I have to send logs from Grafana/Loki to Google Chronical SIEM. Is there any documentation available on how to get this done. or anyone has done this integration.
Google SIEM
+1
+12- Bronze 5
Hey @sonalsh,
Generally you will need to determine the best approach for your use case / organization. If you haven't ingested log sources before, I would recommend looking into the different options available to you, I've added some links below:
- Add New Feed / Cloud Storage Feed Example
- SecOps Ingestion API
- Log Forwarders
- Log Parsers within SecOps - It looks like Grafana IS a supported log type but doesn't have a default parser.
Directly from Google's Post: https://www.googlecloudcommunity.com/gc/Adoption-Guides/Security-Operations-Data-amp-Incident-Handling-Standardization/ta-p/878391/jump-to/first-unread-message
In the platform itself you are able to manage these ingestion methods in the SIEM settings panel.
The settings panel has three main sections where ingestion is managed. The first are known as feeds. This option allows you to set up ingestion feeds that can be pulled using an api, cloud storage bucket or webhook. The second method that is available is the forwarder. The main purpose of the forwarder is to provide the ability to collect data sources that are on prem or are not accessible publicly(for example a VPC without a public IP address). The newest addition to the ingestion methods available is the Bindplane collection agents. These are lightweight OTEL agents that are able to collect data from hosts and either send it directly to Google SecOps or to an aggregating gateway(Examples are bindplane gateway or Forwarder).
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.