- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Google Cloud Armor helps protect Google Cloud deployments from multiple types of threats, including distributed denial-of-service (DDoS) attacks and application attacks like cross-site scripting (XSS) and SQL injection (SQLi).
Armor’s Managed Protection is the managed application protection service that helps protect web applications and services from distributed DDoS attacks and other threats from the internet. Managed Protection features always-on protections for load balancers, and gives access to WAF rules.
Google Cloud Armor is integrated automatically with Security Command Center and exports two findings to the Security Command Center dashboard: Allowed Traffic Spike and Increasing Deny Ratio.
Enable this integration along with the Google Cloud Security Command Center Integration to visualize DDoS threats to your Google Cloud environment in Datadog. With this integration, Datadog collects important security events from your Google Cloud network security configurations and metrics from Google Cloud Armor.
This integration delivers insight into the user activity of changes to cloud resources and every request evaluated by a security policy - from audit logs to request logs.
Since Google Cloud Armor events are streamlined as findings to Google Security Command Center, make sure Google Cloud Armor is enabled in the Security Command Center at your Google Cloud console. For more information, see Configuring Security Command Center.
Next, enable the collection of security findings on the main Google Cloud Platform integration.
To collect Google Cloud Armor metrics, configure the main Google Cloud integration.
To collect Google Cloud Armor events, you need to add the Security Center Findings Viewer role to the service account. Install the Google Cloud Security Command Center integration, and enable collection of security findings on the main Google Cloud integration.
To set up logs forwarding from your Google Cloud environment to Datadog, see the Log Collection section.
Audit logs can be forwarded through standard log forwarding. These audit logs use the Google Cloud
resource types gce_backend_service
and network_security_policy
. To include only audit logs,
use filters such as protoPayload.@type="type.googleapis.com/google.cloud.audit.AuditLog"
while
creating the log sink.
Request logs can be forwarded through standard log forwarding. These logs are automatically collected
in Google Cloud Load Balancing logs. Use filters such as
jsonPayload.enforcedSecurityPolicy.outcome="DENY"
while creating the log sink to view requests
denied by a security policy.
gcp.networksecurity.dos.ingress_bytes_count (count) | The total number of bytes received, broken down by drop status (allowed or dropped). Shown as byte |
gcp.networksecurity.dos.ingress_packets_count (count) | The total number of packets received, broken down by drop status (allowed or dropped). Shown as packet |
gcp.networksecurity.firewall_endpoint.received_bytes_count (count) | Total firewall endpoint received bytes. Shown as byte |
gcp.networksecurity.firewall_endpoint.received_packets_count (count) | Total firewall endpoint received packets. Shown as packet |
gcp.networksecurity.firewall_endpoint.sent_bytes_count (count) | Total firewall endpoint sent bytes. Shown as byte |
gcp.networksecurity.firewall_endpoint.sent_packets_count (count) | Total firewall endpoint sent packets. Shown as packet |
gcp.networksecurity.firewall_endpoint.threats_count (count) | Total firewall endpoint detected threats. |
gcp.networksecurity.https.previewed_request_count (count) | Queries that would be affected by rules currently in the 'preview' mode, if those rules were to be made non-preview. Shown as request |
gcp.networksecurity.https.request_count (count) | Actual number of queries affected by policy enforcement on queries. Shown as request |
gcp.networksecurity.l3.external.packet_count (count) | Estimated number of packets by matching rule and enforcement action. Shown as packet |
gcp.networksecurity.l3.external.preview_packet_count (count) | Estimated number of packets that would be affected by rule currently in preview mode, if that rule were to be made non-preview. Shown as packet |
gcp.networksecurity.tcp_ssl_proxy.new_connection_count (count) | New connections affected by policy enforcement. Shown as connection |
gcp.networksecurity.tcp_ssl_proxy.previewed_new_connection_count (count) | New connections that would be affected by rules currently in the 'preview' mode, if those rules were to be made non-preview. Shown as connection |
The Google Cloud Armor integration does not include any service checks.
The Google Cloud Armor integration does not include any events.
Need help? Contact Datadog support.
Additional helpful documentation, links, and articles: