GCP Audit Logs

Continuous security monitoring for GCP

Request a DemoRead the Docs

App Info

Monitor GCP logs to gain complete visibility into activity across your cloud service with Panther's GCP integration.

GCP Audit logs contain detailed events of activity inside of your cloud accounts. Panther can collect, normalize, and monitor GCP logs data to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a serverless data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Panther enables the following real-time monitoring use cases with this data:

  • Detect compromised IAM access keys
  • Ensure adversaries don’t access data objects from improperly secured cloud storage
  • Check if a Gmail account is being used instead of a corporate email

How it Works

The integration is simple and fast:

  • Configure PubSub and leverage Fluentd to send data to an S3 bucket that Panther will read from
  • Panther will parse, normalize, and analyze your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer (Enterprise only)
  • Sit back and monitor your activity!

Learn more about Panther's supported services and log schemas for GCP.