Skip to content

Logging

Architecture

For an overview of how to design a state of the art multi-account security logging platform in GCP:

References

Link Notes
Logging in the Cloud: From Zero to (Incident Response) Hero
  • Annotated slides of a talk which tries to answer questions like "What Should I Be Logging?", "How Specifically Should I Configure it?", and "What Should I Be Monitoring?"
  • Especially interesting since it doesn't cover only AWS, but also GCP and Azure
Best practices for monitoring GCP audit logs Nice primer on GCP audit logs, which covers the structure of GCP audit logs, best practices for using audit logs to monitor GCP security, and how how to export audit logs from GCP.
Auto-launching Packet Mirroring for application monitoring How to use Cloud Logging, Pub/Sub, and Cloud Functions to auto-enable Packet Mirroring to monitor and troubleshoot traffic flows in VPCs
Logs-based Security Alerting in Google Cloud: Detecting attacks in Cloud Identity A primer on Cloud Identity logs
Export Google Cloud security data to your SIEM system How to deploy a unified export pipeline that uses Cloud Pub/Sub and Dataflow to aggregate and stream logs from Cloud Logging, security findings from Security Command Center, and asset changes from Cloud Asset Inventory
Back to top