Hi Team,
Is there a solution for collecting logs from a host that is completely offline (not connected to the internet or intranet) and integrating those logs with Chronicle SIEM? Additionally, can Bindplane facilitate this process, or are there alternative approaches we should consider?
Thank you.
Interesting use case. With Bindplane, I have folks setup a Gateway Collector in a DMZ, and then forward logs from a Collector on the isolated network segment.
VPC-SC is also an option I've seen use to get private access to the Google APIs. Google VPC-SC Information
If allowing OTLP traffic from the servers to the DMZ network segment. You could collect those logs and move them to a shared file server and then mount and read those via BP Collector.
The BP server can be self-hosted on your "Air-gapped" network segment.
Ultimately, you have options, it just comes down to how you can get the log files to a place where the BP Collector can get API access to SecOps.
Interesting use case. With Bindplane, I have folks setup a Gateway Collector in a DMZ, and then forward logs from a Collector on the isolated network segment.
VPC-SC is also an option I've seen use to get private access to the Google APIs. Google VPC-SC Information
If allowing OTLP traffic from the servers to the DMZ network segment. You could collect those logs and move them to a shared file server and then mount and read those via BP Collector.
The BP server can be self-hosted on your "Air-gapped" network segment.
Ultimately, you have options, it just comes down to how you can get the log files to a place where the BP Collector can get API access to SecOps.
Thank you @Craig_Lee_BP
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.