Google Cloud Project audit log onboarding

%3CLINGO-SUB%20id%3D%22lingo-sub-1362996%22%20slang%3D%22en-US%22%3EGoogle%20Cloud%20Project%20audit%20log%20onboarding%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1362996%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20All%2C%20we%20want%20to%20onboard%20(audit)%20data%20from%20Google%20Cloud%20Project%20where%20we%20host%20a%20bunch%20of%20applications%20into%20our%20Sentinel.%3CBR%20%2F%3E%3CBR%20%2F%3EAnyone%20have%20any%20experience%20with%20this%20or%20has%20any%20architecture%20in%20mind%20for%20pulling%20in%20these%20logs%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThanks!%3CBR%20%2F%3EKr%2C%3CBR%20%2F%3EMaarten.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1364200%22%20slang%3D%22en-US%22%3ERe%3A%20Google%20Cloud%20Project%20audit%20log%20onboarding%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1364200%22%20slang%3D%22en-US%22%3EHave%20you%20looked%20at%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-syslog-cef-logstash-and-other-3rd-party%2Fba-p%2F803891%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-syslog-cef-logstash-and-other-3rd-party%2Fba-p%2F803891%3C%2FA%3E%20and%20using%20Logstash%20for%20this%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2028140%22%20slang%3D%22en-US%22%3ERe%3A%20Google%20Cloud%20Project%20audit%20log%20onboarding%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2028140%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F377646%22%20target%3D%22_blank%22%3E%40mclaes%3C%2FA%3E%26nbsp%3BHave%20you%20used%20logstash%20or%20REST%20API%20to%20onboard%20Google%20logs%20to%20Sentinel%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hey All, we want to onboard (audit) data from Google Cloud Project where we host a bunch of applications into our Sentinel.

Anyone have any experience with this or has any architecture in mind for pulling in these logs? 


Thanks!
Kr,
Maarten.

2 Replies

@mclaes Have you used logstash or REST API to onboard Google logs to Sentinel?