Skip to main content

GCP Logging to SecOps

  • December 5, 2024
  • 6 replies
  • 66 views
bobSC
Forum|alt.badge.img+1

We have a customer which is applying a one-time code for GCP Logs to a tenant owned by a MSSP.  When applying the code, the only error we received is below.   We have tried several times with the same code, also requested a new code, but all the same result.  Is there any insight into this error and how to resolve?

 

6 replies

dnehoda
Staff
Forum|alt.badge.img+16
  • dnehoda
  • Staff
  • December 6, 2024

Hello, 

MSSP Tenant Configuration:

  • Permissions: The MSSP needs to ensure your user account (or the service account being used) has the necessary permissions to ingest logs into their tenant. There might be specific roles or IAM configurations required.

Do you know if you have the controls in place to add this?

bobSC
Forum|alt.badge.img+1
  • bobSC
  • Author
  • New Member
  • December 9, 2024

Hello, 

MSSP Tenant Configuration:

  • Permissions: The MSSP needs to ensure your user account (or the service account being used) has the necessary permissions to ingest logs into their tenant. There might be specific roles or IAM configurations required.

Do you know if you have the controls in place to add this?


Not sure that would add up as there are two tenants being fed in.  The first tenant did not need to have any additional permissions on the user account to add the one time code.  It was successful.  The second tenant, while ensuring the user has Chronicle Service Admin Role and Security Center Admin role applied continues to give the same error. Is there another specific role or IAM config that you are aware of? 

dnehoda
Staff
Forum|alt.badge.img+16
  • dnehoda
  • Staff
  • December 9, 2024

Not sure that would add up as there are two tenants being fed in.  The first tenant did not need to have any additional permissions on the user account to add the one time code.  It was successful.  The second tenant, while ensuring the user has Chronicle Service Admin Role and Security Center Admin role applied continues to give the same error. Is there another specific role or IAM config that you are aware of? 


You have two GCP orgs with different secops tenants under each, correct? 

bobSC
Forum|alt.badge.img+1
  • bobSC
  • Author
  • New Member
  • December 9, 2024

You have two GCP orgs with different secops tenants under each, correct? 


Two seperate GCP orgs being sent to a single Secops Instance owned by the mssp, tied to their org. 

dnehoda
Staff
Forum|alt.badge.img+16
  • dnehoda
  • Staff
  • December 10, 2024

Two seperate GCP orgs being sent to a single Secops Instance owned by the mssp, tied to their org. 


As far as I know the nonce is only good per secops instance.   This is probably more of a support case then a community function.  

Or, I believe we would need to explore the pub/sub route.   

vgera
Forum|alt.badge.img+1
  • vgeraBronze 1
  • Bronze 1
  • December 24, 2024

I hope you are not using the same one-time code for both integrations; you need a new one-time code for each tenant. 

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.