From 436d876b58081ddf640566ed46cca54053c026a2 Mon Sep 17 00:00:00 2001 From: Murali Krishna Dev Uppugunduri <139563098+v-muuppugund@users.noreply.github.com> Date: Sat, 20 Apr 2024 18:59:03 +0530 Subject: [PATCH 1/2] GCP updates --- .../readme.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 Solutions/Google Cloud Platform Audit Logs/readme.md diff --git a/Solutions/Google Cloud Platform Audit Logs/readme.md b/Solutions/Google Cloud Platform Audit Logs/readme.md new file mode 100644 index 00000000000..d352e34ef88 --- /dev/null +++ b/Solutions/Google Cloud Platform Audit Logs/readme.md @@ -0,0 +1,51 @@ +# GCP Audit logs configuration +The following are the steps for GCP Audit logs configuration. + +## Configure GCP project. +There are two things you need to set up in your GCP environment: + +Set up Microsoft Sentinel authentication in GCP by creating the following resources in the GCP IAM service: + +Workload identity pool +Workload identity provider +Service account +Role +Set up log collection in GCP and ingestion into Microsoft Sentinel by creating the following resources in the GCP Pub/Sub service: + +Topic +Subscription for the topic + +You can set up the environment in one of two ways: + +1. Create GCP resources via the Terraform API: Terraform provides APIs for resource creation and for Identity and Access Management (see Prerequisites). Microsoft Sentinel provides Terraform scripts that issue the necessary commands to the APIs. + +2. Set up GCP environment manually, creating the resources yourself in the GCP console. + +In order to create fresh projects and GCP PUB/Sub service ,subscription,please follow below steps + +### GCP Authentication Setup + +Please follow terraform script steps mentioned in below link as may miss some steps in GCP while adding manually +* https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=terraform%2Cauditlogs#tabpanel_1_terraform + +if you don't want to perform above steps please use the below link for manual set up + +https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=manual%2Cauditlogs#tabpanel_2_manual + +### GCP Audit Logs Setup + +Please follow terraform script steps mentioned in below link to set up GCP audit logs + +https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=terraform%2Cauditlogs#tabpanel_2_terraform + + +if you don't want to perform above steps please use the below link for manual set up + +https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=manual%2Cauditlogs#tabpanel_2_manual + + +# Note + +if want to use want to use existing project/account details need to modify the above scripts accordingly and run in GCP cloud console. + + From 0bec697464926e51cf3dd3d5d17ba3a2cb30f53d Mon Sep 17 00:00:00 2001 From: Murali Krishna Dev Uppugunduri <139563098+v-muuppugund@users.noreply.github.com> Date: Sat, 20 Apr 2024 19:05:12 +0530 Subject: [PATCH 2/2] Update readme.md --- Solutions/Google Cloud Platform Audit Logs/readme.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Solutions/Google Cloud Platform Audit Logs/readme.md b/Solutions/Google Cloud Platform Audit Logs/readme.md index d352e34ef88..356c2e1be7e 100644 --- a/Solutions/Google Cloud Platform Audit Logs/readme.md +++ b/Solutions/Google Cloud Platform Audit Logs/readme.md @@ -30,22 +30,22 @@ Please follow terraform script steps mentioned in below link as may miss some st if you don't want to perform above steps please use the below link for manual set up -https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=manual%2Cauditlogs#tabpanel_2_manual +* https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=manual%2Cauditlogs#tabpanel_2_manual ### GCP Audit Logs Setup Please follow terraform script steps mentioned in below link to set up GCP audit logs -https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=terraform%2Cauditlogs#tabpanel_2_terraform +* https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=terraform%2Cauditlogs#tabpanel_2_terraform if you don't want to perform above steps please use the below link for manual set up -https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=manual%2Cauditlogs#tabpanel_2_manual +* https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform?tabs=manual%2Cauditlogs#tabpanel_2_manual # Note -if want to use want to use existing project/account details need to modify the above scripts accordingly and run in GCP cloud console. +* if want to use existing project/account details need to modify the above scripts accordingly and run in GCP cloud console.