Forwarding to Google Chronicle
Google Chronicle is a cloud service, built as a specialized layer on top of core Google infrastructure, designed for enterprises to privately retain, analyze, and search the massive amounts of security and network telemetry they generate. Chronicle normalizes, indexes, correlates, and analyzes the data to provide instant analysis and context on risky activity.
Event forwards originate from region-specific IPs. For the full list of outbound IPs by region, see SaaS Regions and IP Ranges. Update your firewall and allow inbound requests from these IP addresses to enable Sysdig to handle event forwarding.
Configure Event Forwarding Integration with Google Chronicle
To forward event data to Chronicle:
Log in to Sysdig Secure as
Settingsmodule, navigate to the
Chroniclefrom the drop-down menu.
Configure the required options:
- Integration Name: Define an integration name.
- API Key:
- Data to Send: Select the event data you want to send. NOTE: at this time, only runtime policy events are available; more data types will be added.
- Toggle the enable switch as necessary. Remember that you will need to “Test Integration” with the button below before enabling the integration.
Savebutton to save the integration.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.