About RobK

RobK · 12-09-2022

Hi all, For our SecOps we currently have to setups to analyse GCP audit logs, an Elastic and a Splunk instance.We're using an aggregated sink -> pub/sub topic to export the logs to both systems.Our Elastic instance is working fine, with our Splunk in...

RobK · 08-30-2022

What line do I put in my inclusion filter from the log sink, if I want all the audit logs from all projects in an organisation? (the option "Include logs ingested by this organisation and all child resources" is selected)

RobK · 01-31-2022

Hi all,A newbie question.Can I use aggregated sinks on a org. level to route logging to a regional centralised cloud logging bucket and pass on some other logs to our on premises siem? As an example; I want to store vpc flow logs in a cloud logging b...

RobK · 07-02-2023

Should be fixed now

RobK · 06-28-2023

I don't have a solution but I'm experiencing the same issue.

RobK · 09-01-2022

We located the issue. It was related to the amount of different fields in the GCP audit logs.

RobK · 08-31-2022

Is there any action to be taken when you want to export the protoPayload.methodName="google.iam.admin.v1.CreateServiceAccountKey" events via pub/sub?

RobK · 08-30-2022

Thanks Mary, it looks like I had the one which is in the document log_id("cloudaudit.googleapis.com/activity")For some reason the entry I'm looking for, which I can see via log explorer, I can't seem to find in our SIEM.

My Stats

RobK's Bio

Badges RobK Earned

Recent Activity

Splunk Add-on for Google Cloud question

Aggregated log collection

Aggregated sinks and centralised logging

Re: Error while download CSV after exporting Security Command Center (SCC) findings

Re: Error while download CSV after exporting Security Command Center (SCC) findings

Re: Aggregated log collection

Re: Aggregated log collection

Re: Aggregated log collection