Skip to main content
Sumo Logic

Install the Google Cloud Firewall App and View the Dashboards

Instructions for installing the Sumo Logic App for Google Cloud Firewall, and descriptions of the app dashboards.

Install the Sumo Logic App

Now that you have set up log collection for Google Cloud Firewall, install the Sumo Logic App for Google Cloud Firewall to use the pre-configured Searches and Dashboards that provide visibility into your environment for real-time analysis of overall usage.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

This section describes the dashboards in the Sumo Logic App for Google Cloud Firewall.

Google Cloud Firewall - Overview

Presents an overview of request activity, including the geolocation of allowed and denied requests; percentage of requests denied; allowed and denied traffic over time; and the top remote request locations, requested networks, requested subnets, requested VMs, and rules used. 

google-cloud-firewall-overview.png

Ingress Source Locations. A geolocation map that shows the count of connection requests received by each location over the last 24 hours.

Egress Destination Locations. A geolocation map that shows the count of connection requests initiated from each location over the last 24 hours.

Traffic Over Time. A stacked column chart that shows the count of ingress and egress requests per timeslice over the last 24 hours. 

Allowed Request Remote Locations. A geolocation map that shows the count of requests that were allowed at each location over the last 24 hours.  

Denied Request Remote Locations. A geolocation map that shows the count of requests that were denied at each location over the last 24 hours.  

Traffic Disposition Over Time. A stacked column chart that shows the count of accepted and denied requests per timeslice over the last 24 hours. 

Allowed Traffic by Network Over Time. A line chart that shows the count of allowed requests per timeslice over the last 24 hours.

Denied Traffic by Network Over Time. A line chart that shows the count of denied requests per timeslice over the last 24 hours.

Requests Denied (%). The percentage of requests that were denied over the last 24 hours.

Top Remote Request Locations. A table that lists the top external sources that have issued the most requests caught by the firewall over the last 24 hours.

Top Requested Networks. A table that lists the networks that have received the most requests over the last 24 hours.

Top Rules Used. A table that lists the firewall rules that have been invoked most over the last 24 hours. 

Top Requested Subnetworks. A table that lists the subnetworks that have received the most requests over the last 24 hours.

Top Requested VMs. A table that lists the VMs that have received the most requests over the last 24 hours.

Google Cloud Firewall - Ingress

Presents information about ingress traffic; including allowed and denied traffic over time; allowed and denied traffic outliers; allowed and denied source locations; top networks, subnetworks, and VMs by ingress requests, and the top allowed and denied ingress rules.

google-cloud-firewall-ingress.png

Allowed Ingress Traffic by Network Over Time. A line chart that shows the count of allowed ingress requests per timeslice for each network over the last 24 hours. 

Denied Ingress Traffic by Network Over Time. A line chart that shows the count of denied ingress requests per timeslice for each network over the last 24 hours. 

Top Networks by Ingress Requests. A table that lists the networks that had the most ingress requests over the last 24 hours. 

Allowed Ingress Traffic - Outlier. A line chart that shows the count of allowed ingress requests per timeslice over the last 24 hours. The query uses the outlier operator to identify timeslices in which the count of allowed ingress requests was statistically significant, indicated by a pink triangle. 

Denied Ingress Traffic - Outlier. A line chart that shows the count of denied ingress requests per timeslice over the last 24 hours. The query uses the outlier operator to identify timeslices in which the count of denied ingress requests was statistically significant, indicated by a pink triangle. 

Top Subnetworks by Ingress Requests. A table that lists the subnetworks that had the most ingress requests over the last 24 hours. 

Top VMs by Ingress Requests. A table that lists the VMs that had the most ingress requests over the last 24 hours. 

Allowed Destination Locations. A geolocation map that shows the count of allowed ingress requests in each location over the last 24 hours. 

Denied Destination Locations. A geolocation map that shows the count of denied ingress requests in each location over the last 24 hours. 

Top Destination Locations. A table that lists the destinations with the most ingress requests over the last 24 hours.

Top Allowed Ingress Rules. A table that lists the ingress rules that were invoked the most, resulting in allowed requests over the last 24 hours.

Top Denied Ingress Rules. A table that lists the ingress rules that were invoked the most, resulting in denied requests over the last 24 hours.

Top Denied Destination IPs. A table that lists the IP addresses to which the most requests were denied access. 

Google Cloud Firewall - Egress

Presents information about egress traffic; including allowed and denied traffic over time; allowed and denied traffic outliers; allowed and denied source locations; top networks, subnetworks, and VMs by egress requests, and the top allowed and denied egress rules.

google-cloud-firewall-egress.png

Allowed Egress Traffic by Network Over Time. A line chart that shows the count of allowed egress requests per timeslice for each network over the last 24 hours. 

Denied Egress Traffic by Network Over Time. A line chart that shows the count of denied egress requests per timeslice for each network over the last 24 hours. 

Top Networks by Egress Requests. A table that lists the networks that had the most egress requests over the last 24 hours. 

Allowed Egress Traffic - Outlier. A line chart that shows the count of allowed egress requests per timeslice over the last 24 hours. The query uses the outlier operator to identify timeslices in which the count of allowed egress requests was statistically significant, indicated by a pink triangle. 

Denied Egress Traffic - Outlier. A line chart that shows the count of denied egress requests per timeslice over the last 24 hours. The query uses the outlier operator to identify timeslices in which the count of denied egress requests was statistically significant, indicated by a pink triangle. 

Top Subnetworks by Egress Requests. A table that lists the subnetworks that had the most egress requests over the last 24 hours. 

Top VMs by Egress Requests. A table that lists the VMs that had the most egress requests over the last 24 hours. 

Allowed Destination Locations. A geolocation map that shows the count of allowed egress requests in each location over the last 24 hours. 

Denied Destination Locations. A geolocation map that shows the count of denied egress requests in each location over the last 24 hours. 

Top Destination Locations. A table that lists the destinations with the most egress requests over the last 24 hours.

Top Allowed Egress Rules. A table that lists the egress rules that were invoked the most, resulting in allowed requests over the last 24 hours.

Top Denied Egress Rules. A table that lists the egress rules that were invoked the most, resulting in denied requests over the last 24 hours.

Top Denied Destination IPs. A table that lists the IP addresses to which the most requests were denied.