Table of Contents | ||||||
---|---|---|---|---|---|---|
|
...
This collector lets you build, deploy and scale applications, websites, and services on the same infrastructure as Google. It also provides the possibility to integrate the Google Cloud Platform (GCP) with the Devo platform making it easy to query and analyze GCP event data. You can view it in the pre-configures Activeboards or you can customize it.
Devo’s GPC GCP collector also enables to retrieve data stored in the GPC GCP via Google Cloud APIs such as audit logs, Security Command Center findings, networking, load balance, and more available via Pub/Sub into Devo to query, correlate, analyze and visualize to enable Enterprise IT and Cybersecurity teams to take the most impactful decisions at the petabyte scale.
...
Info |
---|
The diagram is only an example to the GPC GCP services. There are many more GCP services. |
The Logging service has different ways of exporting the information stored and structured in messages. In this case, it’s being used by another GPC GCP service called PubSub, basically, this service will contain a topic object that will receive a filtered set of messages from the Logging service, then the GPC GCP collector will retrieve all those messages from the topic object using a subscription (in the pull mode).
...
GCP Project: You need to have a GPC GCP Project in the console to be able to receive data.
Service account: The Service account is a Google service that allows.
GCP Pub/Sub: It is the queue from which the events will be downloaded, it is necessary to create a Topic and a Subscription.
Sink (optional): The sink is a filter to receive only the type of events that you want.
...
Here you will find the steps to filter this type of event:
Action | Steps | |||
---|---|---|---|---|
1 | Activate Security Command Center service
| In order to receive this type of event, it is necessary to have the Security Command Center service activated. Refer to the Security Command Center Quickstart video from the Google guide. | ||
2 | Setting up a new topic | Refer to the Configuration of the Loggingsection to know how to do it. | ||
3 | Setting up a Pub/Sub | Refer to the Configuration of the Loggingsection to know how to do it. | ||
4 | Setting up a sink | Refer to the Configuration of the Loggingsection to know how to do it. |
...
Note |
---|
You have to use the |
Action | Steps | |
1 | Configure Identity and Access Management (IAM) roles. | Refer to the official Google guide in which additional configurations are described. |
2 | Activate the Security Command Center API. | |
3 | Setting up a Pub/Sub topic. | |
4 | Creating a Notification configuration. |
...
Authentication method | Project ID | Base64 credentials | File credentials | Available on | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Service account with Base64. |
|
|
| |||||||||||||
2 | Service account with the file credentials. |
|
|
|
...