Versions Compared

Old Version 26

changes.mady.by.user Sarah Bigault

Saved on

compared with

New Version 27

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat

...

This collector lets you build, deploy and scale applications, websites, and services on the same infrastructure as Google. It also provides the possibility to integrate the Google Cloud Platform (GCP) with the Devo platform making it easy to query and analyze GCP event data. You can view it in the pre-configures Activeboards or you can customize it.

Devo’s GPC GCP collector also enables to retrieve data stored in the GPC GCP via Google Cloud APIs such as audit logs, Security Command Center findings, networking, load balance, and more available via Pub/Sub into Devo to query, correlate, analyze and visualize to enable Enterprise IT and Cybersecurity teams to take the most impactful decisions at the petabyte scale.

...

Info

The diagram is only an example to the GPC GCP services. There are many more GCP services.

The Logging service has different ways of exporting the information stored and structured in messages. In this case, it’s being used by another GPC GCP service called PubSub, basically, this service will contain a topic object that will receive a filtered set of messages from the Logging service, then the GPC GCP collector will retrieve all those messages from the topic object using a subscription (in the pull mode).

...

  1. GCP Project: You need to have a GPC GCP Project in the console to be able to receive data.

  2. Service account: The Service account is a Google service that allows.

  3. GCP Pub/Sub: It is the queue from which the events will be downloaded, it is necessary to create a Topic and a Subscription.

  4. Sink (optional): The sink is a filter to receive only the type of events that you want.

...

Here you will find the steps to filter this type of event:

Action

Steps

1

Activate Security Command Center service

Info

When SCC is activated, the events will go directly through the Logging service to the default sink. The following steps are optional but recommended to filter SCC events on another Pub/Sub.

In order to receive this type of event, it is necessary to have the Security Command Center service activated.

Refer to the Security Command Center Quickstart video from the Google guide.

2

Setting up a new topic

Refer to the Configuration of the Loggingsection to know how to do it.

3

Setting up a Pub/Sub

Refer to the Configuration of the Loggingsection to know how to do it.

4

Setting up a sink

Refer to the Configuration of the Loggingsection to know how to do it.

...

Note

You have to use the scc_findigs service to pull this data source.

Action

Steps

1

Configure Identity and Access Management (IAM) roles.

Refer to the official Google guide in which additional configurations are described.

2

Activate the Security Command Center API.

3

Setting up a Pub/Sub topic.

4

Creating a Notification configuration.

...

Authentication method

Project ID

Base64 credentials

File credentials

Available on

1

Service account with Base64.

Status
colourGreen
titleRequired

Status
colourGreen
titleRequired

  • Collector Server

  • On-Premise

2

Service account with the file credentials.

Status
colourGreen
titleRequired

Status
colourGreen
titleRequired

  • On-Premise

...