Unified Log View for Development Cloud Projects
Question
Your team needs to obtain a unified log view of all development cloud projects in your SIEM.
The development projects are under the NONPROD organization folder with the test and pre-production projects.
The development projects share the ABC-BILLING billing account with the rest of the organization.
Which logging export strategy should you use to meet the requirements?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
To obtain a unified log view of all development cloud projects in your SIEM, you need to use a logging export strategy that allows you to collect and aggregate logs from all relevant projects. The development projects are located in the NONPROD organization folder, and they share the ABC-BILLING billing account with the rest of the organization. Based on this information, there are a few options to consider.
Option A: Export logs to a Cloud Pub/Sub topic with folders/NONPROD parent and includeChildren property set to True in a dedicated SIEM project. Subscribe SIEM to the topic.
This option involves exporting logs to a Cloud Pub/Sub topic and then subscribing to that topic in a dedicated SIEM project. By setting the includeChildren property to True and specifying the NONPROD parent folder, logs from all development projects under the NONPROD folder should be included in the exported logs. This strategy can provide a unified log view across multiple projects, but it requires a dedicated SIEM project and may involve additional configuration for the subscription and processing of the logs.
Option B: Create a Cloud Storage sink with billingAccounts/ABC-BILLING parent and includeChildren property set to False in a dedicated SIEM project. Process Cloud Storage objects in SIEM.
This option involves creating a Cloud Storage sink and processing Cloud Storage objects in a dedicated SIEM project. By specifying the billingAccounts/ABC-BILLING parent and setting the includeChildren property to False, logs from all projects in the ABC-BILLING billing account should be included in the exported logs. This strategy can provide a unified log view across the entire billing account, but it requires a dedicated SIEM project and may involve additional configuration for the processing of the logs.
Option C: Export logs in each dev project to a Cloud Pub/Sub topic in a dedicated SIEM project. Subscribe SIEM to the topic.
This option involves exporting logs from each development project to a Cloud Pub/Sub topic and subscribing to that topic in a dedicated SIEM project. While this strategy allows you to collect logs from each project individually, it may be more difficult to aggregate and analyze logs across multiple projects. Additionally, it requires a dedicated SIEM project and may involve additional configuration for the subscription and processing of the logs.
Option D: Create a Cloud Storage sink with a publicly shared Cloud Storage bucket in each project. Process Cloud Storage objects in SIEM.
This option involves creating a Cloud Storage sink with a publicly shared Cloud Storage bucket in each development project and processing Cloud Storage objects in a dedicated SIEM project. While this strategy allows you to collect logs from each project individually, it may be more difficult to aggregate and analyze logs across multiple projects. Additionally, publicly shared buckets may have security implications and require additional configuration to ensure proper access controls are in place.
Based on these options, Option A or Option B may be the most appropriate choice to obtain a unified log view of all development cloud projects in your SIEM. Both options involve exporting logs to a centralized location and allow you to collect logs from all relevant projects. However, the best choice may depend on the specific requirements and constraints of your organization.
