Google Cloud Platform IAM (via Codeless Connector Framework)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | GCPIAMCCPDefinition |
| Publisher | Microsoft |
| Used in Solutions | GoogleCloudPlatformIAM |
| Collection Method | CCF |
| Connector Definition Files | GCPIAMLog_ConnectorDefinition.json |
| CCF Configuration | GCPIAMLog_PollingConfig.json |
| CCF Capabilities | GCP |
The Google Cloud Platform IAM data connector provides the capability to ingest the Audit logs relating to Identity and Access Management (IAM) activities within Google Cloud into Microsoft Sentinel using the Google IAM API. Refer to GCP IAM API documentation for more information.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
GCPIAM |
✓ | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): Read and Write permissions are required.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect GCP IAM to Microsoft Sentinel
NOTE: If both Azure Function and CCF connector are running parallelly, duplicate data is populated in the tables.
1. Setup the GCP environment
Ensure to have the following resources from the GCP Console: Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection. For more information, refer the Connector tutorial for log setup and authentication setup tutorial. Log set up script: Click Here Authentication set up script: Click here
Government Cloud:
1. Setup the GCP environment
Ensure to have the following resources from the GCP Console:
Project ID, Project Name, GCP Subscription name for the project, Workload Identity Pool ID, Workspace Identity Provider ID, and a Service Account to establish the connection.
For more information, refer the Connector tutorial for log setup and authentication setup tutorial.
Log set up script: Click Here
Authentication set up script: Click here
- Tenant ID: A unique identifier that is used as an input in the Terraform configuration within a GCP environment.: TenantId
Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
2. To enable IAM logs
In your GCP account, navigate to the IAM section. From there, you can either create a new user or modify an existing user's role that you want to monitor. Be sure to save your changes..
For more information: Link to documentation
3. Connect new collectors
To enable GCPIAM Logs for Microsoft Sentinel, click the Add new collector button, fill the required information in the context pane and click on Connect. GCP Collector Management
📊 View GCP Collectors: A management interface displays your configured Google Cloud Platform data collectors.
➕ Add New Collector: Click "Add new collector" to configure a new GCP data connection.
💡 Portal-Only Feature: This configuration interface is only available in the Microsoft Sentinel portal.
GCP Connection Configuration
When you click "Add new collector" in the portal, you'll be prompted to provide: - Project ID: Your Google Cloud Platform project ID - Service Account: GCP service account credentials with appropriate permissions - Subscription: The Pub/Sub subscription to monitor for log data
💡 Portal-Only Feature: This configuration form is only available in the Microsoft Sentinel portal.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊