Can I use cloud storage data access logs to monitor cloud storage with chronicle siem

Hello,

I want to use chronicle SIEM to monitor cloud storage, so I can be alert in things like:

High volume of data downloads, e.g. over a certain threshold of data.
High number of files.
Downloads from unusual IP addresses or IP addresses other than a few known ones.
New identity/account downloading data.

I checked the docs and the Cloud Audit Logs parser supports sources does not include Cloud Storage data access and field mapping references I can't find storage.objects.get. Does it mean that by default this logs are not supported.

Can you provide some ideas about what will be required to start monitoring cloud storage data access logs with Chronicle SIEM?

Page 1 / 1

This might have the initial fields you're looking for? You might need to enable them here. As far as what UDM fields or to do after enabling you might look here.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded