cloud.gcp
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags beginning with cloud.gcp identify events generated by Google Cloud Platform.
Valid tags and data tables
The full tag must have four levels. The first two are fixed as cloud.gcp and represent technology and brand. The third level corresponds to the service while the fourth identifies the type of events sent.
Technology | Brand | Service | Type |
|---|---|---|---|
cloud | gcp | scc |
|
bigquery | gmail | ||
logging | virtual_machines | ||
cloudaudit |
| ||
cloud_armor |
| ||
unknown | none | ||
compute |
| ||
dns | dns_queries | ||
gceguestagent | none | ||
ids | threat | ||
osconfigagent | none | ||
requests | - | ||
stackdriver | log | ||
stderr | - | ||
stdout | - | ||
syslog | none | ||
threatdetection | detection |
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
cloud.gcp.logging_virtual_machines | cloud.gcp |
cloud.gcp.scc.event_threat | cloud.gcp.scc.event_threat |
cloud.gcp.scc.findings | cloud.gcp.scc.findings |
cloud.gcp.bigquery.gmail | cloud.gcp.bigquery.gmail |
cloud.gcp.cloudaudit.k8s | cloud.gcp.cloudaudit.k8s |
cloud.gcp.cloudaudit.bigquery | cloud.gcp.cloudaudit.bigquery |
cloud.gcp.cloudaudit.data_access | cloud.gcp.cloudaudit.data_access |
cloud.gcp.cloudaudit.system_event | cloud.gcp.cloudaudit.system_event |
cloud.gcp.cloudaudit.policy.proto.gcp.sem-prod-9550 | cloud.gcp.cloudaudit.policy |
cloud.gcp.cloudaudit.activity | cloud.gcp.cloudaudit.activity |
cloud.gcp.cloudaudit.login | cloud.gcp.cloudaudit.login |
cloud.gcp.compute.firewall.json.gcp.tvg-network | cloud.gcp.compute.firewall |
cloud.gcp.compute.shielded_vm_integrity | cloud.gcp.compute.shielded_vm_integrity |
cloud.gcp.cloud_armor.adaptative_protection | cloud.gcp.cloud_armor.adaptative_protection |
cloud.gcp.cloud_armor.events | cloud.gcp.cloud_armor.events |
cloud.gcp.unknown.none | cloud.gcp.unknown.none |
cloud.gcp.dns.dns_queries.json.gcp.Ulta-security-nonprod | cloud.gcp.dns.dns_queries |
cloud.gcp.gceguestagent.none | cloud.gcp.gceguestagent.none |
cloud.gcp.ids.threat.server1.12123 | cloud.gcp.ids.threat |
cloud.gcp.osconfigagent.none | cloud.gcp.osconfigagent.none |
cloud.gcp.requests.none | cloud.gcp.requests |
cloud.gcp.stackdriver.log | cloud.gcp.stackdriver.log |
cloud.gcp.stderr.none | cloud.gcp.stderr |
cloud.gcp.stdout.none | cloud.gcp.stdout |
cloud.gcp.syslog.none | cloud.gcp.syslog.none |
cloud.gcp.threatdetection.detection | cloud.gcp.threatdetection.detection |
cloud.gcp.cloudaudit | cloud.gcp.cloudaudit |
Field transformations