You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I need to ingest GCP audit logs into Azure Sentinel using the GCP Pub/Sub audit log connector, with authentication handled through GCP Workload Identity. I have already set up the configuration, and it is working fine. In this setup, while configuring the provider issuer, one of the allowed audiences must match what is specified in the official Microsoft documentation. I have followed this configuration as required.
However, we now need to restrict authentication with the Workload Identity to only a specific data connector, ensuring that other connectors cannot authenticate. For example, if there are two connectors, only one should be allowed to authenticate, while the other should not.
I have not found a way to restrict the Workload Identity to a specific connector, which poses a security risk, as other GCP connectors could potentially authenticate using the same Workload Identity.
The text was updated successfully, but these errors were encountered:
I need to ingest GCP audit logs into Azure Sentinel using the GCP Pub/Sub audit log connector, with authentication handled through GCP Workload Identity. I have already set up the configuration, and it is working fine. In this setup, while configuring the provider issuer, one of the allowed audiences must match what is specified in the official Microsoft documentation. I have followed this configuration as required.
However, we now need to restrict authentication with the Workload Identity to only a specific data connector, ensuring that other connectors cannot authenticate. For example, if there are two connectors, only one should be allowed to authenticate, while the other should not.
I have not found a way to restrict the Workload Identity to a specific connector, which poses a security risk, as other GCP connectors could potentially authenticate using the same Workload Identity.
The text was updated successfully, but these errors were encountered: