Skip to main content
Sumo Logic

Install the Google Cloud Audit App and view the Dashboards

Install the Sumo Logic App

Now that you have set up collection for Google Cloud Audit, install the Sumo Logic App to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Google Cloud Audit Overview

See the overview of audit activities including resource creation and deletion, operations, users, and authorization failures.

Google-Cloud-Audit-Overview.png

Location of Audit Activity. See the count and location of audit activities in the last 24 hours on a world map.

Created Resources. See the count of resources created in the last 24 hours on a pie chart.

Deleted Resources Over Time. See the count of resources that were deleted in the last 24 hours on a bar chart.

Operations by Resources. See the count of operations by resources in the last 24 hours on a stacked column chart.

Authorization Failures. See the count of authorization failures in the last 24 hours.

Top 10 Users. See the top 10 users by messages in the last 24 hours on a column chart.

Google Cloud Audit Network and Security

See the details of network and security operations including the authorization failures, and firewall changes.

Google-Cloud-Audit-Network-Security.png

Location of Authorization Failures. See the count and location of authorization failures in the last hour on a world map.

Network and Security Operations Over Time. See the count of network and security operations in the last 24 hours on a stacked column chart.

Authorization Failures Over Time. See the count and trend of authorization failures in the last 24 hours on a column chart.

Recent Firewall Changes. See the details of firewall changes in the last three hours including the timestamp, user, method, ranges, direction, action, protocol, and ports.

Network and Security Operations. See the count of network and security operations in the last 24 hours on a pie chart.

Recent Authorization Failures. See the details of authorization failures in the last three hours including the timestamp, user, action, project, country name, city, and caller IP address.

Firewall Rules with All Allowed. See the details of firewall rules in the last 24 hours that allowed all protocols including the timestamp, user, method, ranges, direction, and ports.

Short Lived Network Resources. See the details of short lived network resources in the last 24 hours including the creator, terminator, and resource name.

Google Cloud Audit Operations

See the details of operations including the actions, requested services, created, and deleted resources.

Google-Cloud-Audit-Operations.png

Actions. See the count of all actions in the last hour on a pie chart.

Requested GCP Service Over Time. See the count of requested GCP services in the last 24 hours on area chart.

Operations by GCP Project. See the count of operations by GCP project in the last 24 hours on area chart.

Recent Operation Activity. See the details of operations in the last three hours including the timestamp, user, action, granted, project, and IP address

Created Resources Over Time. See the count of created resources in the last 24 hours on a stacked column chart.

Deleted Resources Over Time. See the count of deleted resources in the last 24 hours on a stacked column chart.

Google Cloud Audit Users

See the details of user activities including the location, top users, creations and deletions.

Google-Cloud-Audit-Users.png

Location of Users. See the count and location of users in the last 24 hours on a world map.

User Activities Over Time. See the count of user activities in the last 24 hours on a stacked column chart.

Top 10 Activities by Users. See the top 10 activities by users in the last 24 hours on a bar chart.

Top 10 Users. See the top 10 users by messages in the last 24 hours on a column chart.

Creations and Deletions by User. See the count of creations and deletions by users in the last 24 hours on a stacked column chart.

Recent User Activity. See the details of user activities in the last three hours including the timestamp, user, project, method, severity, and operations.