Google Cloud Platform Resource Manager (via Codeless Connector Framework)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Connectors Index

---

Attribute	Value
Connector ID	GCPResourceManagerLogsCCFDefinition
Publisher	Microsoft
Used in Solutions	GoogleCloudPlatformResourceManager
Collection Method	CCF
Connector Definition Files	GCPResourceManagerAuditLogs_ConnectorDefinition.json
DCR Definition Files	GCPResourceManagerAuditLogs_DCR.json
CCF Configuration	GCPResourceManagerAuditLogs_PollingConfig.json
CCF Capabilities	GCP
Microsoft Learn	View on Learn

The Google Cloud Platform Resource Manager data connector provides the capability to ingest Resource Manager Admin Activity and Data Access Audit logs into Microsoft Sentinel using the Cloud Resource Manager API. Refer the Product overview document for more details.

Tables Ingested

This connector ingests data into the following tables:

Table	Transformations	Ingestion API	Lake-Only
GCPResourceManager	✓	✓	✓

💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.

Permissions

Resource Provider Permissions:

• Workspace (Workspace): Read and Write permissions are required.

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

1. Connect GCP Resource Manager to Microsoft Sentinel

1. Setup the GCP environment

Ensure to have the following resources from the GCP Console: Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection. For more information, refer the Connector tutorial for log setup and authentication setup tutorial.

Find the Log set up script here & the Authentication set up script here

Government Cloud:

1. Setup the GCP environment

Ensure to have the following resources from the GCP Console: Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection. For more information, refer the Connector tutorial for log setup and authentication setup tutorial.

Find the Log set up script here & the Authentication set up script here

• Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.: TenantId

  Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.

2. Enable Resource Manager logs

In the Google Cloud Console, enable cloud resource manager API if not enabled previously, and save the changes. Make sure to have organization level IAM permissions for your account to see all logs in the resource hierarchy. You can refer the document links for different IAM permissions for access control with IAM at each level provided in this link

3. Connect new collectors

To enable GCP Resource Manager Logs for Microsoft Sentinel, click on Add new collector button, provide the required information in the pop up and click on Connect. GCP Collector Management

📊 View GCP Collectors: A management interface displays your configured Google Cloud Platform data collectors.

➕ Add New Collector: Click "Add new collector" to configure a new GCP data connection.

💡 Portal-Only Feature: This configuration interface is only available in the Microsoft Sentinel portal.

GCP Connection Configuration

When you click "Add new collector" in the portal, you'll be prompted to provide:

• Project ID: Your Google Cloud Platform project ID
• Service Account: GCP service account credentials with appropriate permissions
• Subscription: The Pub/Sub subscription to monitor for log data

💡 Portal-Only Feature: This configuration form is only available in the Microsoft Sentinel portal.

Additional Documentation

📄 Source: [GoogleCloudPlatformResourceManager\Data Connectors\README.md](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/GoogleCloudPlatformResourceManager\Data Connectors\README.md)

Integrating GCP Resource Manager into Microsoft Sentinel

Table of contents

• Introduction
• Prerequisites
• Steps to execute Terraform Scripts for Log setup
• Steps to execute Terraform Scripts for Authentication setup

Introduction

The GCP Resource Manager Codeless Connector for Microsoft Sentinel enables seamless integration of GCP Resource Manager Audit logs with Microsoft Sentinel without the need for custom code. Developed as part of the Codeless Connector Framework(CCF), this connector simplifies the process of collecting and ingesting Resource Manager Audit logs from Google Cloud Platform into Microsoft Sentinel.

Prerequisites

The below mentioned resources are required to connect GCP with Sentinel.

• Project ID
• Project Number
• GCP Subscription Name
• Workload Identity Pool ID
• Service Account
• Workload Identity Provider ID

To generate the above resources, you must execute the following terraform scripts.

• Log Setup File
• Authentication setup file

Steps to execute Terraform scripts for Log Setup

To access the terraform script for Log Setup Click here.

• Launch the cloud shell in Google Cloud Console.

• Execute the below mentioned commands.

• create a directory

  mkdir <dir_name>
  

• Navigate to the directory

  cd <dir_name>
  

• Copy the github raw link of the Terraform script and get the content of the file into a shell using the following command:

  wget <raw link of the file> -O <filename.tf>
  

• Initializes your terraform working directory, downloads provider plugins, and configures the backend for state storage.

  terraform init
  

• Creates an execution plan to show what actions terraform will take to achieve the desired state of your infrastructure.

  terraform plan
  

  Once you execute this command it will ask to "Enter your Organization ID and Project ID. Please enter your GCP Organization ID and Project ID.

• Executes the actions proposed in the Terraform plan to create, update, or destroy resources in your infrastructure.

  terraform apply
  

  Once you execute this command it will ask to "Enter your Organization ID and Project ID. Please enter your GCP Organization ID and Project ID one more time.

• After successfully executing the Log Setup file, topic name, subscription name is generated in the GCP Project. Save those details for future reference.

Steps to execute Terraform script for Authentication setup

• If the Authentication setup file is previously executed in the project while configuring any other GCP data connectors, there is no need to execute the Authentication setup file again. You can use the existing Workload Identity Pool ID and Workload Identity Provider ID for authentication purpose.
• If these fields are not generated previously, execute the Authentication Setup file with the same commands mentioned above.
• To access the Authentication Setup file Click Here.
• To Execute the Authentication Setup file Click Here.
• After executing the authentication setup file, Workload Identity Pool ID and Workload Identity Provider ID are generated in the project.

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Connectors Index