Accenture MDR Log Collection Platform (LCP) 4.0 Deployment Guide for GCP

Owned by Aparna Rr
Jul 11, 2024
4 min read

This guide will help Accenture MDR customers to set up the log collection for GCP

About the Log Collection Platform

The Accenture MDR Log Collection Platform (LCP) is designed to collect, compress, and transmit your devices’ log data securely to the Accenture MDR Security Operations Centre (SOC).

Connectivity Prerequisites

Source

Destination

Protocol/Port

Description

213.156.160.99

198.6.48.235

192.251.86.32

199.43.188.10

<LCP IP>

TCP/2222,

TCP/443

MDR management 

access and fault

monitoring

<LCP IP>

<Customer NTP>

UDP/123,

TCP/123

NTP - Network Time Protocol

<LCP IP>

global.import.monitoredsecurity.com

TCP/443

RSIP- Remote Secure Import Protocol for log uploading

<LCP IP>

0.0.0.0/0

TCP/443

LCP updates and LCP Configurations

<LCP IP>

0.0.0.0/0

UDP/53,

TCP/53

DNS resolution (TCP is used in case the message is longer than 512 Bytes

 To add Ingress and Egress rules for LCP VM based on above IPs

  1. Navigate to VPC Network > click Firewall

Screenshot 2022-05-20 at 2.52.50 PM.png

  1. Select Create a firewall rule

a. Enter rule Name and Description

b. Select Network where you want to create LCP VM

c. Select Direction of traffic as Ingress or Egress

d. Select appropriate Targets and Source filter.

e. Select the required Protocols and Ports

f. Click Create.

Screenshot 2022-05-20 at 2.50.58 PM.png

  1. Repeat the above process to create multiple rules for LCP VM.

Before importing the images, make sure that the user has granted the below required roles to their account.

Grant required roles to your user account

To import or export images, your user account requires the following roles:

  • Storage Admin role (roles/storage.admin)

  • Viewer role (roles/viewer)

  • Project IAM Admin role (roles/resourcemanager.projectIamAdmin)

  • Cloud Build Editor role (roles/cloudbuild.builds.editor)

Create Compute Engine Image from Virtual Disk File (VMDK)

  1. Download LCP virtual disk file from link https://updates.monitoredsecurity.com/lcp-gcp/Log_Collection_Platform_LATEST.vmdk

    • Please confirm MD5 Hash once download completes.

  1. If you have existing cloud storage bucket, you can use it to store VMDK and skip below steps and proceed to Step 3.

a. In the Google Cloud console, navigate to the Cloud Storage Browser.

b. Select Create a bucket, enter your bucket information.

c. Provide below details:

i. Bucket name

ii. Storage location > Region

iii. Storage class > Standard

iv. Control access > Select Enforce public access prevention and Select Fine-grained

v. Data protection > None

d. Click Create

  1. Select above created/existing storage bucket and click Upload Files and choose downloaded LCP VMDK file. (Size around 18 GB)

  2. Create Image from VMDK

a. Importing VMDK file to Image needs GCP Command Line

b. Please login to gcloud CLI and run below command

i. This will need roles/iam.serviceAccountTokenCreator permission, click Yes to add permission.

ii. Command needs project ID, zone, storage bucket name, network and subnetwork

gcloud compute images import log-collection-platform-4-0-0-801 \ --source-file gs://<<STORAGE_BUCKET_NAME>>/Log_Collection_Platform_LATEST.vmdk \ --project <<PROJECT_ID>> --zone <<ZONE>> \ --network <<NETWORK>> --subnet <<SUBNETWORK>> \ --family=lcp4 --description=lcp4 --no-guest-environment --os=ubuntu-2004

  1. This image will be available in Compute Engine > Images.

  2. Please remove uploaded VMDK file from bucket. If you have created new Cloud Storage Bucket to store VMDK, please remove storage bucket along with VMDK file.

Configure GCP VM from Image 

  1. Log in to GCP portal.

  2. Select Compute Engine and click Images (an image is a replica of a disk that contains the applications and operating system needed to start a VM).

  1. Select image from the list of images, example: log-collection-platform-4-0-0-801

  2. Create instance from the selected image. 

  1. Provide the below mandatory details:

  • Enter the VM instance Name.

  • Select the required Region and Zone for the VM instance.

  • Select the required Machine Configuration.

Select any one Instance type from the drop-down list as recommended below:

Family

Type

Series

vCPUs

Memory(GB)

General-Purpose

e2-highcpu-8

E2

8

8

General-Purpose

e2-highcpu-16

E2

16

16

General-Purpose

E2-standard-8

E2

8

32

Compute-Optimized

c2-standard-8

C2

8

32

 6. Select and edit Network Interfaces

 

  • In network and subnetwork, add rules as mentioned in connectivity prerequisites

  • Select static external IP address. This will be reserved for VM until you decide to release it. This will not be changed when VM is stopped/started.

  1. Select Create VM instance

  2. Created instance will be visible in list of VM instances and Instance details will appear on the screen.

Share the IP address details to Accenture MDR to proceed with the LCP qualification process.

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.