Google Workspace / G-Suite Logs Integration with Wazuh

1,925 views
Skip to first unread message

Khul Sat

unread,
Dec 5, 2023, 6:00:38 AM12/5/23
to Wazuh | Mailing List
Greetings!
Would like to know if there are any ways to integrate G-Suite logs with Wazuh.

Thanks,KS

Md. Nazmur Sakib

unread,
Dec 5, 2023, 6:26:15 AM12/5/23
to Wazuh | Mailing List

Hi Khul Sat,

Hope you are doing well. Thank you for using Wazuh.


Currently we do not have a direct integration with Gsuite or rules and decoders for these logs.

A workaround can be, you could route the audit logs for Google Workspace to Google Cloud following the following guide:

https://cloud.google.com/logging/docs/audit/configure-gsuite-audit-logs

and then use Wazuh to monitor GCP services: https://documentation.wazuh.com/current/gcp/index.html
Once you have everything configured, you would have to create your own rules and decoders. You have a guide on how to do it in our documentation: https://documentation.wazuh.com/current/user-manual/ruleset/custom.html

As you can see, this process is time consuming, so it has been decided to add Google Suite integration to Wazuh out of the box. Also, here's an issue in our repository where you can track the progress of this new feature and some implementations that different users have made.


I hope you find this information helpful. 


Regards

Md. Nazmur Sakib

Khul Sat

unread,
Dec 5, 2023, 7:19:36 AM12/5/23
to Wazuh | Mailing List
Thank you Md. Nazmur Sakib for your reply!
We are only using Google Workspace service. We are not on GCP. Our Wazuh is sitting at AWS and hence we wanted to have G-Suite logs forwarded to AWS.

Any thoughts on this pls?

Regards,KS

Md. Nazmur Sakib

unread,
Dec 18, 2023, 6:16:57 AM12/18/23
to Wazuh | Mailing List

Hi Khul Sat,


Sorry for the late response.


We do not have a direct integration with GSuite or rules and decoders for these logs. We have an issue in our roadmap to incorporate it: https://github.com/wazuh/wazuh/issues/10776


In this issue, you can track the progress of this new feature.



I hope you find this information helpful.



Regards

Md. Nazmur Sakib

Khul Sat

unread,
Dec 20, 2023, 6:28:00 AM12/20/23
to Wazuh | Mailing List
Thank you for the update!

Ray Espinoza

unread,
Mar 15, 2024, 8:46:17 AM3/15/24
to Wazuh | Mailing List
Anyone figure out how to get logs that go to the org level to the project level? I can see the logs in the log explorer at the organization but they aren't visible in the project I created. Also, is it better to send the events to a bucket?
Thanks
Ray

Moshe Shvo

unread,
May 22, 2024, 3:44:39 AM5/22/24
to Wazuh | Mailing List

joining this question - any news regarding this question?

Reply all
Reply to author
Forward
0 new messages