Google Cloud Audit Integration via API

Overview

To view Google Cloud Audit logs through the Logsign Unified SecOps Platform product, you will need to perform some configurations.

First, enter the link you have for Google Cloud Audit. You are expected to be an authorized user who can access the management panel and take actions.

Prerequisites

  • Logsign Unified SecOps Platform 6.4.21+ versions support this integration.

Configure On Google Cloud Audit

We access the interface with a user with Administrator authorization.

Create a project or select an existing project for which you want to pull Google Cloud Audit Logs.

You will need the project ID, so write it down.

Go to Google Cloud Console and navigate to APIs & Services > Library.

Search for the Cloud Logging API and enable it.

This is the API you need to access Audit Logs.

You can write any name you want in this field.

Go to IAM & Admin > Service Accounts.

Create a new service account

Name: Give your service account a descriptive name (for example, auditapi).

Role: Give your service account the Logs Viewer role, or Logs Admin if more extensive access is required. This is required to provide access to audit logs.

Select Manage Keys from the Actions menu next to the service account you created.

Create a new key and download it in JSON format. This JSON file will be used for authentication when calling the API.

We can start adding resources based on the information written in the file we downloaded.

Log into Logsign Unified SecOps Platform and then click on the Settings option in the top menu. In the window that opens, click on ‘Data Collection’ on the left side to view the sources you have added to Logsign Unified SecOps Platform. Click on the ’ + Device ’ option on the right side to begin the process of adding a source.

Based on the information in the JSON file, you can fill this field and continue with the resource addition steps.

Then, you can also observe audit logs in Logsign USO and carry out studies based on these incoming logs.






Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.