Google Cloud Storage Plugin for Log Shipper
This document explains how to configure Google Cloud Storage with Log Shipper in the Netskope Cloud Exchange platform. This integration allows pushing web transactions into cloud storage.
To complete this configuration, you need:
A Netskope tenant (or multiple, for example, production and development/test instances)
No special license (Advanced Threat Protection is not needed)
A Netskope Cloud Exchange tenant with the Log Shipper module already configured.
Google Cloud Platform credentials with specified roles on a particular project.
Note
Verify your Google Cloud Storage instance permissions are secure and not set up for open public access. Only allow access to your cloud storage instance from your Cloud Exchange Host and any other addresses that need access.
Obtain a required credentials
Configure the GCP Cloud Storage plugin.
Configure Log Shipper SIEM Mappings for GCP Cloud Storage.
Validate the Google Cloud Storage plugin.
Go to Google Cloud Platform at https://console.cloud.google.com/.
Select your Project from and click Open.
Go to IAM & Admin Service Accounts.
Click + Create Service Account.
Enter a Service account name and Service account description. Click on Create and Continue.
Click Continue.
Click Done.
Click the 3 dots under Action.
Click Manage Keys.
Click Add Key and then Create new key.
Select JSON and click Create to download the key to your local device.
In Cloud Exchange, go to Settings > Plugins.
Search for and select the Google Cloud Storage box to open the plugin creation pages.
Enter a Configuration Name.
Click Next.
Enter Key File from Google Cloud Storage account.
Enter a globally unique Bucket Name.
Select a Region Name from the dropdown (The location used for storing objects).
If you want to know more about buckets regions, refer to: https://cloud.google.com/storage/docs/locations.
Select a Storage Class from the dropdown (Based on your GCP storage class cost).
If you want to know more about storage class, refer to: https://cloud.google.com/storage/docs/storage-classes.
Enter an Object Prefix. The Object Prefix is used for creating the file name prefix)
Enter a Maximum File Size (in MBs, Value should be between 0 to 100). Default value will be 10 MB.
Enter a Maximum Duration (in Seconds, and the Value should be positive integer).
Click Save.
Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.
Select a Source Configuration, Business Rule, and Destination Configuration.
Click Save.
To validate the plugin workflow, you can check from Netskope Cloud Exchange and from Google Cloud Platform.
To validate from Netskope Cloud Exchange, go to Logging.
To validate from the Google Cloud Platform:
Open the GCP Console (https://console.cloud.google.com/).
Search Cloud Storage and click on your Project.
Search Bucket Name you provided when you configured Google Cloud Storage Plugin.
Click Bucket Name and files pushed into GCP will be seen and by clicking on the file it shows the Download option to view the content locally.