Oracle Object Storage
Connecting oracle object storage to lightbeam
Overview
LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.
Connecting Oracle Object Storage Data Source
Login to your LightBeam Instance.
Click on DATASOURCES on the Top Navigation Bar.
Click on “Add a data source”.
Search for “Oracle Object Storage”.
Click on Oracle Object Storage.
Fill in the requested information and click on Next.
Basic Information
Data Source Name: This is the unique name given to the data source.
Description: This is an optional field needed to describe the use of this data source.
Primary Owner: Email address of the person responsible for this data source which will get alerts by default.
Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called entities. Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.
Source of Truth: LightBeam Spectra would have monitored data sources that contain data acting as a single point of truth and that can be used for looking up entities/attributes which help to identify if the other attributes/entities found in any other data source are accurate or not. A Source of Truth data set would create entities based on the attributes found in the data.
Location: The location of the data source.
Purpose: The purpose of the data being collected/processed.
Stage: The stage of the data source. Example: Source, Processing, Archival, etc.
Data Source Configuration LightBeam uses the "Live Scan" approach, which tracks changes made to objects in buckets and makes use of Oracle Events Streaming and Event rules to provide real-time updates of these changes.
Each bucket must have the emit object events as enabled for this to work.
Under the connection stage enter the credentials required.
Please ensure that appropriate permissions to do this are configured with these credentials.
Fingerprint: It refers to the unique hash generated for an uploaded/generated API key.
Tenancy OCID: Oracle assigned cloud identifier for the tenancy under which the account exists.
Tenancy Region: The home region the tenancy was created under.
User OCID: Oracle assigned cloud identifier for the user account whose credentials are being used.
Private Key: Private key that was downloaded when the api key was created.
2. Verify that you get the message Connection Success! on the screen. Click on Next.
3. Choose the compartments from which the buckets need to be scanned.
4. In this step, you can choose either of two scan setting options –
Scan all buckets
Scan selected buckets
Please Note: Emit Object Events must be enabled on the buckets that we are scanning for it be able to send out live events as shown below(in the oci console):
To choose option (i), select Scan all Buckets , and click on Validate And Save.
Now that the Oracle Object Storage datasource is connected to LightBeam, we can begin viewing the dashboard and other pages of the onboarded datasource.
Appendix
Steps to get Oracle Object Storage credentials
Log in to : https://www.oracle.com/in/cloud/sign-in.html on with user on whose behalf the credentials will be created.
As a prerequisite we need to ensure that the user is a member of a group example: Oracle Object Storage Datasource Group and there is a policy created in the root compartment with these rules
Allow group 'Oracle Object Storage Datasource Group' to manage compartments in tenancy
Allow group 'Oracle Object Storage Datasource Group' to read buckets in tenancy
Allow group 'Oracle Object Storage Datasource Group' to read objects in tenancy
Allow group 'Oracle Object Storage Datasource Group' to manage streams in compartment lightbeam-object-datasource-resources
Allow group 'Oracle Object Storage Datasource Group' to manage stream-pools in compartment lightbeam-object-datasource-resources
Allow group 'Oracle Object Storage Datasource Group' to manage cloudevents-rules in tenancy
Allow group 'Oracle Object Storage Datasource Group' to inspect compartments in tenancy
Allow group 'Oracle Object Storage Datasource Group' to use stream-push in tenancy
Allow group 'Oracle Object Storage Datasource Group' to use stream-pull in tenancy
Allow group 'Oracle Object Storage Datasource Group' to inspect objects in tenancy
Allow group 'Oracle Object Storage Group' to inspect users in tenancyIf you would like to not assign the permissions to manage compartments please create a new compartment called lightbeam-object-datasource-resources. This new compartment is used for creating resources (stream, stream pools etc) for live scanning the buckets.
We need to go to user settings.
Click on tokens and keys tab and click on add an API key.
A new slide opens with generate a API key pair allowing you to download the private key ( we will need this later).
Once the private key is downloaded the api key can be added and we will be able to see the configuration file that we need during datasource registration. We can copy these values and use them during datasource registration.
About LightBeam
LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.
For any questions or suggestions, please get in touch with us at: [email protected].
Last updated