You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-google-cloud-platform.md
+10-7Lines changed: 10 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,10 +14,10 @@ Organizations are increasingly moving to multi-cloud architectures, whether by d
14
14
15
15
This article describes how to ingest GCP data into Microsoft Sentinel to get full security coverage and analyze and detect attacks in your multi-cloud environment.
16
16
17
-
With the new GCP Pub/Sub Connector for GCP Audit Logs, based on our [Codeless Connector Platform](create-codeless-connector.md?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) (CCP), you can ingest logs from your GCP environment using the GCP [Pub/Sub capability](https://cloud.google.com/pubsub/docs/overview).
17
+
With the **GCP Pub/Sub Audit Logs** connector, based on our [Codeless Connector Platform](create-codeless-connector.md?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) (CCP), you can ingest logs from your GCP environment using the GCP [Pub/Sub capability](https://cloud.google.com/pubsub/docs/overview).
18
18
19
19
> [!IMPORTANT]
20
-
> The GCP Pub/Sub Connector for GCP Audit Logs is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
20
+
> The GCP Pub/Sub Audit Logs connector is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
21
21
22
22
Once you ingest the GCP data, you can view the details of three types of audit logs:
23
23
- Admin activity logs
@@ -97,13 +97,13 @@ You can set up the GCP environment in one of two ways:
97
97
98
98
1. Wait five minutes before moving to the next step.
99
99
100
-
## Set up the GCP Pub/Sub connector in Microsoft Sentinel
100
+
## Set up the GCP Pub/Sub Audit Logs connector in Microsoft Sentinel
101
101
102
102
1. Open the [Azure portal](https://portal.azure.com/) and navigate to the **Microsoft Sentinel** service.
103
103
1. In the **Content hub**, in the search bar, type *Google Cloud Platform Audit Logs*.
104
104
1. Install the **Google Cloud Platform Audit Logs** solution.
105
-
1. Select **Data connectors**, and in the search bar, type *GCP Pub/Sub*.
1. Select **Data connectors**, and in the search bar, type *GCP Pub/Sub Audit Logs*.
106
+
1. Select the **GCP Pub/Sub Audit Logs (Preview)** connector.
107
107
1. Below the connector description, select **Open connector page**.
108
108
1. In the **Configuration** area, select **Add new**.
109
109
1. Type the resource parameters you created when you [created the GCP resources](#create-gcp-resources-via-the-terraform-api). Make sure that the Data Collection Endpoint Name and the Data Collection Rule Name begin with **Microsoft-Sentinel-** and select **Connect**.
@@ -112,7 +112,7 @@ TBD - screenshot
112
112
113
113
## Verify that the GCP data is in the Microsoft Sentinel environment
114
114
115
-
1. To ensure that the GCP logs were successfully ingested into Microsoft Sentinel, run the following query 30 minutes after you finish to [set up the connector](#set-up-the-connector).
115
+
1. To ensure that the GCP logs were successfully ingested into Microsoft Sentinel, run the following query 30 minutes after you finish to [set up the connector](#set-up-the-gcp-pubsub-audit-logs-connector-in-microsoft-sentinel).
116
116
117
117
```
118
118
GCPAuditLogs
@@ -153,6 +153,9 @@ Alternatively, you can set up the environment [via the Terraform API](#create-gc
153
153
> To find the tenant ID, in the Azure portal, navigate to **All Services > Azure Active Directory > Overview** and copy the **TenantID**.
154
154
155
155
1. Make sure that **Enable pool** is selected.
156
+
157
+
TBD - screenshot
158
+
156
159
1. To add a provider to the pool:
157
160
- Select **OIDC**
158
161
- Type the **Issuer (URL)**: *https://sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d*
@@ -209,7 +212,7 @@ Alternatively, you can set up the environment [via the Terraform API](#create-gc
209
212
1. Check the incoming messages.
210
213
211
214
## Next steps
212
-
In this article, you learned how to ingest GCP data into Microsoft Sentinel using the GCP Pub/Sub connector. To learn more about Microsoft Sentinel, see the following articles:
215
+
In this article, you learned how to ingest GCP data into Microsoft Sentinel using the GCP Pub/Sub Audit Logs connector. To learn more about Microsoft Sentinel, see the following articles:
213
216
- Learn how to [get visibility into your data, and potential threats](get-visibility.md).
214
217
- Get started [detecting threats with Microsoft Sentinel](detect-threats-built-in.md).
215
218
- [Use workbooks](monitor-your-data.md) to monitor your data.
0 commit comments