Hello I am new to the sscops world and my mentor tasked me with integrating the successful and unsuccessful login attempts from the admin console to SecOps platform.
I know that we can export the login logs as a csv file, is there any automated way where we can like send these logs to the cloud console for the eecops directly or at least the logs explorer
Thank you!
+1Hello !! You have two supported ways to ingest Google Cloud audit logs into Google SecOps:
Direct ingestion
Best when you want near real-time forwarding for supported Google Cloud log types, including Cloud Audit Logs. This is the simplest option if you just want Google Cloud service logs sent directly to SecOps from the moment the filter is configured.
Cloud Storage
Best when you want more control before ingestion, especially filtering or reducing volume before logs reach SecOps. Cloud Logging routes logs to GCS, and Google SecOps ingests them from there on a schedule.
For Cloud Audit Logs, I’d usually start with direct ingestion unless you specifically need pre-filtering or volume control.
Google’s doc here covers both methods and when to use each:
https://docs.cloud.google.com/chronicle/docs/ingestion/default-parsers/ingest-gcp-logs
Hello !! You have two supported ways to ingest Google Cloud audit logs into Google SecOps:
Direct ingestion
Best when you want near real-time forwarding for supported Google Cloud log types, including Cloud Audit Logs. This is the simplest option if you just want Google Cloud service logs sent directly to SecOps from the moment the filter is configured.
Cloud Storage
Best when you want more control before ingestion, especially filtering or reducing volume before logs reach SecOps. Cloud Logging routes logs to GCS, and Google SecOps ingests them from there on a schedule.
For Cloud Audit Logs, I’d usually start with direct ingestion unless you specifically need pre-filtering or volume control.
Google’s doc here covers both methods and when to use each:
https://docs.cloud.google.com/chronicle/docs/ingestion/default-parsers/ingest-gcp-logs
is there any way where i can ingest the login logs directly from the admin console https://admin.google.com/, i know we can export the login logs as a csv but this is not practical?
+13That admin console is for Google Workspace, is that what you are trying to ingest? If so, you can configure via these docs - https://docs.cloud.google.com/chronicle/docs/ingestion/default-parsers/workspace-activity
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
