Log management system operation and security event monitoring

The goal of the project was to configure the log management solution and conduct security event monitoring in the customer GCP/Kubernetes infrastructure. False positives were filtered out. Regular Red team exercises were analyzed and detection rules were updapted. The log management was based on the Graylog/Logstash/ELK technology stack.


The following sources were connected with the aid of GCP Pub-Sub connectors:

  • GCP project
  • Kubernetes
  • Falco container IDS
  • Nginx-ingress objects
  • ModSecurity WAF
  • Application logs
  • Compute instance VM.
This website uses cookies to give you the best experience. Terms & Conditions