Accenture MDR Quick Start Guide for Google Cloud Platform (GCP) VPC Flow

Owned by KM (Unlicensed)
Last updated: Jun 16, 2022 by KS
5 min read

This quick start guide will help Accenture MDR customers configure Google Cloud Platform (GCP) VPC to allow log collection from the Log Collection Platform (LCP).

 

The document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found at

Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

Port Requirements

Table 1-1: Port requirements for LCP communication.

Source 

Destination

Port

Description

LCP

Google Cloud Platform 

443 (TCP)

Default port

Configuring Google Cloud Platform VPC

To configure the Google Cloud Platform VPC, you have to perform the below settings

  1. Enable VPC Flow Logs

2. Create Topic

3. Create Pull Subscription

4. Creating Service Account

5. Set Permission

6. Exporting logs from another project

  • Enable VPC Flow Logs

a. Go to Google Cloud Platform Console.

b. Navigate to VPC Network > VPC Networks.

c. From the Subnets column, select the subnet that you want to enable VPC flow logs.

d. The Subnet details page will list the subnet properties and settings. Click Edit button at the top of the page.

e. Enable On Radio button under the Flow logs settings section.

f. Click Save.

 

  • Create Topic

To configure sink to export logs to a Pub/Sub topic:

a. Navigate to Logging > Logs Viewer to view the  Stackdriver section

b. Click the drop-down button in the text search bar and click  Convert to Advanced filter​

c. Add below code in the Filter search box & click submit filter. (<project id> is Google project id)

resource.type="gce_subnetwork"logName=("projects/<project id>/logs/compute.googleapis.com%2Factivity" OR "projects/<project id>/logs/compute.googleapis.com%2Factivity_log" OR"projects/<project id>/logs/compute.googleapis.com%2Ffirewall" OR "projects/<project id>/logs/compute.googleapis.com%2Fvpc_flows")

  Note: Replace the value <project id> with the Google Project id.

d. Click Create Export from the toolbar located at top of the page.

e. The Edit Export sidebar that pops over the right of the page. Enter the properties of the new sink:

I. Enter the Sink Name in the Sink Name text box.

II. Select the Sink Service as Choose Cloud Pub/Sub from the drop-down box.

III. Select the Sink Destination as Create new Cloud Pub/Sub topic. 

IV. the resulting modal, enter any topic name of your choice. 

 Note: Invalid characters, spaces will prevent activation of the Create Sink button (no error messages).

f. Click Create Sink button.

g. Once the sink has been saved a modal will open to confirm success creation of sink and to provide new sink information.

  • Create Pull Subscription

    1. Navigate to Big Data section and go to Pub/Sub >Topics

    2. List of Topics will appear in the left pane. Select the topic which you have created and click on the sub menu icon .

    3. Select New Subscription from the topic sub-menu.

    4. Create a subscription page by enter the properties for the new subscription:

I. Enter the Subscription name in the Subscription name text box.

II. Enable the Pull option under Delivery type.

III. Enable Never Expire option for the Subscription expiration.

IV. Enter the maximum permitted value for the Acknowledgment Deadline.

V. Enter the maximum permitted value for the Message retention duration.

e. Click Create. 

f. Open the subscriptions option on the left pane to view the subscription details.

  • Creating Service Account

    1. Navigate to API's & Services and select Credentials

    2. Click on Create credentials and select Help me to choose option

    3. Select the Stackdriver Trace API from the drop-down menu.

    4. Enable No, I'm not using them radio button

    5. Click on What credentials do I need?

    6. In the Add credentials to your project page, specify the properties as follows

I. Enter the Service Account name in the textbox

  Note: Don't use any Special symbol or white space character, also provide the client name in small capital letters.

II. Select the Role value as Pub/Sub and choose Pub/Sub Subscriber and Pub/Sub Viewer

III. Select JSON for the Key type

g. Copy Service account ID.

h. Click Continue. The JSON file will be downloaded

  • Set Permission

    1. In the Google Cloud Platform console, navigate to the Big Data > Pub/Sub > Subscriptions.

    2. The left pane of the page will list the topics available. Select the topic which you have created and click the checkbox to the left of the row.

    3. The permissions for that topic will now appear in the Permissions pane to the right side of the page.

    4. Specify properties for a new member:

I. Enter the Service account you have created (example : vpcpuller@vpc-flow-log-project.iam.gservice.com)

II. Choose both Pub/Sub Subscriber and Pub/Sub Viewer from the Role drop-down.

e. Click on save

  • Exporting logs from another project

a. Perform the steps which has mentioned in Enable VPC Flow Logs

b. In point 5c, Select Sink Destination and choose Use a Cloud Pub/Sub topic in another project

c. This will change the Sink Description as follows,

pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID].

d. Replace the PROJECT_ID & TOPIC_ID with the Project ID and Topic ID that you have created.

 Note:  If you have multiple project ID, then follow the above steps to export the logs. 

LCP Configuration Parameters

Table 1-2: The Google Cloud Platform event collector(API-3885) properties to be configured by MDR are shown in the table.

Property

Default value

Description

Project ID

Custom value

Project ID  mentioned in the Pre-Installation Questionnaire (PIQ).

Private Key ID

Custom Value

Private Key ID mentioned in the Pre-Installation Questionnaire (PIQ).

Private Key

Custom Value

Private Key mentioned in the Pre-Installation Questionnaire (PIQ).

Client Email

Custom Value

Client Email mentioned in the Pre-Installation Questionnaire (PIQ).

Client ID

Custom Value

Client ID mentioned in the Pre-Installation Questionnaire (PIQ).

Subscription Name

Custom Value

Subscription name mentioned in the Pre-Installation Questionnaire (PIQ).

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.