Skip to content

GCP VPC Flow Logs

Chronicle supports the ingestion of GCP VPC Flow logs via a GCS Bucket.

Chronicle Data Types

  • GCP

Configuration

  1. Create a new GCS bucket for the VPC Flow Logs to be stored in. If you already have a GCS bucket setup you can use the existing bucket.
  2. Follow this GCP Guide on how to enable CloudTrail Logs in your Network.
  3. Once the VPC Flow Logs have been enabled follow this GCP Guide on how to export them into a GCS bucket. The resource needed to be exported for this step is resource.type="gce_subnetwork".
  4. Once the VPC Flow Logs is running and confirmed to be flowing in your GCS bucket follow the GCP GCS Bucket guide on how to configure the GCS bucket so that CYDERES that can access the logs.