Prerequisites to retrieve logs from GCP to Sekoia.io
When utilizing an Google integration with Sekoia.io, the initial step involves centralizing your logs using Pub/Sub order to pull events. The following page will guide you through the process of setting up these prerequisites
Google Cloud Logging centralizes logs from Google Cloud products.
In this documentation, you will learn how to collect and send Google Cloud logs to SEKOIA.IO.
Before you begin working with PubSub, verify that you have the right permission.
Follow Google's documentation to configure a dedicated PubSub receiver. At the end of the documentation you should have done the following:
- Setup a project
- Create a topic
- Add a subscription (you should have the role
logging.adminexplicitly set on your account; for more information, see associated documentation)
- Try your setup by publishing a message to the topic
Next, create a dedicated service account. At the end of the documentation you should have done the following:
- Create a service account with the role
To successfully activate the playbook further down this page, ensure the user has been granted the Pub/Sub Subscriber role for both the Topic and Subscription pages. Failure to do so will result in an error with status code 403.
- Create and download JSON keys (service account credentials)
You should now have:
- A credentials file
- A project ID
- A subscription ID
To pull events, you have to:
- Go to the playbooks' page
- Click on
+New playbookto create a new playbook
Use a templatewhen creating a playbook
- Search for
Google Cloudthen select
Forward Google Pubsub records to Sekoia.io
This playbook consumes records from Google Pubsub and pushes them to Sekoia.io.
You can also create your own on the same basis by using the "Google Pub/Sub" trigger (
Connect to the specified)
- Use the JSON keys (service account credentials) information downloaded to complete the fields on the trigger
|The URL of the public x509 certificate, used to verify the signature on JWTs, such as ID tokens, signed by the authentication provider.
|Google authentification url
|The URL of the public x509 certificate, used to verify JWTs signed by the client
|Private key id
|token server endpoint URI
Last configuration on Google to setup is describe on each Intake.