Google Cloud Logging is a managed logging solution provided by Google Cloud Platform (GCP) that allows users to collect, store, search, analyze, and monitor logs generated by GCP services, third-party applications, and custom applications running on GCP.
What does this pack do
The Google Cloud Logging Cortex XSOAR pack helps users to centralize all their GCP logs in a single location, making it easier to troubleshoot issues and gain insights from their data.
Google Cloud Logging Integration
The Google Cloud Logging Integration enables you to retrieve selected log entries that originated from a project/folder/organization/billing account. See the Google Cloud Logging integration documentation for additional details.
What does this pack do
The Google Cloud Logging Cortex XSIAM pack helps users to centralize all their GCP logs in a single location, making it easier to troubleshoot issues and gain insights from their data.
Google Cloud Logging Integration
The Google Cloud Logging Integration enables you to retrieve selected log entries that originated from a project/folder/organization/billing account. See the Google Cloud Logging integration documentation for additional details.
Google Cloud Logging SIEM Content
The SIEM content includes Cortex Data Modeling (XDM) Rules and Parsing Rules which are applied on Google Cloud Audit Logs, Google Cloud DNS Query Logs and Google Cloud VPC Flow Logs. Audit and VPC Flow logs are ingested into the google_cloud_logging_raw
dataset, DNS logs are ingested into the google_dns_raw
dataset. Log are ingested via the Google Cloud Platform Pub/Sub data source on Cortex XSIAM. See Ingest Logs and Data from a GCP Pub/Sub for additional details.
- When configuring a sink to route Google Cloud logs to the Pub/Sub service as described here, you may wish to create an inclusion filter to include only a subset of the logs. See filter examples here and samples below:
logName:"cloudaudit.googleapis.com"
log_id("dns.googleapis.com/dns_queries")
log_id("compute.googleapis.com/vpc_flows")