This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Pub/sub Feed configuration

Posted on 11-20-2024 06:13 AM
keso
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hello! when configuring a pub/sub push feed [1], could the push subscription be located in a different GCP project where Chronicle is running?

And, when configuring the push subscription and as it says in [2]:

"Select Enable authentication, and select a service account."

Which service account does Chronicle use? where can I find it?

(when using Google Cloud Storage it gives the possibility to configure a service account but not when using pub/sub, as shown in the following images: 

keso_0-1732111803833.png

keso_2-1732112095868.png

 

 

 

 

Thank you!

 

[1] https://cloud.google.com/chronicle/docs/administration/feed-management#pubsub-push-create

[2] https://cloud.google.com/chronicle/docs/administration/feed-management#specify-url-pubsub

Solved Solved
0 1 362
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
hzmndt
Staff
Reply posted on --/--/---- --:-- AM

For pub/sub,  the endpoint is created in the BYOP project which the SIEM configured, when you enable the authentication, it will ask you to select the service accounts, there is dropdown you can select.

hzmndt_0-1732161915433.png

 

 

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
hzmndt
Staff
Reply posted on --/--/---- --:-- AM

For pub/sub,  the endpoint is created in the BYOP project which the SIEM configured, when you enable the authentication, it will ask you to select the service accounts, there is dropdown you can select.

hzmndt_0-1732161915433.png

 

 

Jump to Solution
Top Solution Authors
View all