Cloud Enrichment — Oracle Cloud (OCI)
Enriched fields produced by this configuration are applied and available in the Network Conversations Module output.
When Oracle Cloud VCN Flow Log ingestion is configured, NFO enriches flows with compute instance names, VCN and subnet identifiers, compartment and tenancy context, and public IP addresses. The EDFN agent uses the same key-based or instance principal credentials configured for ingestion to retrieve this metadata. No additional access configuration is required.
Prerequisite: OCI VCN Flow Log ingestion must be configured first. See OCI VCN Flow Logs Configuration for setup instructions.
Enriched Fields
The table below lists the enrichment fields added by NFO to OCI VCN flow records. Fields marked as Built-in are populated from the Cloud Service & Region lookup and require no ingestion setup.
| Field | Source | Description |
|---|---|---|
src_cloud_service | Built-in | OCI service associated with the source IP |
dest_cloud_service | Built-in | OCI service associated with the destination IP |
src_cloud_region | Built-in | OCI region of the source IP (e.g. us-ashburn-1, eu-frankfurt-1) |
dest_cloud_region | Built-in | OCI region of the destination IP |
src_vm_name | Ingestion | Name of the source compute instance |
dest_vm_name | Ingestion | Name of the destination compute instance |
oci_src_vcn_name | Ingestion | Source Virtual Cloud Network name |
oci_dest_vcn_name | Ingestion | Destination Virtual Cloud Network name |
oci_src_subnet_name | Ingestion | Source subnet name |
oci_dest_subnet_name | Ingestion | Destination subnet name |
oci_src_tenant_name | Ingestion | Source tenancy name |
oci_dest_tenant_name | Ingestion | Destination tenancy name |
oci_src_compartment_name | Ingestion | Name of the source compartment |
oci_dest_compartment_name | Ingestion | Name of the destination compartment |
oci_src_ip_pub | Ingestion | Source instance public IP address |
oci_dest_ip_pub | Ingestion | Destination instance public IP address |
How Enrichment Is Updated
The EDFN agent periodically queries the OCI API to refresh its lookup of instance names, VCN names, subnet names, and compartment identifiers. The refresh interval is controlled by the Cron Schedule setting in the EDFN Agent configuration for OCI VCN Flow Logs.
For multi-tenancy environments using key-based authentication, enrichment data is retrieved independently for each configured tenancy.
Credential Requirements
The OCI policy used for ingestion already grants the permissions needed for enrichment. The following policy statements are required for both key-based and instance principal authentication:
Allow group <group-name> to inspect virtual-network-family in tenancy
Allow group <group-name> to read public-ips in tenancy
Allow group <group-name> to read ipv6s in tenancy
Allow group <group-name> to read instances in tenancy
Allow group <group-name> to inspect streams in tenancy
Allow group <group-name> to use streams in tenancy where target.stream.id = '<STREAM-OCID>'
No additional permissions are required beyond the standard ingestion policy.