Prerequisite Tasks for Integration with GCP

Before completing the procedures to integrate Tenable Log Correlation Engine with GCP, you must perform the following tasks via the GCP Console:

  1. Create a service account for Tenable Log Correlation Engine. When you create the service account:

    • Select Furnish a new private key.
    • For Key type, select JSON.

    A .json file that contains the public/private key pair is downloaded. This key pair is required for the Web Query Client policy.

    Note: The previous link is to the official documentation for GCP. This procedure expects that you will be using the GCP Console to complete the tasks. After viewing the official GCP documentation, to see the instructions for the Console, in the boxes that appear on the page, click Console.

    For example:

  2. If you have not already, complete the steps required to enable the Pub/Sub API. Then, create a topic and add a subscription.

    • For Delivery Type, select Pull.

    Note the subscription name. The subscription name is required for the Web Query Client policy.

    Note: The previous links are to the official documentation for the Pub/Sub service. It includes sections about publishing a message to a topic, pulling the message from a subscription, and cleaning up. For the purpose of this procedure, those sections can be ignored.

  3. If you want to you want to obtain logs from one or more Google Compute Engine or Amazon EC2 VM instances, install the logging agent on those instances.
  4. Configure Stackdriver Logging to export one or more logs to the topic you created in step 2. Those logs will be processed by the Web Query Client.

  5. Configure a Web Query Client policy to pull logs from the Pub/Sub service.