Splunk saved searches to be used for setting alerts on GCP security events. The events are taken from the Forseti default rules and from the Google Cloud Security Health Analytics.
Prerequisites:
- Splunk Add-on for Google Cloud
- Edit Source Type: google:gcp:pubsub:message for Indexed Extractions to json