🔥Architecture Guidance: How to ingest GCP Firewall\VPC logs into Microsoft Sentinel🔥
As many would know, ingesting GCP logs into Microsoft Sentinel can sometimes be not the most straightforward task. Well, good news! I just stumbled across this excellent article, which will guide you through the process for Firewall\VPC logs.
📌Here is a high-level summary of the tasks required:
🔹Create a Microsoft Entra application.
🔹Create a data collection endpoint.
🔹Create a new table in the Log Analytics workspace.
🔹Create a new service account in the GCP project with the necessary GCP IAM role assigned.
🔹Create a new GCP PUBSUB topic and a new GCP PULL-type PUBSUB subscription.
🔹Construct a JWT header and acquire a JWT token.
🔹Pull the PUBSUB messages from the PUBSUB REST API.
🔹Send a message acknowledgement back and ingest the message content into Sentinel.
📚Read full blog here: Architecture Guidance: How to ingest GCP Firewall\VPC logs into Microsoft Sentinel - Microsoft Community Hub
#Microsoft #MicrosoftSecurity #SIEM #XDR #GCP #MicrosoftSentinel #CyberSecurity #msftadvocate #MSPartnerUK #logingestion #datatransformati