Highlighted
Valued Contributor.
Valued Contributor.
379 views

Any experience monitoring events from Google Security Command Center to on Prem ESM?

Hi,

I am looking into how to extract events from a Google cloud based Security Command Center back to an

on-premise based ESM.

CLOUD SECURITY COMMAND CENTER

There are no smartconnectors for GSCC so my initial thoughts are either

  1. Rest API connector
  2. Some form of JSON connector
  3. Syslog.

I am at the very early stages of this so anyone of the above may not be available although I am quite confident the Rest API is an option.

I would be intereseted in comments from anyone that is already doing this and how it was achieved.


Thanks 🙂

0 Likes
2 Replies
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..

Re: Any experience monitoring events from Google Security Command Center to on Prem ESM?

I believe there are some connector types for this exact purpose for AWS, maybe look in to those parsers and how they work a develop a flex? Just food for thought.


@Frenjd wrote:

Hi,

I am looking into how to extract events from a Google cloud based Security Command Center back to an

on-premise based ESM.

CLOUD SECURITY COMMAND CENTER

There are no smartconnectors for GSCC so my initial thoughts are either

  1. Rest API connector
  2. Some form of JSON connector
  3. Syslog.

I am at the very early stages of this so anyone of the above may not be available although I am quite confident the Rest API is an option.

I would be intereseted in comments from anyone that is already doing this and how it was achieved.


Thanks 🙂


 

MD
0 Likes
Highlighted
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..

Re: Any experience monitoring events from Google Security Command Center to on Prem ESM?

Maybe you can use this plugin to output the data you want and use a flex connector to ingest it in to your ESM.

 

https://cloud.google.com/security-command-center/docs/how-to-install-notifier

 

 

MD
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.