Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GCP credentials docs #6837

Merged
merged 4 commits into from
Dec 15, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions source/cloud-security/gcp/prerequisites/considerations.rst
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,9 @@ Find an example of running the module on a manager using the ``--reparse`` optio

.. code-block:: console

# /var/ossec/wodles/gcloud/gcloud --integration_type access_logs -b 'wazuh-example-bucket' -c credentials.json --reparse --only_logs_after '2021-Jun-10' --debug 2
# /var/ossec/wodles/gcloud/gcloud --integration_type access_logs -b 'wazuh-example-bucket' -c credentials.json --reparse --only_logs_after '2021-Jun-10' -l 2

The ``--debug 2`` parameter gets a verbose output. This is useful to show the script is working, specially when handling a large amount of data.
The ``-l 2`` parameter gets a verbose output. This is useful to show the script is working, specially when handling a large amount of data.


Configuring multiple Google Cloud Storage bucket
Expand Down
25 changes: 24 additions & 1 deletion source/cloud-security/gcp/prerequisites/credentials.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,37 @@ In order to make the Wazuh GCP module pull log data from Google Pub/Sub or Googl

To do this, it is recommended to create a service account with the Pub/Sub or Storage permissions and then create a key. It is important to save this key as a JSON file as it will be used as the authentication method for the GCP module.

Creating a custom role
----------------------

The ``gcp-bucket`` module requires permissions to access storage buckets and objects. To create a role with the required permissions, follow these steps:

GGP1 marked this conversation as resolved.
Show resolved Hide resolved
#. Go to the **Roles** section and click on **Create Role**.
#. Establish a **Title** and click on **Add Permissions**.
#. On the search bar, filter available permissions by typing **Storage Legacy Bucket Writer**. Select the following ones:

- ``storage.bucket.get``
- ``storage.objects.create``
- ``storage.objects.delete``
- ``storage.objects.list``

#. Click on **Create**.

.. thumbnail:: /images/cloud-security/gcp/gcp-bucket-role.png
:align: center
:width: 100%

Creating a service account
--------------------------

Within the **Service Accounts** section, create a new service account and add the following roles depending on which module to use: ``gcp-pubsub``, ``gcp-bucket``, or both.

- For ``gcp-pubsub``, add two roles with *Pub/Sub* permissions: **Pub/Sub Publisher** and **Pub/Sub Subscriber**.
- For ``gcp-bucket``, add the following role with *Google Cloud Storage bucket* permissions: **Storage Legacy Bucket Writer**.
- For ``gcp-bucket``, add the following role with *Google Cloud Storage bucket* permissions: **Storage Bucket Writer**.

.. thumbnail:: /images/cloud-security/gcp/gcp-service-account.png
:align: center
:width: 100%

Creating a private key
----------------------
Expand Down
Binary file modified source/images/cloud-security/gcp/gcp-account-key.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.