1. Blumira Support
  2. Deploying Blumira
  3. Blumira Cloud Connectors

Quick Links

Integrating with Google Cloud Platform

Overview

This integration guide provides the steps to begin sending Google Cloud Platform (GCP) Audit logs to Blumira. This guide assumes that you have one or more GCP projects with billing enabled and that you are an owner within the project or have an administrator role that can create Service Accounts.

Before you begin

To configure the Blumira Cloud Connector, you must gather these required credentials:

  • Project name
  • JSON private key created for the project’s service account

Configuring GCP and gathering your credentials

To create a GCP Service Account and gather the JSON key file, do the following:

  1. Log in to https://console.cloud.google.com/.
  2. Enable the Cloud Logging API by visiting the Enable API wizard and confirming the project you want to ingest logs from.
  3. Enable the IAM Service Account Credentials API by clicking Enable here.
  4. In the Project dropdown menu, select the project you want to integrate with.
  5. Navigate to IAM & Admin > Service Accounts.
  6. Click + Create Service Account.
  7. Type a unique service account name.
  8. (Optional) Type a service description.
  9. Click Create and continue.
  10. Under “Grant this service account access to project,” click Select A Role.
  11. Search for and select Private Logs Viewer.
  12. Click Done.
  13. Select your new service account from the list.
  14. Click the KEYS tab.
  15. Click Add Key > Create New Key.
  16. Under Key type, select JSON.
  17. Click Create.
  18. Open the downloaded JSON Key file on your local machine in a plain text editor.
  19. Find the Client_ID and copy the number to use in Step 6 of Link APIs to the service account.
    Note: You will need the entire JSON file's contents when configuring the Cloud Connector.

 

To link APIs to the service account, do the following:

  1. Log in to https://admin.google.com as a super admin.
  2. Navigate to Security > Access and data control > API Controls.
  3. Scroll to the bottom section called “Domain-Wide Delegation.”
  4. Click Manage Domain Wide Delegation.
  5. Click Add New.
  6. In the Add a new Client ID window, paste the Client_ID you copied from the JSON file in the previous steps.
  7. In the OAuth Scopes section, paste the following: 
    https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/iam,https://www.googleapis.com/auth/logging.read
  8. Click Authorize.

 

Configuring the Cloud Connector

Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.

To configure the Blumira Cloud Connector:

  1. In the Blumira app, navigate to Settings > Cloud Connectors.
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector you want to add.
  4. In the Cloud Connector Name box, type a name to help identify the specific integration. 
  5. Enter the credentials that you collected in the previous steps.
  6. Click Connect.

Related Articles