Hi,
One of our customers has two different tenants in their workspace. They would like to send logs to Google SecOps, but only from one of the tenants.
Is there a solution to filter the logs or any alternative approach to achieve this?
Question
Google workspace connection
+7- Bronze 3
+8- Bronze 1
You can set up a feed connection to the specific tenant you want and label it for advanced filtering:
https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-workspace-logs
+7- Bronze 3
Thanks for your answer. I know this solution but i need to set filter before i send the logs to secops, there are two tenants in our workspace and we dont want to ingest all them!
+1- Bronze 1
I see multiple customers having this issue, have you been able to resolve it, I say posts from you ingesting via BigQuery, did that resolve your topic?
Thank you
+7- Bronze 3
Hi
+11There is a private preview feature - https://docs.cloud.google.com/chronicle/docs/ingestion/data-processing-pipeline - which enables you to filter logs (prior to ingestion and charging) so as long as there is an org or OU id in the workspace logs (which I’m pretty sure there is) you can filter
+2- Bronze 3
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.