Hi All,
We have onboarded logs from multiple GCP projects using direct ingestion into SecOps. However, the GCP projects belong to different business solutions.
The objective is to tag the logs from GCP projects based on the business owner or solutions.
I have read some article suggesting to use custom ingestion pipelines: Multi-Tenant Google Cloud log collection with PubSub Push | by Chris Martin (@thatsiemguy) | Medium and like the article confirmed - it’s going to incur additional cost.
Please, anyone know how best to tag logs from multiple GCP projects with the existing ingestion method.
Regards.
Question
Tagging GCP Logs From Multiple Projects
+1
+12You could use Data Processing Pipelines with the Add Fields Processor.
Docs: https://docs.cloud.google.com/chronicle/docs/ingestion/data-processing-pipeline
Webinar: https://www.youtube.com/watch?v=47PGRaCBuT0
Add Fields processor example - update the Condition to look at Project ID and then the Field and Value for the field that will be added to business owner, for example.
Fields added:
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.