This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Here’s where you’ll find a buzzing community of Security professionals from around the world with one common mission: bringing their Security platforms to the next level.
Hi all, For our SecOps we currently have to setups to analyse GCP audit
logs, an Elastic and a Splunk instance.We're using an aggregated sink ->
pub/sub topic to export the logs to both systems.Our Elastic instance is
working fine, with our Splunk in...
What line do I put in my inclusion filter from the log sink, if I want
all the audit logs from all projects in an organisation? (the option
"Include logs ingested by this organisation and all child resources" is
selected)
Hi all,A newbie question.Can I use aggregated sinks on a org. level to
route logging to a regional centralised cloud logging bucket and pass on
some other logs to our on premises siem? As an example; I want to store
vpc flow logs in a cloud logging b...
Thanks Mary, it looks like I had the one which is in the document
log_id("cloudaudit.googleapis.com/activity")For some reason the entry
I'm looking for, which I can see via log explorer, I can't seem to find
in our SIEM.
