Hi Team,
Other than fetching the cloudflare logs from a GCS bucket is there any way by which we can ingest cloudflare logs directly to chronicle?
Any ideas are highly appreciated.
Cloudflare log ingestion to Chronicle
+1
+4- Bronze 1
Maybe not an easier method but Chronicle does support forwarders for log delivery. This might include a Cloudflare Tunnel?
+6- Bronze 1
Buckets are the most common way that I've seen. That said Cloudflare has a logpush capability that for instance something like a Bindplane agent can use and push to chronicle. You may be able to fanangle logpush with Chronicle Forwarder but never tested it. Webhooks will be another alternative when it goes GA, which should be fairly soon, but it really depends on the volume of CloudFlare logs you are targeting, webhooks will have some limiations.
+5If your Crowdstrike package includes AWS S3 storage of the events, you can establish a cloud-to-cloud transfer between that S3 bucket and Chronicle, bypassing the need for a GCS bucket.
Other options include using an ingestion key with a log management service such as Cribl, the forwarder, or WebHooks.
+4- Bronze 1
If your Crowdstrike package includes AWS S3 storage of the events, you can establish a cloud-to-cloud transfer between that S3 bucket and Chronicle, bypassing the need for a GCS bucket.
Other options include using an ingestion key with a log management service such as Cribl, the forwarder, or WebHooks.
Actually, I think the OP was referring to Cloudflare, not Crowdstrike.
+5Aigh - yes. I had CS on my mind from a separate post. Minus the S3 bucket (though it's not outlandish to imagine someone having that data in an S3 bucket), the answers still apply.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.