- Advanced Analytics
- Understand the Basics of Advanced Analytics
- Configure Log Management
- Set Up Admin Operations
- Set Up Authentication and Access Control
- Additional Configurations
- Configure Rules
- Exabeam Threat Intelligence Service
- Threat Intelligence Service Prerequisites
- View Threat Intelligence Feeds
- Threat Intelligence Context Tables
- View Threat Intelligence Context Tables
- Assign a Threat Intelligence Feed to a New Context Table
- Create a New Context Table from a Threat Intelligence Feed
- Check ExaCloud Connector Service Health Status
- Exabeam Cloud Telemetry Service
- Manage Security Content in Advanced Analytics
- Health Status Page
Ingest Logs from Google Cloud Pub/Sub into Advanced Analytics
Note
The information in this section applies to Advanced Analytics versions i60–i62.
To create events from Google Cloud Pub/Sub topics, you must configure Google Pub/Sub as an Advanced Analytics log source.
Prerequisites to Configure Google Pub/Sub
Create a Google Cloud service account with Pub/Sub Publisher and Pub/Sub Subscriber permissions.
Create and download a JSON-type service account key. You use this JSON file later.
Create a Google Cloud Pub/Sub topic with Google-managed key encryption.
For the Google Cloud Pub/Sub topic you created, create a subscription with specific settings:
Delivery type – Select Pull.
Subscription expiration – Select Never expire.
Retry policy – Select Retry immediately.
Save the subscription ID to use later.
Procedure to Configure Google Pub/Sub
In the sidebar, click SETTINGS
, then select Analytics.Under Log Management, select Log Ingestion Settings.
Click ADD, then from the Source Type list, select Google Cloud Pub/Sub.
Enter information about your Google Cloud Pub/Sub topic:
Description – Describe the topic, what kinds of logs you're ingesting, or any other information helpful for you to identify this as a log source.
Service key – Upload the Google Cloud service account key JSON file you downloaded.
Subscriptions
Subscription name – Enter the Google Cloud Pub/Sub subscription ID you created.
Description – Describe the subscription, to which Google Cloud Pub/Sub topic it was created, or what messages it receives.
To verify the connection to your Google Cloud Pub/Sub topic, click TEST CONNECTION. If you see an error, verify the information you entered then retest the connection.
Click SAVE.
Restart Log Ingestion and Messaging Engine (LIME).
To ingest specific logs from your Google Cloud Pub/Sub topic, configure a log feed.