Accenture MDR Log Collection Platform (LCP) 4.0 Deployment Guide for GCP
This guide will help Accenture MDR customers to set up the log collection for GCP
About the Log Collection Platform
The Accenture MDR Log Collection Platform (LCP) is designed to collect, compress, and transmit your devices’ log data securely to the Accenture MDR Security Operations Centre (SOC).
Connectivity Prerequisites
Source | Destination | Protocol/Port | Description |
213.156.160.99 198.6.48.235 192.251.86.32 199.43.188.10 | <LCP IP> | TCP/2222, TCP/443 | MDR management access and fault monitoring |
<LCP IP> | <Customer NTP> | UDP/123, TCP/123 | NTP - Network Time Protocol |
<LCP IP> | TCP/443 | RSIP- Remote Secure Import Protocol for log uploading | |
<LCP IP> | 0.0.0.0/0 | TCP/443 | LCP updates and LCP Configurations |
<LCP IP> | 0.0.0.0/0 | UDP/53, TCP/53 | DNS resolution (TCP is used in case the message is longer than 512 Bytes |
To add Ingress and Egress rules for LCP VM based on above IPs
Navigate to VPC Network > click Firewall
Select Create a firewall rule
a. Enter rule Name and Description
b. Select Network where you want to create LCP VM
c. Select Direction of traffic as Ingress or Egress
d. Select appropriate Targets and Source filter.
e. Select the required Protocols and Ports
f. Click Create.
Repeat the above process to create multiple rules for LCP VM.
Before importing the images, make sure that the user has granted the below required roles to their account.
Grant required roles to your user account
To import or export images, your user account requires the following roles:
Storage Admin role (
roles/storage.admin
)Viewer role (
roles/viewer
)Project IAM Admin role (
roles/resourcemanager.projectIamAdmin
)Cloud Build Editor role (
roles/cloudbuild.builds.editor
)
Create Compute Engine Image from Virtual Disk File (VMDK)
Download LCP virtual disk file from link https://updates.monitoredsecurity.com/lcp-gcp/Log_Collection_Platform_LATEST.vmdk
Please confirm MD5 Hash once download completes.
If you have existing cloud storage bucket, you can use it to store VMDK and skip below steps and proceed to Step 3.
a. In the Google Cloud console, navigate to the Cloud Storage Browser.
b. Select Create a bucket, enter your bucket information.
c. Provide below details:
i. Bucket name
ii. Storage location > Region
iii. Storage class > Standard
iv. Control access > Select Enforce public access prevention and Select Fine-grained
v. Data protection > None
d. Click Create
Select above created/existing storage bucket and click Upload Files and choose downloaded LCP VMDK file. (Size around 18 GB)
Create Image from VMDK
a. Importing VMDK file to Image needs GCP Command Line
b. Please login to gcloud CLI and run below command
i. This will need roles/iam.serviceAccountTokenCreator
permission, click Yes to add permission.
ii. Command needs project ID, zone, storage bucket name, network and subnetwork
gcloud compute images import log-collection-platform-4-0-0-801 \
--source-file gs://<<STORAGE_BUCKET_NAME>>/Log_Collection_Platform_LATEST.vmdk \
--project <<PROJECT_ID>> --zone <<ZONE>> \
--network <<NETWORK>> --subnet <<SUBNETWORK>> \
--family=lcp4 --description=lcp4 --no-guest-environment --os=ubuntu-2004
This image will be available in Compute Engine > Images.
Please remove uploaded VMDK file from bucket. If you have created new Cloud Storage Bucket to store VMDK, please remove storage bucket along with VMDK file.
Configure GCP VM from Image
Log in to GCP portal.
Select Compute Engine and click Images (an image is a replica of a disk that contains the applications and operating system needed to start a VM).
Select image from the list of images, example: log-collection-platform-4-0-0-801
Create instance from the selected image.
Provide the below mandatory details:
Enter the VM instance Name.
Select the required Region and Zone for the VM instance.
Select the required Machine Configuration.
Select any one Instance type from the drop-down list as recommended below:
Family | Type | Series | vCPUs | Memory(GB) |
General-Purpose | e2-highcpu-8 | E2 | 8 | 8 |
General-Purpose | e2-highcpu-16 | E2 | 16 | 16 |
General-Purpose | E2-standard-8 | E2 | 8 | 32 |
Compute-Optimized | c2-standard-8 | C2 | 8 | 32 |
6. Select and edit Network Interfaces
In network and subnetwork, add rules as mentioned in connectivity prerequisites
Select static external IP address. This will be reserved for VM until you decide to release it. This will not be changed when VM is stopped/started.
Select Create VM instance
Created instance will be visible in list of VM instances and Instance details will appear on the screen.
Share the IP address details to Accenture MDR to proceed with the LCP qualification process.
Legal Notice
Copyright © 2021 Accenture. All rights reserved.
Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.