Google Cloud Storage

Overview

This document outlines the process for submitting data stored in Google Cloud Storage (GCS) to AlphaSOC for analysis. AlphaSOC analyzes log files by identifying security threats and detecting anomalies.

To transfer data, set up the following GCS resources:

• Pub/Sub topic that receives notifications when files are uploaded to the GCS bucket.
• Push subscription that forwards Pub/Sub topic messages to AlphaSOC's endpoint - for details, refer to Creating Push Subscription.
• GCS bucket that stores the data and triggers event notifications sent to a Pub/Sub topic.

Before you begin, install the gcloud CLI to create and manage these resources.

Creating Push Subscription

Configure push delivery with the endpoint URL from your AlphaSOC console.

Configure the retry policy.

Creating Notifications

Set up notifications in gcloud CLI. Replace the following placeholders with the appropriate resource identifiers listed below.

• {{BUCKET_NAME}} - name of the GCS bucket.
• {{TOPIC_NAME}} - name of the Pub/Sub topic.

gcloud storage buckets notifications create gs://{{BUCKET_NAME}} --topic={{TOPIC_NAME}} --event-types=OBJECT_FINALIZE

Granting Access to the GCS Bucket

Grant AlphaSOC access to the GCS bucket, using data-import@alphasoc-io.iam.gserviceaccount.com as the principal.

Further Reading

• Install the gcloud CLI
• Google Cloud Storage Documentation
• Pub/Sub notifications for Google Cloud Storage
• Add a principal to a bucket-level policy