GCP Pub/Sub VPC Flow Logs (via Codeless Connector Framework)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Connectors Index

Attribute	Value
Connector ID	`GCPVPCFlowLogsCCPDefinition`
Publisher	Microsoft
Used in Solutions	Google Cloud Platform VPC Flow Logs
Collection Method	CCF
Connector Definition Files	GCPVPCFlowLogs_ConnectorDefinition.json
DCR Definition Files	GCPVPCFlowLogs_DCR.json
CCF Configuration	GCPVPCFlowLogs_PollingConfig.json
CCF Capabilities	`GCP`
Microsoft Learn	View on Learn

The Google Cloud Platform (GCP) VPC Flow Logs enable you to capture network traffic activity at the VPC level, allowing you to monitor access patterns, analyze network performance, and detect potential threats across GCP resources.

Tables Ingested

This connector ingests data into the following tables:

Table	Transformations	Ingestion API	Lake-Only
`GCPVPCFlow`	✓	✓	✓

💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.

Permissions

Resource Provider Permissions:

Workspace (Workspace): Read and Write permissions are required.

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

1. Set up your GCP environment

You must have the following GCP resources defined and configured: topic, subscription for the topic, workload identity pool, workload identity provider, and service account with permissions to get and consume from the subscription. To configure this data connector, execute the following Terraform scripts:

Setup Required Resources: Configuration Guide
Setup Authentication: Authentication tutorial. Note: If Authentication is already setup using another GCP data connector , kindly skip this step and use the existing service account and workload identity pool.

Government Cloud:

1. Set up your GCP environment

Setup Required Resources: [Configuration Guide]https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/GCP/Terraform/sentinel_resources_creation/GCPVPCFlowLogsSetup/readme.md)
Setup Authentication: Authentication tutorial. Note: If Authentication is already setup using another GCP data connector , kindly skip this step and use the existing service account and workload identity pool.

Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.: TenantId

Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.

2. Enable VPC Flow Logs

In your GCP account, navigate to the VPC network section. Select the subnet you want to monitor and enable Flow Logs under the Logging section.

For more information: Google Cloud Documentation

3. Connect new collectors

To enable GCP VPC Flow Logs for Microsoft Sentinel, click the Add new collector button, fill in the required information in the context pane, and click Connect. GCP Collector Management

📊 View GCP Collectors: A management interface displays your configured Google Cloud Platform data collectors.

➕ Add New Collector: Click "Add new collector" to configure a new GCP data connection.

💡 Portal-Only Feature: This configuration interface is only available in the Microsoft Sentinel portal.

GCP Connection Configuration

When you click "Add new collector" in the portal, you'll be prompted to provide:

Project ID: Your Google Cloud Platform project ID
Service Account: GCP service account credentials with appropriate permissions
Subscription: The Pub/Sub subscription to monitor for log data

💡 Portal-Only Feature: This configuration form is only available in the Microsoft Sentinel portal.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Connectors Index