This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We are trying to forward logs generated by GCP Armor to Sentinel to use it as our SIEM.
does any one know if there is a way to do that, in that moment we are thinking that could be exporting the logs to a storage account on GCP and use AZcopy to move it to Blob storage and them charge to Sentinel..
Wouldn't you use https://cloud.google.com/armor/docs/monitoring and the Rest api (most, if not all of the Sentinel Solutions for Google leverage the api's). Caveat - I'm not a Google expert!
You can then use a custom or codeless connector to bring it into Sentinel https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector (assuming the data you need is exposed via this api).
Thanks for the Answear @David Broggy we will work on it, an I will let you know if it works for us.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 43%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Hi Sergy, were you successful with this?
Hi Sergy,
The only methods for log collection from GCP that I'm aware of are listed here:
803891
You may need some experience with LogStash for some of these methods.
Maybe @Clive Watson or @Ofer Gal _Shezaf have some insight/updates into this.