Skip to main content

Cloud DNS

Overview

This documentation outlines the configuration process for Google Cloud Platform (GCP) Cloud DNS to transfer data to AlphaSOC for analysis. Through this integration, the network telemetry collected by GCP Cloud DNS Logs can be used for security monitoring and threat detection.

To enable log data tranfsers:

  1. Enable Cloud DNS in your GCP environment.
  2. Export logs to Google Cloud Storage (GCS).
  3. Transfer data from GCS to AlphaSOC. For details, refer to Configuring GCS for submitting data.

Enabling Cloud DNS

Create a DNS zone in the Cloud DNS dashboard with Cloud Logging enabled.

DNS Zone parameters

Exporting Logs to GCS

Note: This part requires an existing GCS bucket. Please ensure you have created a storage bucket in GCS before proceeding with the sink configuration.

Create a sink in Logs Router dashboard with the following details:

  • GCS bucket as the sink destination.
  • Inclusion filter:
resource.type="dns_query"
resource.labels.target_name="net-dns-zone"
resource.labels.target_type="public-zone"