Audit

Overview

This documentation outlines the configuration process for Google Cloud Platform (GCP) to transfer audit logs to AlphaSOC for analysis. Through this integration, the audit telemetry collected by GCP can be used for security monitoring and threat detection.

To enable log data transfers:

1. Configure audit logging by enabling the desired types of audit logs in your GCP environment.
2. Export logs to Google Cloud Storage (GCS).
3. Transfer data from GCS to AlphaSOC. For details, refer to Configuring GCS for submitting data.

Exporting Logs to GCS

Note: This part requires an existing GCS bucket. Please ensure you have created a storage bucket in GCS before proceeding with the sink configuration.

Create a sink in Logs Router dashboard with the following details:

• GCS bucket as the sink destination.
• Inclusion filter (optional): By default, all logs are routed to the sink's destination if no filter is specified. Configure an inclusion filter to select specific audit log types or services.

For detailed information on configuring audit log routing and filters, refer to:

• Storing and routing audit logs.
• Inclusion filters.
• Logging query language.