Direct Ingestion with Cloud Logging Prices

Hi,

I’m concerned about finding a cost-effective solution to ingest these logs into Google SecOps. While I want to send this type of log data to Google SecOps, I’ve noticed there is a charge for Cloud Logging. If I agree to pay for the storage and retention costs associated with a Cloud Logging bucket, would there still be any egress charges for transferring these logs to Google SecOps?

Thank you!

Option 1: Direct ingestion
A special Cloud Logging filter can be configured in Google Cloud to send specific log types to Google Security Operations in real-time. These logs are generated by Google Cloud services.

Google Security Operations only ingests supported log types. Available log types include:

Cloud Audit Logs
Cloud NAT
Cloud DNS
Cloud Next Generation Firewall
Cloud Intrusion Detection System
Cloud Load Balancing
Cloud SQL
Windows Event logs
Linux syslog
Linux Sysmon
Zeek
Google Kubernetes Engine
Audit Daemon (auditd)
Apigee
reCAPTCHA Enterprise
Cloud Run logs (GCP_RUN)

Page 1 / 1

I only see one option in your original post, but GCP Cloud Operations can be customized on how long you retain logs there, but you will need to balance that out with other teams who may use and require these logs, but you have control over how long you keep the logs there (which is a cost outside of SecOps).

Using the native ingestion to SecOps doesn't add extra costs beyond the above generating and retaining the logs in Operations.

If you export via a custom sink to a GCS Bucket from GCP Operations you will pay for the logs in that bucket, but SecOps won't incur a charge for reading the logs.

I only see one option in your original post, but GCP Cloud Operations can be customized on how long you retain logs there, but you will need to balance that out with other teams who may use and require these logs, but you have control over how long you keep the logs there (which is a cost outside of SecOps).

Using the native ingestion to SecOps doesn't add extra costs beyond the above generating and retaining the logs in Operations.

If you export via a custom sink to a GCS Bucket from GCP Operations you will pay for the logs in that bucket, but SecOps won't incur a charge for reading the logs.

So, Direct Ingestion does not incur any additional costs for sending logs from the Cloud Logging bucket to SecOps.

I only see one option in your original post, but GCP Cloud Operations can be customized on how long you retain logs there, but you will need to balance that out with other teams who may use and require these logs, but you have control over how long you keep the logs there (which is a cost outside of SecOps).

Using the native ingestion to SecOps doesn't add extra costs beyond the above generating and retaining the logs in Operations.

If you export via a custom sink to a GCS Bucket from GCP Operations you will pay for the logs in that bucket, but SecOps won't incur a charge for reading the logs.

Hi Martin,

do you know where we can find details to generation cost? I can only find this for :VPC Flow Logs,Firewall Rules Logging,Cloud NAT logging but what if i am only sending logs from

Cloud DNS
Cloud SQL
Cloud Load Balancer
Cloud NextGen Firewall

I cant find the cost associated with exporting these logs into secops. Would you know?

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded