Prerequisites
- Organization Admin role in Kestrel
- OCI tenancy with permissions to create API keys and policies
- Access to the OCI Console or OCI CLI
Setup
Create an API key in OCI
- In the OCI Console, navigate to Identity → Users → Your User → API Keys
- Click Add API Key
- Download the private key file
- Note the fingerprint displayed after adding the key
Connect in Kestrel
- Navigate to Integrations → Cloud in your Kestrel dashboard
- Click Connect OCI Tenancy
- Fill in the connection form:
- Connection Name: A friendly name (e.g., “Production”)
- Tenancy OCID: Found in OCI Console → Tenancy Details
- User OCID: Found in OCI Console → User Settings
- Fingerprint: The API key fingerprint from Step 1
- Private Key: Paste the contents of the private key PEM file
- Region: Select your OCI home region
- Click Verify & Connect
VCN Flow Logs
After connecting:- Navigate to the connected tenancy in the Cloud Integrations page
- Expand the VCN Flow Logs section
- Click Enable to start collecting flow logs across your VCNs
- Kestrel creates the necessary log groups and flow log configurations
How It’s Used
In Workflows
- Trigger blocks: OCI Audit events, security list changes, VCN configuration changes
- Action blocks: Query OCI resources, describe instances, check security lists, generate Terraform fixes
In Incident Response
- Cloud security monitoring — detects misconfigurations across compute instances, object storage, VCNs, and IAM
- Terraform fix generation — generates IaC remediation targeting connected repositories
- VCN Flow Log analysis — analyzes traffic patterns for anomalous network behavior
In Cloud AI Copilot
- Ask questions about your OCI resources:
What compute instances are publicly accessible? - Investigate security findings across tenancies
- Query resource configurations and compliance posture
Managing Connections
- Refresh: Re-sync connection status and resource inventory
- Delete: Removes the connection from Kestrel. Clean up the API key and policy in OCI separately.