I recently got a requirement to get all Cloud Guard recipes and their rule risk levels printed out. I could go and get them one by one from the Console but thought it’s doable via OCI CLI. Looking the CLI command reference, there are two commands that are required:
“oci cloud-guard detector-recipe list” which will get all the detector recipes, in my tenancy I only have Oracle Managed Recipes, but you might want to ignore them and get the ones you have enabled in your tenancy (custom ones).
Above command is needed because next I will run “oci cloud-guard detector-recipe-detector-rule list“. This will get me all the rules in a given recipe. So, how to get this data nicely out? How I did it, was to use json query within the query and then loop them through via shell script. Not the smoothest way, but I do think what might help someone else is just understanding the depth of json query with OCI CLI you need to provide.
You can see in below script that I have to use data.items[] and not just data[] to get the necessary values. One good way of debugging what you actually need, is just get all the data as json output first, and then see what data you need to query.
Script goes through all recipes, then rules for them and finally outputs everything to a CSV file. You can use similar approach for any data you need to pull out from OCI.
Script:
#!/bin/bash
# Variables
COMPARTMENT_ID=“,TENANCY_OCID>"
OUTPUT_FILE="RECIPE_RULES.csv"
# Header for CSV
echo "Recipe Name,Rule ID,Rule Name,Risk Level" > "$OUTPUT_FILE"
# Get all detector recipes in the compartment
RECIPE_LIST=$(oci cloud-guard detector-recipe list \
--compartment-id "$COMPARTMENT_ID" \
--all \
--query 'data.items[].{id:id, name:"display-name"}' \
--output json)
# Iterate each recipe
echo "$RECIPE_LIST" | jq -c '.[]' | while read -r row; do
RECIPE_ID=$(echo "$row" | jq -r '.id')
RECIPE_NAME=$(echo "$row" | jq -r '.name')
# Get all rules for the recipe
RULE_LIST=$(oci cloud-guard detector-recipe-detector-rule list \
--compartment-id "$COMPARTMENT_ID" \
--detector-recipe-id "$RECIPE_ID" \
--all \
--query 'data.items[].{ruleId:id, ruleName:"display-name", riskLevel:"detector-details"."risk-level"}' \
--output json)
# Iterate each rule
echo "$RULE_LIST" | jq -c '.[]' | while IFS= read -r rule; do
RULE_ID=$(echo "$rule" | jq -r '.ruleId')
RULE_NAME=$(echo "$rule" | jq -r '.ruleName')
RISK_LEVEL=$(echo "$rule" | jq -r '.riskLevel')
# Append to CSV file
echo "$RECIPE_NAME,$RULE_NAME,$RULE_ID,$RISK_LEVEL" >> "$OUTPUT_FILE"
done
done
# Output
echo "Data exported to $OUTPUT_FILE"
I recently came across requirement to get OCI Oracle Autonomous Database audit logs to OCI…
Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This…
I bet few years back folks didn't expect that by 2024 we would be able…
This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…