Limiting GCP Workload Identity Access to Specific Azure Sentinel Connectors #11251
Assignees
Labels
Connector
Connector specialty review needed
Comments
|
Hi @ghanashvi, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks! |
|
Hi @v-rusraut and @v-sudkharat, Do you have any updates on the issue I raised? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I need to ingest GCP audit logs into Azure Sentinel using the GCP Pub/Sub audit log connector, with authentication handled through GCP Workload Identity. I have already set up the configuration, and it is working fine. In this setup, while configuring the provider issuer, one of the allowed audiences must match what is specified in the official Microsoft documentation. I have followed this configuration as required.
However, we now need to restrict authentication with the Workload Identity to only a specific data connector, ensuring that other connectors cannot authenticate. For example, if there are two connectors, only one should be allowed to authenticate, while the other should not.
I have not found a way to restrict the Workload Identity to a specific connector, which poses a security risk, as other GCP connectors could potentially authenticate using the same Workload Identity.
The text was updated successfully, but these errors were encountered: