Skip to content

Installing LogSentinel SIEM on Google Cloud Platform

The LogSentinel SIEM virtual appliance can be installed on GCP via the gcloud command-line tool, after you have uploaded the ova file to a GCP bucket (e.g. "my-bucket"). The machine type parameter should be specified according to your sizing. For more options of the import command, check the GCP documentation:

gcloud compute instances import logsentinel-siem \ 
    --source-uri=gs://my-bucket/LogSentinel-SIEM.ova --os=centos-8 \
    --machine-type=MACHINE_TYPE

After the appliance is deployed, it can be accessed by it's IP address. Below are several important aspects:

  • Make sure you have the right disk size. The default size of 1TB may not be sufficient for your needs, so you may need to resize it, following the GCP documentation
  • Make sure that HTTPS (and optionally HTTP) access is enabled for the specified instance
  • Make sure outbound HTTP and HTTPS access is allowed from the specified instance if you want to have the threat intelligence functionality working
  • You will need a VPN connection to your GCP environment in order to access the machine via the private IP
  • The default username and password are "user@logsentinel.com" and "pass". You can change those from the user profile page.