We have one of the apigeex gcp project runtime running on 10.x.x.x internal subnets. Is there a way for it to send logs to SentinelOne via Message logging policy to a different GCP project via TCP?
Thanks!!
Raghu
Hello @raghunathapalle ,
We saw your question and wanted to let you know we’re keeping it on our radar. We’ll also invite others in the community to pitch in and share their thoughts.
Hello @raghunathapalle
What does your southbound networking connectivity patterns/constructs look like? Assuming your SentinelOne instance supports a Syslog server (and you would like to utilize non-public services/instance sets), you could do something like the following:
-
Networking Connectivity to/from the SentinelOne server - this can be orchestrated via PSC/VPC peering/etc, and in theory would you be able to create an endpoint attachment for the service as documented here: https://cloud.google.com/apigee/docs/api-platform/architecture/southbound-networking-patterns-endpoints
-
MessageLogging policy - you should be able to specify the endpoint attachment as the target IP (thus keeping the connection private) as well as the port/utilization of TCP as noted here: https://cloud.google.com/apigee/docs/api-platform/reference/policies/message-logging-policy#syslog-element
Please let us know if you have any questions and/or concerns - thanks!