Oracle ERP Observability & Protection

GTP Oracle ERP Patron

Ansible-driven health monitoring, AI Insight anomaly detection & predictive analytics platform for Oracle EBS, NetSuite, Fusion Cloud ERP, and JD Edwards - containerised and production-ready.

Platform Overview

Four Integrated Components, One Unified Platform

Patron is built on Python (FastAPI), DuckDB, React, Ansible, and an integrated AI engine - covering every layer of Oracle ERP observability, alerting, and threat response across four Oracle products.

Health Check Engine

Ansible-driven checks

150 checks across 96 OS-layer and 54 Oracle ERP application-layer categories - EBS, NetSuite, Fusion, JDE.

AI Insight Engine

Anomaly detection & predictive analytics

IsolationForest anomaly scoring · 15/60/240-min forecasts · Pearson cross-metric correlation matrix.

Alertmanager

Alerting & notification routing

Threshold-based alert rules · Slack, Email, Teams, PagerDuty, Webhook · full alert lifecycle management.

MDR & Grafana

SOC & observability dashboards

MITRE ATT&CK mapped threat detection · 5 SOC playbooks · 3 Grafana dashboards powered by DuckDB.

Oracle ERP Coverage

Four Oracle Products, Three Deployment Scenarios

Patron monitors Oracle EBS, NetSuite, Fusion Cloud ERP, and JD Edwards across on-premises, cloud SaaS, and hybrid deployments - using Ansible as the primary data collection engine with product-native connection methods.

Oracle E-Business Suite (On-Premises) - SSH, SOAP, OCI connection methods
Oracle NetSuite ERP (Cloud SaaS) - REST with TBA authentication
Oracle Fusion Cloud ERP (Hybrid) - OIC, FBDI, EDM, OCI, REST OAuth2 connections
Oracle JD Edwards E1 (On-Premises) - SSH, JDE Orchestrator REST, OCI
Every playbook run produces structured findings stored in DuckDB, feeding AI Insight in real time

Oracle ERP Product Matrix

Oracle E-Business Suite
On-Premises · SSH · SOAP · OCI · 13 app-layer checks
Oracle NetSuite ERP
Cloud SaaS · REST (TBA auth) · 12 app-layer checks
Oracle Fusion Cloud ERP
Hybrid · OIC · FBDI · EDM · OCI · OAuth2 · 14 app-layer checks
Oracle JD Edwards E1
On-Premises · SSH · JDE Orchestrator · OCI · 15 app-layer checks
AI Engine

AI Insight - Predictive Intelligence for Oracle ERP

The AI Insight engine continuously analyses health check findings stored in DuckDB, surfacing anomalies, predicted threshold breaches, and root-cause signals before they become incidents - powered by scikit-learn and NumPy.

Isolation Forest anomaly detection - 200 trees, 4% contamination, 24 metric features per host across 8 simulated hosts
Predictive forecasts at 15, 60, and 240-minute horizons with confidence bands and breach-risk percentage
Pearson cross-metric correlation - full 24×24 matrix, top pairs, auto-generated insight narratives for strong/moderate relationships
Composite anomaly score [0–1] mapped to NORMAL / LOW / MEDIUM / HIGH / CRITICAL severity levels
5 dedicated AI API endpoints - fleet summary, per-host anomaly, forecast, correlation, and metrics catalogue
AI Insight - Capabilities
Anomaly Detection
IsolationForest · 200 estimators · 24 features · 120 rolling snapshots per host
Predictive Forecasting
Weighted least-squares · 30% mean-reversion · 15 / 60 / 240 min horizons · ±1σ bands
Root-Cause Correlation
Pearson 24×24 matrix · top pairs · strong (|r| ≥ 0.7) and moderate (|r| ≥ 0.4) narratives
24 Tracked Metric Fields
Performance · Resource · Security · Log/Audit · ERP-specific (concurrent failures, API latency, UBE queue, OIC error rate)
Health Check Engine

150 Ansible Checks - OS & Oracle ERP Application Layer

The Health Check Engine dispatches Ansible playbooks for each Oracle ERP product, returning structured findings to DuckDB. Every check carries a name, threshold, unit, Ansible module reference, and remediation guidance.

OS-layer: 96 checks across performance, security, resource, configuration, and log_audit categories
EBS: 13 checks - Oracle Listener, FNDLIBR workers, OHS, Forms, concurrent queue, adop patch status
NetSuite: 12 checks - REST API health, OAuth token expiry, SuiteScript queue, API rate %, TLS expiry
Fusion Cloud: 14 checks - OIC REST health, OIC error rate %, ESS queue, FBDI staging, EDM sync, FA REST latency
JDE: 15 checks - Enterprise Server kernel procs, JAS, JDENET_K, UBE queue, Orchestrator, ServerManager

Check Distribution

OS Performance20 checks
OS Security23 checks
OS Resource16 checks
OS Configuration20 checks
OS Log & Audit17 checks
Oracle ERP Application54 checks
Total Checks150
Alerting & Notification

Alertmanager - Intelligent Alerting & Routing

The Alertmanager evaluates configurable threshold-based alert rules against health findings and manages the full alert lifecycle from firing through acknowledgement to resolution, delivering notifications across five channel types.

Alert lifecycle: firing → acknowledged / silenced → resolved - full state machine with cooldown periods
5 pre-seeded alert rules: Critical Risk Score, High CPU, Security Compliance Failure, Disk Space Critical, Ansible Playbook Failure
5 notification channel types: Slack, Email, Microsoft Teams, PagerDuty, Webhook - all with full CRUD management
Rule conditions: gt, lt, gte, lte, eq, neq - configurable thresholds for any metric field

Pre-Seeded Alert Rules

Critical Risk Score > 80Critical · 30m
High CPU Utilisation > 85%High · 60m
Security Compliance FailureHigh · 120m
Disk Space Critical > 90%Critical · 30m
Ansible Playbook FailureHigh · 15m

Notification Channels

Slack Email Teams PagerDuty Webhook
Security Operations Centre

MDR - Managed Threat Detection & Response

The MDR component is the SOC layer of the platform. It combines AI anomaly signals, Oracle ERP audit events, and analyst intelligence to detect, investigate, and respond to cyber threats in real time - fully mapped to the MITRE ATT&CK framework.

30 Oracle ERP-relevant MITRE ATT&CK techniques across 12 tactics - 53.3% overall framework coverage
5 detailed SOC response playbooks for highest-impact Oracle ERP techniques (T1110, T1078, T1190, T1562, T1489)
Incident lifecycle: new → triaged → investigating → contained → resolved → closed with MTTR and dwell-time tracking
Interactive ATT&CK Navigator - 14 tactic columns, colour-coded coverage heatmap, expandable technique detail panels
PDF MDR report section - active incidents, critical threats, ATT&CK coverage %, detection severity breakdown, top-15 detections
MITRE ATT&CK Coverage
Initial Access & Execution6 techniques
Persistence & Privilege Escalation5 techniques
Credential Access & Discovery5 techniques
Collection, Exfiltration & Impact8 techniques
Defense Evasion & Lateral Movement6 techniques
Total Coverage53.3% (30 techniques)
Reporting & Observability

PDF Reports & Grafana Observability Dashboards

Branded A4 PDF reports generated asynchronously via ReportLab, alongside three fully provisioned Grafana 10.x dashboard JSON definitions - ERP Health Checks, AI Insight, and MDR Threat Detection.

7-Section PDF Report

Cover · Executive Summary · Health Checks · AI Insight · Alerts · MDR · Recommendations - generated async via BackgroundTasks.

ERP Health Dashboard

9 Grafana panels - severity trend, pass/fail breakdown, category stacked bar, top-failing checks, per-product pass rates.

AI Insight Dashboard

9 Grafana panels - fleet score, anomaly scores per host, forecast risk %, cross-metric correlation table, 7-day anomaly trend.

MDR Threat Dashboard

11 Grafana panels - threat trend time-series, severity donut, ATT&CK tactic bar, active incidents and technique tables.

Key Capabilities

What Makes GTP Oracle ERP Patron Unique

AI-Powered Anomaly Detection

Isolation Forest continuously scores 24 ERP metrics per host and surfaces outliers before they escalate to incidents.

Ansible-Native Health Checks

150 Ansible-driven checks span every Oracle ERP layer - OS through application - with remediation guidance for every finding.

MITRE ATT&CK SOC

30 Oracle ERP-relevant ATT&CK techniques with 5 detailed SOC playbooks, incident management, and an interactive coverage navigator.

JWT RBAC & Security

Three-tier RBAC (Patron Admin, Patron User, Guest) with JWT HS256 tokens, bcrypt password hashing, and fine-grained permission matrix.

Docker & Production Ready

Full Docker Compose stack - React Vite frontend, FastAPI backend, DuckDB persistence. One command to launch the full platform.

DuckDB Embedded Analytics

No external database server required. DuckDB stores all findings, runs, alerts, and MDR data with zero configuration overhead.

Branded PDF Reports

ReportLab A4 reports with async generation, live status polling, and one-click download - including Executive Summary, AI Insight, and MDR sections.

Backup & Restore

Full configuration snapshot export/import - ERP products, connections, alert rules, and notification channels backed up to timestamped JSON.

Platform Architecture

Ansible runs health checks and feeds DuckDB. The FastAPI backend exposes 80 routes across 11 modules, serving the React dashboard, AI Insight engine, Alertmanager, PDF engine, MDR SOC, and Grafana observability layer.

Ansible
Control Node
150 playbook checks
FastAPI + DuckDB
80 routes · 11 modules
Embedded analytics DB
React Dashboard
Vite · TanStack Query
Recharts · 12 pages
AI Insight
IsolationForest
Forecasts · Correlation
Alertmanager
5 rule types
5 channel types
MDR SOC
MITRE ATT&CK
30 techniques · 5 playbooks
Grafana
3 dashboards
DuckDB datasource
Technology Stack
Python 3.11 FastAPI DuckDB Ansible scikit-learn React 19 Vite 8 TanStack Query v5 Recharts ReportLab 4.2 Grafana 10.x JWT HS256 Docker Compose Nginx
Deployment

From Demo to Production in Minutes

Patron ships as a fully containerised Docker Compose stack. A zero-credential demo environment with simulated Oracle ERP metrics lets you evaluate the full platform without a live Oracle system.

Docker Compose stack - erp-patron-ui (nginx:1.27-alpine) + erp-patron-api (python:3.11-slim) on a private bridge network
Nginx reverse proxy - all /api/* requests forwarded to the FastAPI backend; React SPA served on port 80/443
Bare metal option - Systemd + Nginx deployment for production environments without container orchestration
DuckDB named volume (erp_patron_data) ensures data persistence across container restarts and upgrades

Quick Start

# Start the full platform
docker compose up --build
scroll to see full command

Default Access

:80React Dashboard (via Nginx)
:8000FastAPI Backend (direct)
/docsInteractive API Documentation

Get AI-Powered Oracle ERP Observability for Your Enterprise

Schedule a demo to see GTP Oracle ERP Patron in action - from Ansible health checks and AI anomaly detection to MITRE ATT&CK-mapped SOC response, protecting your Oracle ERP landscape end to end.

Schedule a Demo