Skip to content

Standard table changes to Google Cloud Platform IAM #12319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
v-dvedak merged 7 commits into from
Jun 13, 2025
Merged

Standard table changes to Google Cloud Platform IAM #12319

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
eecf2ee
files Update
v-bgoriparth Jun 12, 2025
b1e9a3d
Merge branch 'master' into v-hkopparala-IAM
v-bgoriparth Jun 12, 2025
d50029d
files updated
v-bgoriparth Jun 12, 2025
84bafd8
Updated
v-pmalreddy Jun 12, 2025
1d5e6ac
Merge branch 'master' into v-hkopparala-IAM
v-prasadboke Jun 13, 2025
a0119f1
Solution packaged
v-prasadboke Jun 13, 2025
b1a9c7f
Update ReleaseNotes.md
v-prasadboke Jun 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
210 changes: 105 additions & 105 deletions ...s/GoogleCloudPlatformIAM/Data Connectors/GCPIAMLog_CCP/GCPIAMLog_ConnectorDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,111 +1,111 @@
{
"name": "GCPIAMCCPDefinition",
"apiVersion": "2022-09-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
"location": "{{location}}",
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
"id": "GCPIAMCCPDefinition",
"title": "Google Cloud Platform IAM (via Codeless Connector Platform) (Preview)",
"publisher": "Microsoft",
"descriptionMarkdown": "The Google Cloud Platform IAM data connector provides the capability to ingest the Audit logs relating to Identity and Access Management (IAM) activities within Google Cloud into Microsoft Sentinel using the Google IAM API. Refer to [GCP IAM API](https://cloud.google.com/iam/docs/reference/rest) documentation for more information.",
"graphQueriesTableName": "GCP_IAMV2_CL",
"graphQueries": [
{
"metricName": "Total incident logs received",
"legend": "GCP IAM logs",
"baseQuery": "{{graphQueriesTableName}}"
}
],
"sampleQueries": [
{
"description": "Get sample of GcpIAM logs",
"query": "{{graphQueriesTableName}}\n| take 10"
}
],
"dataTypes": [
{
"name": "{{graphQueriesTableName}}",
"lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriteria": [
{
"type": "HasDataConnectors"
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "Read and Write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"read": true,
"write": true,
"delete": true,
"action": false
}
}
]
},
"instructionSteps": [
{
"instructions": [
{
"type": "Markdown",
"parameters": {
"content": ">**NOTE:** If both Azure Function and CCP connector are running parallelly, duplicate data is populated in the tables."
}
},
{
"type": "MarkdownControlEnvBased",
"parameters": {
"prodScript": "#### 1. Setup the GCP environment \n Ensure to have the following resources from the GCP Console:\n Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.\n For more information, refer the [Connector tutorial](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformIAM/Data%20Connectors/README.md) for log setup and authentication setup tutorial.\n Log set up script: [Click Here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup)\nAuthentication set up script: [Click here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPInitialAuthenticationSetup)",
"govScript": "#### 1. Setup the GCP environment \n Ensure to have the following resources from the GCP Console:\n Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.\n For more information, refer the [Connector tutorial](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformIAM/Data%20Connectors/README.md) for log setup and authentication setup tutorial.\n Log set up script: [Click Here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPIAMCCPLogsSetup)\nAuthentication set up script: [Click here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPInitialAuthenticationSetupGov)"
}
},
{
"type": "CopyableLabel",
"parameters": {
"label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
"fillWith": [
"TenantId"
],
"name": "TenantId",
"disabled": true
}
},
{
"type": "Markdown",
"parameters": {
"content": "#### 2. To enable IAM logs \n In your GCP account, navigate to the IAM section. From there, you can either create a new user or modify an existing user's role that you want to monitor. Be sure to save your changes..\n\nFor more information: [Link to documentation](https://cloud.google.com/assured-workloads/docs/iam-roles?hl=en)"
}
},
{
"type": "Markdown",
"parameters": {
"content": "#### 3. Connect new collectors \n To enable GCPIAM Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
}
"name": "GCPIAMCCPDefinition",
"apiVersion": "2022-09-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
"location": "{{location}}",
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
"id": "GCPIAMCCPDefinition",
"title": "Google Cloud Platform IAM (via Codeless Connector Framework) (Preview)",
"publisher": "Microsoft",
"descriptionMarkdown": "The Google Cloud Platform IAM data connector provides the capability to ingest the Audit logs relating to Identity and Access Management (IAM) activities within Google Cloud into Microsoft Sentinel using the Google IAM API. Refer to [GCP IAM API](https://cloud.google.com/iam/docs/reference/rest) documentation for more information.",
"graphQueriesTableName": "GCPIAM",
"graphQueries": [
{
"metricName": "Total incident logs received",
"legend": "GCP IAM logs",
"baseQuery": "{{graphQueriesTableName}}"
}
],
"sampleQueries": [
{
"description": "Get sample of GcpIAM logs",
"query": "{{graphQueriesTableName}}\n| take 10"
}
],
"dataTypes": [
{
"name": "{{graphQueriesTableName}}",
"lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriteria": [
{
"type": "HasDataConnectors"
}
],
"availability": {
"status": 1,
"isPreview": false
},
{
"type": "GCPGrid",
"parameters": {}
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "Read and Write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"read": true,
"write": true,
"delete": true,
"action": false
}
}
]
},
{
"type": "GCPContextPane",
"parameters": {}
}
],
"title": "Connect GCP IAM to Microsoft Sentinel"
"instructionSteps": [
{
"instructions": [
{
"type": "Markdown",
"parameters": {
"content": ">**NOTE:** If both Azure Function and CCP connector are running parallelly, duplicate data is populated in the tables."
}
},
{
"type": "MarkdownControlEnvBased",
"parameters": {
"prodScript": "#### 1. Setup the GCP environment \n Ensure to have the following resources from the GCP Console:\n Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.\n For more information, refer the [Connector tutorial](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformIAM/Data%20Connectors/README.md) for log setup and authentication setup tutorial.\n Log set up script: [Click Here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPIAMCCPLogsSetup)\nAuthentication set up script: [Click here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPInitialAuthenticationSetup)",
"govScript": "#### 1. Setup the GCP environment \n Ensure to have the following resources from the GCP Console:\n Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.\n For more information, refer the [Connector tutorial](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformIAM/Data%20Connectors/README.md) for log setup and authentication setup tutorial.\n Log set up script: [Click Here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPIAMCCPLogsSetup)\nAuthentication set up script: [Click here](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GCP/Terraform/sentinel_resources_creation_gov/GCPInitialAuthenticationSetupGov)"
}
},
{
"type": "CopyableLabel",
"parameters": {
"label": "Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.",
"fillWith": [
"TenantId"
],
"name": "TenantId",
"disabled": true
}
},
{
"type": "Markdown",
"parameters": {
"content": "#### 2. To enable IAM logs \n In your GCP account, navigate to the IAM section. From there, you can either create a new user or modify an existing user's role that you want to monitor. Be sure to save your changes..\n\nFor more information: [Link to documentation](https://cloud.google.com/assured-workloads/docs/iam-roles?hl=en)"
}
},
{
"type": "Markdown",
"parameters": {
"content": "#### 3. Connect new collectors \n To enable GCPIAM Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect."
}
},
{
"type": "GCPGrid",
"parameters": {}
},
{
"type": "GCPContextPane",
"parameters": {}
}
],
"title": "Connect GCP IAM to Microsoft Sentinel"
}
]
}
]
}
}
}
Loading
Loading