Create and configure a sink to export the flow logs for
your GCP organization to.
Prisma Cloud uses the traffic data in flow
logs for your GCP organization or folder resource hierarchy to detect
network threats such as cryptomining, data exfiltration, and host
compromises. Before Prisma Cloud can analyze your flow log data,
you must create a sink to export the flow logs to a Cloud Storage
bucket. To configure a sink for your whole GCP organization or folder,
use the gcloud command line tool.
Enabling flow logs
will incur high network egress costs. Palo Alto Networks strongly
recommends that you enable Flow Log Compression on GCP to significantly
reduce the network egress costs associated with sending uncompressed
GCP logs to the Prisma Cloud infrastructure.
Gather the following information from your GCP account:
Enable flow log compression on Prisma Cloud to automate
the compression of flow logs using the Google Cloud Dataflow service.
When enabled the compressed logs are stored to the same Storage
bucket as your flow logs and mitigates the network egress costs
associated with sending uncompressed GCP logs to the Prisma Cloud