v-sudkharat
commented
1 week ago Hi @ghanashvi, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!
Open ghanashvi opened 1 week ago
v-sudkharat
commented
1 week ago Hi @ghanashvi, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!
ghanashvi
commented
4 days ago Hi @v-rusraut and @v-sudkharat, Do you have any updates on the issue I raised?
I need to ingest GCP audit logs into Azure Sentinel using the GCP Pub/Sub audit log connector, with authentication handled through GCP Workload Identity. I have already set up the configuration, and it is working fine. In this setup, while configuring the provider issuer, one of the allowed audiences must match what is specified in the official Microsoft documentation. I have followed this configuration as required.
However, we now need to restrict authentication with the Workload Identity to only a specific data connector, ensuring that other connectors cannot authenticate. For example, if there are two connectors, only one should be allowed to authenticate, while the other should not.
I have not found a way to restrict the Workload Identity to a specific connector, which poses a security risk, as other GCP connectors could potentially authenticate using the same Workload Identity.