Wazuh wodle that integrates all Google Workspace audit events (including Drive, Groups, Calendar, SAML and Admin).
Advantages with respect to the standard Google GCP integration provided by Wazuh:
- does not require complex Pub / Sub configuration
- integrates all auditable Google Workspace events / product types (i.e. Drive, Groups, Calendar, Admin, etc)
- includes rules with sensible levels (based on the equivalent actions in the O365 integration)
Disadvantages / limitations:
- only covers Google Workspace events, not GCP
- the
@timestampof events is the moment of injection, not the moment of the event, which is stored indata.timestamp
Installation: