This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Hi all, For our SecOps we currently have to setups to analyse GCP audit
logs, an Elastic and a Splunk instance.We're using an aggregated sink ->
pub/sub topic to export the logs to both systems.Our Elastic instance is
working fine, with our Splunk in...
What line do I put in my inclusion filter from the log sink, if I want
all the audit logs from all projects in an organisation? (the option
"Include logs ingested by this organisation and all child resources" is
selected)
Hi all,A newbie question.Can I use aggregated sinks on a org. level to
route logging to a regional centralised cloud logging bucket and pass on
some other logs to our on premises siem? As an example; I want to store
vpc flow logs in a cloud logging b...
Thanks Mary, it looks like I had the one which is in the document
log_id("cloudaudit.googleapis.com/activity")For some reason the entry
I'm looking for, which I can see via log explorer, I can't seem to find
in our SIEM.