Public Cloud Monitoring Configuration for Google Cloud Platform – Cisco Cloud Security

Public Cloud Monitoring Configuration for Google Cloud Platform

Cisco Secure Cloud Analytics public cloud monitoring is a visibility, threat identification, and compliance service for Google Cloud Platform (GCP). Secure Cloud Analytics consumes network traffic data, including VPC flow logs, from your GCP public cloud network. It then performs dynamic entity modeling by running analytics on that data to detect threats and indicators of compromise. Secure Cloud Analytics consumes VPC flow logs directly from your GCP account using a cross-account IAM service account with the proper permissions.

Single GCP Project Configuration

To configure GCP to generate and store flow log data for a single project as well as Secure Cloud Analytics to ingest that data, follow these steps:

1. In GCP, configure a service account with the proper permissions to view flow log and other data and then save the JSON credentials.

2. In GCP, enable flow logging and the Stackdriver monitoring API for metrics gathering.

3. In the Secure Cloud Analytics web portal UI, upload the service account JSON credentials.

If you have a high-throughput GCP environment, you can optionally configure Pub/Sub for a single project to deliver flow log data to Secure Cloud Analytics, as follows:

1. Determine if your deployment is high throughput.

2. Configure a Pub/Sub topic to ingest flow log data as well as a Pub/Sub subscription for the topic to deliver the flow log data.

Multiple GCP Project Configuration

To configure GCP to generate and store flow log data for multiple projects as well as Secure Cloud Analytics to ingest that data, follow these steps:

1. In GCP, configure a service account with the proper permissions to view flow log and other data and then save the JSON credentials. Configure the additional projects to use a single service account.

2. In GCP, configure the additional projects to use the service account.

3. In GCP, enable flow logging and the Stackdriver monitoring API for metrics gathering.

4. In the Secure Cloud Analytics web portal UI, upload the service account’s JSON credentials.

If you have a high-throughput GCP environment, you can optionally configure Pub/Sub for multiple projects to deliver flow log data to Secure Cloud Analytics, as follows:

1. Determine if your deployment is high throughput.

2. Configure a Pub/Sub topic to ingest flow log data as well as a Pub/Sub subscription for the topic to deliver the flow log data.

3. Configure additional Pub/Sub topics and subscriptions for the additional projects.

Public Cloud Monitoring Configuration for Microsoft Azure

Cisco Secure Cloud Analytics public cloud monitoring is a visibility, threat identification, and compliance service for Microsoft Azure. Secure Cloud Analytics consumes network traffic data, including Network Security Group (NSG) flow logs, from your Azure public cloud network. It then performs dynamic entity modeling by running analytics on that data to detect threats and indicators of compromise. Secure Cloud Analytics consumes NSG flow logs directly from your Azure storage account and uses an application to gain additional context. Figure 8-38 illustrates the Cisco validated design for Azure three-tier architecture.


Figure 8-38 Cisco validated design for Azure three-tier architecture

To configure Azure to generate and store flow log data as well as Secure Cloud Analytics to ingest that flow log data, follow these steps:

1. In Azure, have at least one resource group to monitor.

2. In Azure, obtain your Azure AD URL and subscription ID.

3. In Azure, create an AD application and then associate roles with the application.

4. In Azure, create a storage account for the flow log data and then generate a SAS URL.

5. In Azure, enable Network Watcher and flow logs.

6. In Azure, if you want additional visibility on activity taken, configure your storage account to store activity logs.

7. In Secure Cloud Analytics, upload Azure credential and flow log storage information, including the AD URL, subscription ID, application ID and key, and blob service SAS URL.

Leave a Comment