Skip to main content

Netskope Help

Google Cloud Storage Plugin for Log Shipper

This document explains how to configure Google Cloud Storage with Log Shipper in the Netskope Cloud Exchange platform. This integration allows pushing web transactions into cloud storage.

Prerequisites

To complete this configuration, you need:

  • A Netskope tenant (or multiple, for example, production and development/test instances)

  • No special license (Advanced Threat Protection is not needed)

  • A Netskope Cloud Exchange tenant with the Log Shipper module already configured.

  • Google Cloud Platform credentials with specified roles on a particular project.

Note

Verify your Google Cloud Storage instance permissions are secure and not set up for open public access. Only allow access to your cloud storage instance from your Cloud Exchange Host and any other addresses that need access.

Workflow

  1. Obtain a required credentials

  2. Configure the GCP Cloud Storage plugin.

  3. Configure Log Shipper SIEM Mappings for GCP Cloud Storage.

  4. Validate the Google Cloud Storage plugin.

Get your Google Cloud Platform Key

  1. Go to Google Cloud Platform at https://console.cloud.google.com/.

    image1.png

  2. Select your Project from and click Open.

    image2.png

  3. Go to IAM & Admin Service Accounts.

    image3.png

  4. Click + Create Service Account.

    image4.png

  5. Enter a Service account name and Service account description. Click on Create and Continue.

    image5.png

  6. Click Continue.

    image6.png

  7. Click Done.

    image7.png

  8. Click the 3 dots under Action.

    image8.png

  9. Click Manage Keys.

    image9.png

  10. Click Add Key and then Create new key.

    image10.png

  11. Select JSON and click Create to download the key to your local device.

    image11.png
Configure the GCP Cloud Storage Plugin

  1. In Cloud Exchange, go to Settings > Plugins.

  2. Search for and select the Google Cloud Storage box to open the plugin creation pages.

  3. Enter a Configuration Name.

    image13.png

  4. Click Next.

    image14.png

  5. Enter Key File from Google Cloud Storage account.

  6. Enter a globally unique Bucket Name.

  7. Select a Region Name from the dropdown (The location used for storing objects).

    If you want to know more about buckets regions, refer to: https://cloud.google.com/storage/docs/locations.

  8. Select a Storage Class from the dropdown (Based on your GCP storage class cost).

    If you want to know more about storage class, refer to: https://cloud.google.com/storage/docs/storage-classes.

  9. Enter an Object Prefix. The Object Prefix is used for creating the file name prefix)

  10. Enter a Maximum File Size (in MBs, Value should be between 0 to 100). Default value will be 10 MB.

  11. Enter a Maximum Duration (in Seconds, and the Value should be positive integer).

  12. Click Save.

    image15.png
Configure Log Shipper SIEM Mappings for GCP Cloud Storage

  1. Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.

  2. Select a Source Configuration, Business Rule, and Destination Configuration.

    image16.png

  3. Click Save.

    image17.png
Validate the GCP Cloud Storage Plugin

To validate the plugin workflow, you can check from Netskope Cloud Exchange and from Google Cloud Platform.

To validate from Netskope Cloud Exchange, go to Logging.

image18.png

To validate from the Google Cloud Platform:

  1. Open the GCP Console (https://console.cloud.google.com/).

  2. Search Cloud Storage and click on your Project.

    image19.png

  3. Search Bucket Name you provided when you configured Google Cloud Storage Plugin.

    image20.png

  4. Click Bucket Name and files pushed into GCP will be seen and by clicking on the file it shows the Download option to view the content locally.

    image21.png
In this section: