ingest gcp monitoring alerts to secops via pubsub push

Question

Hello team,I’m trying to ingest GCP Monitoring alerts into SecOps using a Pub/Sub push subscription. To do this, I created an alert policy for “agent goes silent” and configured a notification channel using a Pub/Sub topic. That topic is attached to a push subscription that forwards events to the endpoint.I am receiving email notifications (since email is also configured in the notification channel along with the pubsub topic), but the alerts are not being pushed to SecOps from the Pub/Sub topic.I have given the pubsub publisher  permission to the topic My alerts are not getting acknowledged by secops endpointIs there any documentation I can refer to for correctly pushing GCP Monitoring alerts to SecOps?

Eoved · Answer

I know one way to do it is to create a webhook on the SOAR side and integrate between the systems.
See the following document:
https://docs.cloud.google.com/chronicle/docs/soar/ingest/webhooks/setting-up-a-webhook

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded