Sentinel for Google Cloud Platform

Question

Hi,&nbsp;Can Azure Sentinel provide the complete SIEM and SOAR functionality for an organisation that solely uses the Google Cloud Platform?&nbsp;Also, I have noticed there are multiple ways to set this up?&nbsp;1. Azure Sentinel GCP Connector / Logstash2. Via Azure Security Centre (and then Sentinel connector for ASC)3. Via MCAS connector to GCP (and then Sentinel connector for MCAS)&nbsp;So which one is the right approach?&nbsp;Thank you,SK&nbsp;&nbsp;

parveensingh · Answer

ShimKwan&nbsp;You can download and install the Log Analytics Agent on your Google Cloud VMs so that the logs can be ingested to Log Workspace that's connected to Sentinel.Reference Doc here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent

john-alves · Answer

parveensingh&nbsp;ShimKwan&nbsp;You can use multiple approaches. You can use the AMA agents for the non-Azure VMS, create a log forwarder in GCloud, and then create detections from it. You can also export the logs in GCP and import into Sentinel. From there you can create detections and automation. If you have a role / service account in GCP you can automate actions using the GCloud CLI using Logic apps and Azure Functions.&nbsp;

Forum Discussion

Sentinel for Google Cloud Platform

Share

Resources