Google Cloud Storage
Overview
This document outlines the process for submitting data stored in an Google Cloud Storage (GCS) to AlphaSOC for analysis. AlphaSOC analyzes log files by identifying security threats and detecting anomalies.
To transfer data, set up the following GCS resources:
- Pub/Sub topic that receives notifications when files are uploaded to GCS bucket.
- Push subscription that forwards Pub/Sub topic messages to AlphaSOC's endpoint - for details, refer to Creating Push Subscription.
- GCS bucket that stores the data and triggers event notifications sent to a Pub/Sub topic.
- Gcloud CLI that enables you to manage GCS resources and create notifications.
Creating Push Subscription
Configure push delivery with the endpoint URL from your AlphaSOC console.
Configure the retry policy.
Creating Notifications
Set up notifications in gcloud CLI. Replace the following placeholders with the appropriate resource identifiers listed below.
{{BUCKET_NAME}}- name of the GCS bucket{{TOPIC_NAME}}- name of the GCS topic
gcloud storage buckets notifications create gs://{{BUCKET_NAME}} --topic={{TOPIC_NAME}} --event-types=OBJECT_FINALIZE
Granting Access to the GCS Bucket
Grant AlphaSOC access to the GCS bucket, using
data-import@alphasoc-io.iam.gserviceaccount.com as the principal.
