Skip to main content

I have a GCP project where we have Artifact Registry with Container Analysis enabled.

It publish events of the analysis to a pub-sub topic  name projects/PROJECT_ID/topics/container-analysis-occurrences-v1.  

I have configured a push  subscription to this topic from the GCP project which belongs to Chronical SIEM. I have used the endpoint generated as per my Feed and also used the chronical-sa-ingestion service account.

But it seems the feed do not get data .  Any suggestions how to debug or any documentation will be really helpful!

 

Hello, 


I believe we are missing some information on the architecture here.  


If it all resides within that org you should be able to turn on the ingestion with a nonce.  


If its across multiple orgs the sub/pub is the option.  Is that data getting sent to that storage bucket? Can you confirm this?

Its in same GCP org,  The architecture looks like below 

The Feed status is "Active". But the last success is missing.
The feed is looks like below ( excluding feed id and endpoint! )

 

I dont think you need that configuration for a feed.   



 


https://cloud.google.com/chronicle/docs/ingestion/cloud/ingest-gcp-logs?authuser=2&_gl=1*gxao89*_ga*MTkwNjE5MzI1NC4xNzMzMzcwNDc0*_ga_WH2QY8WWF5*MTczMzc3NzUwOS4xLjEuMTczMzc3NzU1MC4xOS4wLjA.#export_filter_settings


 

Thanks for the reply.
we  have  ingestion enabled, we do not have Security Command Center Premium enabled!

I will try the export filter settings to include logs I want.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.