Sentinel for Google Cloud Platform

%3CLINGO-SUB%20id%3D%22lingo-sub-1851967%22%20slang%3D%22en-US%22%3ESentinel%20for%20Google%20Cloud%20Platform%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1851967%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20Azure%20Sentinel%20provide%20the%20complete%20SIEM%20and%20SOAR%20functionality%20for%20an%20organisation%20that%20solely%20uses%20the%20Google%20Cloud%20Platform%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20I%20have%20noticed%20there%20are%20multiple%20ways%20to%20set%20this%20up%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Azure%20Sentinel%20GCP%20Connector%20%2F%20Logstash%3C%2FP%3E%3CP%3E2.%20Via%20Azure%20Security%20Centre%20(and%20then%20Sentinel%20connector%20for%20ASC)%3C%2FP%3E%3CP%3E3.%20Via%20MCAS%20connector%20to%20GCP%20(and%20then%20Sentinel%20connector%20for%20MCAS)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20which%20one%20is%20the%20right%20approach%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%2C%3C%2FP%3E%3CP%3ESK%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1851989%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20for%20Google%20Cloud%20Platform%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1851989%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F465038%22%20target%3D%22_blank%22%3E%40ShimKwan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20download%20and%20install%20the%20Log%20Analytics%20Agent%20on%20your%20Google%20Cloud%20VMs%20so%20that%20the%20logs%20can%20be%20ingested%20to%20Log%20Workspace%20that's%20connected%20to%20Sentinel.%3C%2FP%3E%3CP%3EReference%20Doc%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Flog-analytics-agent%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Flog-analytics-agent%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi,

 

Can Azure Sentinel provide the complete SIEM and SOAR functionality for an organisation that solely uses the Google Cloud Platform?

 

Also, I have noticed there are multiple ways to set this up?

 

1. Azure Sentinel GCP Connector / Logstash

2. Via Azure Security Centre (and then Sentinel connector for ASC)

3. Via MCAS connector to GCP (and then Sentinel connector for MCAS)

 

So which one is the right approach?

 

Thank you,

SK

 

 

1 Reply

@ShimKwan 

You can download and install the Log Analytics Agent on your Google Cloud VMs so that the logs can be ingested to Log Workspace that's connected to Sentinel.

Reference Doc here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent