GCP Cloud SQL (via Codeless Connector Framework)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | GCPCloudSQLCCFDefinition |
| Publisher | Microsoft |
| Used in Solutions | GoogleCloudPlatformSQL |
| Collection Method | CCF |
| Connector Definition Files | GCPCloudSQLLog_ConnectorDefinition.json |
| CCF Configuration | GCPCloudSQLLog_PollingConfig.json |
| CCF Capabilities | GCP |
The GCP Cloud SQL data connector provides the capability to ingest Audit logs into Microsoft Sentinel using the GCP Cloud SQL API. Refer to GCP cloud SQL Audit Logs documentation for more information.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
GCPCloudSQL |
✓ | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): Read and Write permissions are required.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect GCP Cloud SQL to Microsoft Sentinel
1. Setup the GCP environment
Ensure to have the following resources from the GCP Console: Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection. For more information, refer the Connector tutorial for log setup and authentication setup tutorial. Log set up script: Click Here Authentication set up script: Click here
Government Cloud:
1. Setup the GCP environment
Ensure to have the following resources from the GCP Console:
Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.
For more information, refer the Connector tutorial for log setup and authentication setup tutorial.
Log set up script: Click Here
Authentication set up script: Click here
- Tenant ID: A unique identifier that is used as an input in the terraform configuration within a GCP environment.: TenantId
Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
2. In the Google Cloud Console, enable Cloud SQL API, if not enabled previously, and save the changes.
3. Connect new collectors
To enable GCP Cloud SQL Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect. GCP Collector Management
📊 View GCP Collectors: A management interface displays your configured Google Cloud Platform data collectors.
➕ Add New Collector: Click "Add new collector" to configure a new GCP data connection.
💡 Portal-Only Feature: This configuration interface is only available in the Microsoft Sentinel portal.
GCP Connection Configuration
When you click "Add new collector" in the portal, you'll be prompted to provide: - Project ID: Your Google Cloud Platform project ID - Service Account: GCP service account credentials with appropriate permissions - Subscription: The Pub/Sub subscription to monitor for log data
💡 Portal-Only Feature: This configuration form is only available in the Microsoft Sentinel portal.
Additional Documentation
Integrating Google Cloud Platform Cloud SQL into Microsoft Sentinel
Table of contents
- Introduction
- Prerequisites
- Steps to execute Terraform Scripts for log setup
- Steps to execute Terraform Scripts for Authentication setup
Introduction
The Cloud SQL Codeless Connector for Microsoft Sentinel enables seamless integration of Cloud SQL logs with Microsoft Sentinel without the need for custom code. Developed as part of the Codeless Connector Platform(CCP), this connector simplifies the process of collecting and ingesting Cloud SQL audit logs, instance operation logs from Google Cloud Platform into Sentinel.
Prerequisites
The below mentioned resources are required to connect GCP with Sentinel. - Project ID - Project Number - GCP Subscription Name - Workload Identity Pool ID - Service Account - Workload Identity Provider ID
To generate the above resources, you must execute the following terraform scripts.
- Log Setup File
- Authentication setup file
Steps to execute Terraform scripts for Log Setup
To access the terraform script for Log Setup Click here.
- Launch the cloud shell in Google Cloud Console.
- Execute the below mentioned commands.
- create a directory
mkdir <dir_name>
- Navigate to the directory
cd <dir_name>
- Copy the github raw link of the Terraform script and get the content of the file into a shell using the following command:
wget <raw link of the file> -O <filename.tf>
- Initializes your terraform working directory, downloads provider plugins, and configures the backend for state storage.
terraform init
- Creates an execution plan to show what actions terraform will take to achieve the desired state of your infrastructure.
terraform plan
Once you execute this command it will ask to "Enter your project ID". Please enter your GCP Project ID.
-
Executes the actions proposed in the Terraform plan to create, update, or destroy resources in your infrastructure.
terraform applyOnce you execute this command it will again ask to "Enter your project ID". Please enter your GCP Project ID one more time. -
After successfully executing the Log Setup file,
topic name,subscription nameis generated in the GCP Project. Save those details for future reference.
Steps to execute Terraform script for Authentication setup
- If the Authentication setup file is previously executed in the project while configuring any other GCP data connectors, there is no need to execute the Authentication setup file again. You can use the existing
Workload Identity Pool IDandWorkload Identity Provider IDfor authentication purpose. - If these fields are not generated previously, execute the Authentication Setup file.
- To access the Authentication Setup file Click Here.
- To Execute the Authentication Setup file Click Here.
- After executing the authentication setup file,
Workload Identity Pool IDandWorkload Identity Provider IDare generated in the project.Save those details for future reference.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊