive exact match (no substring matching)- Default output format is
json - CSV mode writes summary rows for matched problems
python3 get_cg_sz_data.py
python3 get_cg_sz_data.py --help
python3 get_cg_sz_data.py export --help
python3 get_cg_sz_data.py problem --helpUse local config (default):
python3 get_cg_sz_data.py export allUse instance principals:
python3 get_cg_sz_data.py -ip export cloud-guardUse delegation token:
python3 get_cg_sz_data.py -dt export cloud-guardUse non-default profile:
python3 get_cg_sz_data.py -t MYPROFILE export cloud-guardUse proxy:
python3 get_cg_sz_data.py -p proxy.example.com:80 export allUse region override:
python3 get_cg_sz_data.py --region us-ashburn-1 export allCloud Guard CSV exports:
python3 get_cg_sz_data.py export cloud-guardSecurity Zones CSV export:
python3 get_cg_sz_data.py export security-zonesAll CSV exports:
python3 get_cg_sz_data.py export allCloud Guard JSON to stdout:
python3 get_cg_sz_data.py export cloud-guard --output json --prettyAll JSON to file:
python3 get_cg_sz_data.py export all --output json --output-file export_all.json --prettyGet one problem (JSON stdout):
python3 get_cg_sz_data.py problem get --problem-ocid ocid1.cloudguardproblem.oc1..<unique_id>Get one problem and write JSON to file:
python3 get_cg_sz_data.py problem get --problem-ocid ocid1.cloudguardproblem.oc1..<unique_id> --output-file problem_details.json --prettyGet one problem as CSV summary:
python3 get_cg_sz_data.py problem get --problem-ocid ocid1.cloudguardproblem.oc1..<unique_id> --output csv --output-file problem_summary.csvList all problems with details (JSON):
python3 get_cg_sz_data.py problem list --prettyList all problems filtered by detector/problem name:
python3 get_cg_sz_data.py problem list --detector-name ROGUE_USER --output-file rogue_user_problems.json --prettyList all problems as CSV summary:
python3 get_cg_sz_data.py problem list --output csv --output-file problems_summary.csv