Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Sentinel for Google Cloud Platform

Brass Contributor

Hi,

 

Can Azure Sentinel provide the complete SIEM and SOAR functionality for an organisation that solely uses the Google Cloud Platform?

 

Also, I have noticed there are multiple ways to set this up?

 

1. Azure Sentinel GCP Connector / Logstash

2. Via Azure Security Centre (and then Sentinel connector for ASC)

3. Via MCAS connector to GCP (and then Sentinel connector for MCAS)

 

So which one is the right approach?

 

Thank you,

SK

 

 

2 Replies

@ShimKwan 

You can download and install the Log Analytics Agent on your Google Cloud VMs so that the logs can be ingested to Log Workspace that's connected to Sentinel.

Reference Doc here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent

@parveensingh 
@ShimKwan 

You can use multiple approaches. You can use the AMA agents for the non-Azure VMS, create a log forwarder in GCloud, and then create detections from it. You can also export the logs in GCP and import into Sentinel. From there you can create detections and automation. If you have a role / service account in GCP you can automate actions using the GCloud CLI using Logic apps and Azure Functions.