Skip to main content

Cloud ConnectorsExabeam Cloud Connectors Configuration Guide

Table of Contents

Google Cloud Pub/Sub Cloud Connector

Prerequisites to Configure the Google Cloud Pub/Sub Cloud Connector

Before you begin:

GCP Cloud Connector Types

The Cloud Connector that you need to set up is dependent on the data sources and anticipated behavior of your deployment. Review the following information to ensure you choose the appropriate Cloud Connector:

Cloud Connector

Considerations

Google Cloud Platform (GCP) Cloud Connector

  • Supported data sourcesStackDriver Admin Activities and StackDriver Data Access Logs

  • Behavior – The Cloud Connector will automatically discover all StackDriver projects that the provided credentials have access to, which will be represented by endpoints per project. You must then enable the endpoints you want to ingest. Endpoint example: Stackdriver - [projectid: my-project ; name: my-name]

  • When to use – Use this connector if the aggregated EPS from the GCP sinks is both less than 1K and less than 50 sinks will be used to collect the data.

  • Installation – Install the GCP Cloud Connector according to the instructions and enable the required projects that you want to ingest.

Google Cloud Pub/Sub Cloud Connector

  • Supported data sources – Any Google service that can forward events to Google Pub/Sub.

  • Behavior – The Cloud Connector will ingest from the Pub/Sub configured.

  • When to use – Use this connector if the aggregated EPS from the GCP sinks exceeds 1K or is more than 50 sinks will be used to collect the data.

  • Installation – Configure a logging sink that exports its data to Pub/Sub. You can segment the different services to different Pub/Subs or combine them together according to your ingestion needs. Continue to Configure the Google Cloud Pub/Sub Cloud Connector to ingest from the relevant Pub/Sub(s).

Configure the Google Cloud Pub/Sub Cloud Connector

  1. On your Google Cloud Platform:

    1. Create a service account in the project in which the Pub/Sub subscription has been created.

    2. Create a JSON key for the service account.

    3. Assign projects.subscriptions.consume permission over the Pub/Sub subscription to the service account.

  2. From your Exabeam Cloud Connectors platform:

    1. Log in to the Exabeam Cloud Connectors platform with your registered credentials.

    2. Navigate to Settings > Accounts > Add Account.

    3. Click Select Service to Add, then select Google Cloud PubSub from the list.

      Screen_Shot_2021-03-09_at_16.12.06.png

    4. Fill in the following information:

      • Account Name – Give the Google Cloud Pub/Sub account a meaningful name.

        This name will identify your cloud connector in the Exabeam Cloud Connectors platform and in the events sent to external systems as SIEMs or Splunk.

      • Description – (Optional) Add a description that describes the purpose of the Google Cloud Pub/Sub account.

      • Project ID – Enter the project ID in which the Pub/Sub subscription was created.

      • Subscription ID – Enter the subscription ID for the Pub/Sub topic to which the logs data is exported.

      • Number of Parallel Streams – Leave the default of 4 to start. If the connector is not pulling logs fast enough, you can revisit the settings to increase this value.

      • Number of Processing Threads – Leave the default 1 for start. If the connector is not processing the received data fast enough, you can revisit the settings to increase this value.

      • Max Outstanding Elements – (Advanced configuration only) Leave the default 512 to start.

      • Max Outstanding Bytes – (Advanced configuration only) Leave the default 33554432 (32MB) to start.

      • Service-Credentials-Json – Enter the JSON key created for the service account. Ensure the JSON is valid and no additional whitespace or characters were copied.

  3. To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.

  4. Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.

  5. To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows OK.