Google Cloud Platform Integration

Note: This integration requires Cisco XDR Advantage licensing tier.

Cisco XDR consumes network traffic data, including Virtual Private Cloud (VPC) flow logs, from your Google Cloud Platform (GCP) public cloud network. It then performs dynamic entity modeling by running analytics on that data to detect threats and indicators of compromise. Cisco XDR consumes VPC flow logs directly from your GCP account using across-account IAM service account with the proper permissions.

Once the JSON credentials have been uploaded, the Credentials page will open. This page displays the uploaded GCP Credentials and the Monitoring Status of the configured projects.

The Permissions page displays the Google Compute Engine permissions, which are used to identify instances, network interfaces, regions, security groups, and more to inform our algorithms, and the Resource Manager permissions, which are used to list projects when collecting flows from multiple projects without using GCP Pub/Sub (i.e., with the Logging API).