Skip to main content

Google Cloud Logging

Details
Content
Dependencies
Version History

Download With Dependencies

Google Cloud Logging is a managed logging solution provided by Google Cloud Platform (GCP) that allows users to collect, store, search, analyze, and monitor logs generated by GCP services, third-party applications, and custom applications running on GCP.

What does this pack do

The Google Cloud Logging Cortex XSOAR pack helps users to centralize all their GCP logs in a single location, making it easier to troubleshoot issues and gain insights from their data.

Google Cloud Logging Integration

The Google Cloud Logging Integration enables you to retrieve selected log entries that originated from a project/folder/organization/billing account. See the Google Cloud Logging integration documentation for additional details.

What does this pack do

The Google Cloud Logging Cortex XSIAM pack helps users to centralize all their GCP logs in a single location, making it easier to troubleshoot issues and gain insights from their data.

Google Cloud Logging Integration

The Google Cloud Logging Integration enables you to retrieve selected log entries that originated from a project/folder/organization/billing account. See the Google Cloud Logging integration documentation for additional details.

Google Cloud Logging SIEM Content

The SIEM content includes Cortex Data Modeling (XDM) Rules and Parsing Rules which are applied on Google Cloud Audit Logs, Google Cloud DNS Query Logs and Google Cloud VPC Flow Logs. Audit and VPC Flow logs are ingested into the google_cloud_logging_raw dataset, DNS logs are ingested into the google_dns_raw dataset. Log are ingested via the Google Cloud Platform Pub/Sub data source on Cortex XSIAM. See Ingest Logs and Data from a GCP Pub/Sub for additional details.

Remarks

When configuring a sink to route Google Cloud logs to the Pub/Sub service as described here, you may wish to create an inclusion filter to include only a subset of the logs. See filter examples here and samples below:
- Sample filter for including only Google Cloud Audit Logs:

     logName:"cloudaudit.googleapis.com"

Sample filter for including only Google Cloud DNS Query Logs:

    log_id("dns.googleapis.com/dns_queries")

Sample filter for including only Google Cloud VPC Flow Logs:

    log_id("compute.googleapis.com/vpc_flows")

For auditing Data Access Audit Logs, you may need to explicitly enable the requested Google Cloud services. See Enable Data Access audit logs for additional details.

Integrations

Name	Description
Google Cloud Logging	With Google Cloud Logging, users can centralize all their logs in a single location, making it easier to troubleshoot issues and gain insights from their data.

Integrations

Name	Description
Google Cloud Logging	With Google Cloud Logging, users can centralize all their logs in a single location, making it easier to troubleshoot issues and gain insights from their data.

Modeling Rules

Name	Description
Google Cloud Logging Modeling Rule

Parsing Rules

Name	Description
Google Cloud Logging Parsing Rule

1.0.22 - 3481649 (May 21, 2025)

Integrations

Google Cloud Logging

Improved error message from the vendor.

Related pull requests:
- 39991

Download

1.0.21 - 3375447 (May 11, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 39642

Download

1.0.20 - R3340687 (May 7, 2025)

Integrations

Google Cloud Logging

Metadata and documentation improvements.

Related pull requests:
- 39077

Download

1.0.19 - R2988527 (March 26, 2025)

Integrations

Google Cloud Logging

Fixed performance issues.

Related pull requests:
- 38203

Download

1.0.18 - 1855875 (December 23, 2024)

Integrations

Google Cloud Logging

Improved error message from the vendor.

Related pull requests:
- 37677

Download

1.0.17 - R1741355 (December 3, 2024)

Integrations

Google Cloud Logging

Updated the Docker image to: demisto/google-api-py3:1.0.0.116623.

Related pull requests:
- 37230
- 37227

Download

1.0.16 - 1605511 (November 7, 2024)

Integrations

Google Cloud Logging

Updated the Docker image to: demisto/google-api-py3:1.0.0.115331.

Related pull requests:
- 37091
- 37087

Download

1.0.15 - 1552510 (October 27, 2024)

Integrations

Google Cloud Logging

Updated the Docker image to: demisto/google-api-py3:1.0.0.114199.

Related pull requests:
- 36797
- 36788
- 36789
- 36793
- 36792
- 36787

Download

1.0.14 - 1504524 (October 14, 2024)

Integrations

Google Cloud Logging

Updated the Docker image to: demisto/google-api-py3:1.0.0.112317.

Related pull requests:
- 36505
- 36495
- 36494
- 36493
- 36492
- 36491
- 36490
- 36489
- 36486
- 36485
- 36484
- 36483
- 36488
- 36487

Download

1.0.13 - 1275748 (August 15, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 35639

Download

1.0.22 - 3481649 (May 21, 2025)

Integrations

Google Cloud Logging

Improved error message from the vendor.

Related pull requests:
- 39991

Download

1.0.21 - 3386461 (May 12, 2025)

Modeling Rules

Google Cloud Logging Modeling Rule

Updated the Google Cloud Logging Modeling Rule to support VPC Flow Logs.

Related pull requests:
- 39642

Download

1.0.20 - R3340687 (May 7, 2025)

Integrations

Google Cloud Logging

Metadata and documentation improvements.

Related pull requests:
- 39077

Download

1.0.19 - R2988527 (March 26, 2025)

Integrations

Google Cloud Logging

Fixed performance issues.

Related pull requests:
- 38203

Download

1.0.18 - 1855875 (December 23, 2024)

Integrations

Google Cloud Logging

Improved error message from the vendor.

Related pull requests:
- 37677

Download

1.0.17 - R1741355 (December 3, 2024)

Integrations

Google Cloud Logging

Updated the Docker image to: demisto/google-api-py3:1.0.0.116623.

Related pull requests:
- 37230
- 37227

Download

1.0.16 - 1605511 (November 7, 2024)

Integrations

Google Cloud Logging

Updated the Docker image to: demisto/google-api-py3:1.0.0.115331.

Related pull requests:
- 37091
- 37087

Download

1.0.15 - 1552510 (October 27, 2024)

Integrations

Google Cloud Logging

Updated the Docker image to: demisto/google-api-py3:1.0.0.114199.

Related pull requests:
- 36797
- 36788
- 36789
- 36793
- 36792
- 36787

Download

1.0.14 - 1504524 (October 14, 2024)

Integrations

Google Cloud Logging

Updated the Docker image to: demisto/google-api-py3:1.0.0.112317.

Related pull requests:
- 36505
- 36495
- 36494
- 36493
- 36492
- 36491
- 36490
- 36489
- 36486
- 36485
- 36484
- 36483
- 36488
- 36487

Download

1.0.13 - 1275748 (August 15, 2024)

Modeling Rules

New: Google Cloud Logging Modeling Rule

Added an XDM mapping for GCP logs which are ingested via the Google Cloud Platform Pub/Sub Data Source (Available from Cortex XSIAM 2.3). The XDM apply to the following log types:

Audit Logs:
- Admin Activity audit logs.
- Data Access audit logs.
- System Event audit logs.
- Policy Denied audit logs.
DNS Queries.

Parsing Rules

New: Google Cloud Logging Parsing Rule

Added an assignment of the ingested Audit and DNS logs timestamp field to the _time field for logs ingested via the Google Cloud Platform Pub/Sub Data Source (Available from Cortex XSIAM 2.3).

Related pull requests:
- 35639

Download

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	May 16, 2023
Last Release	May 21, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

Google Cloud Logging

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.