Deployment

Google Chronicle can collect from various log sources, whether on-premise or living in the cloud; a list can be found in the documentation here: https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers.

Anagram will help you deploy and maintain any combination of the below collection architectures. Typically on-premise log sources or full-fat operating systems forward their logs to a central collection server, known as a forwarder, while cloud apps like Azure Active Directory or Cisco umbrella would forward directly to Chronicle without needing a forwarder.