...
Log Type | Ingestion label | Preferred Logging Protocol - Format | Log Collection Method | N/AData Source |
|---|---|---|---|---|
Security Command Center Threat | GCP_SECURITYCENTER_THREAT | API Prop Vendor API - JSONC2C | Direct Ingestion | https://cloud.google.com/chronicle/docs/ingestion/cloud/ingest-gcp-logs#exporting_findings_to |
Device Configuration
Before you can ingest your Google Cloud data into your Chronicle instance, you must complete the following steps:
...
Navigate to the Chronicle page for the Google Cloud console.
Go to the Chronicle pageEnter your one-time access code in the 1-time Chronicle access code.
Select I consent to the terms and conditions of Chronicle's usage of my Google Cloud data.
Click Connect Chronicle. Your Google Cloud data is now going to be sent to Chronicle.
...
...
Once Google cloud connected to Chronicle, you need to enable Google Cloud Logging, see below screenshot.
...
click Save.
...
Your Google Cloud data is now going to be sent to Chronicle.
To Enable GCP logs
Under Security Tab, navigate to Detections and Controls > Google SecOps
...
Select the project which Security Command Center logs you want to monitor.
...
Enable Security Command Center Premium Findings
Integration Parameters
The integration feed details are not required as service is sending data directly to the chronicle. Please refer device configuration.