I am trying to get a number of Google G Suite / Workspace logs, GCP logs, etc into Splunk for security monitoring.
I have been trying the various apps by Kyle Smith, but they don't get me everything I am required to collect.
Currently we use python scripts to call the Google API and pull in our logs with a UF. But I was hoping there was a better way (by now).
I was hoping there is a way to redirect/store my G-suite logs into Google Storage and then pull it into Splunk with the (Splunk Supported) GCP app? Like using the AWS TA and an S3 bucket.
I have not been able to test my theory yet, but if any one can advise how to collect MDM and Alert Center Logs with the GCP app that would be great.