Kubernetes Engine
Overview
This documentation outlines the configuration process for Google Cloud Platform (GCP) Google Kubernetes Engine (GKE) to transfer data to AlphaSOC for analysis. Through this integration, the network telemetry collected by GCP GKE Logs can be used for security monitoring and threat detection.
To enable log data tranfsers:
- Enable GKE in your GCP environment.
- Export logs to Google Cloud Storage (GCS).
- Transfer data from GCS to AlphaSOC. For details, refer to Configuring GCS for submitting data.
Exporting Logs to GCS via sink
Note: This part requires an existing GCS bucket. Please ensure you have created a storage bucket in GCS before proceeding with the sink configuration.
Create a sink in Logs Router dashboard with the following details:
- GCS bucket as the sink destination.
- Inclusion filter:
resource.type="k8s_cluster"
logName:"cloudaudit.googleapis.com"
To export logs from multiple projects, include logs ingested by the organization and all child resources.
