Exam4Training

How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?

How should a customer reliably deliver Stackdriver logs from GCP to their on-premises SIEM system?
A . Send all logs to the SIEM system via an existing protocol such as syslog.
B . Configure every project to export all their logs to a common BigQuery DataSet, which will be queried by the SIEM system.
C . Configure Organizational Log Sinks to export logs to a Cloud Pub/Sub Topic, which will be sent to the SIEM via Dataflow.
D . Build a connector for the SIEM to query for all logs in real time from the GCP RESTful JSON APIs.

Answer: C

Explanation:

Scenarios for exporting Cloud Logging data: Splunk This scenario shows how to export selected logs from Cloud Logging to Pub/Sub for ingestion into Splunk. Splunk is a security information and event management (SIEM) solution that supports several ways of ingesting data, such as receiving streaming data out of Google Cloud through Splunk HTTP Event Collector (HEC) or by fetching data from Google Cloud APIs through Splunk Add-on for Google Cloud. Using the Pub/Sub to Splunk Dataflow template, you can natively forward logs and events from a Pub/Sub topic into Splunk HEC. If Splunk HEC is not available in your Splunk deployment, you can use the Add-on to collect the logs and events from the Pub/Sub topic. https://cloud.google.com/solutions/exporting-stackdriver-logging-for-splunk

Exit mobile version