Mengumpulkan log Citrix NetScaler
Didukung di:
Google SecOps
SIEM
Dokumen ini menjelaskan cara menyerap log Citrix NetScaler ke Google Security Operations menggunakan Bindplane.
Parser mengekstrak kolom dari syslog Citrix NetScaler dan log berformat key-value. Log ini menggunakan grok dan/atau kv untuk mengurai pesan log, lalu memetakan nilai ini ke Model Data Terpadu (UDM). Layanan ini juga menetapkan nilai metadata default untuk sumber dan jenis peristiwa.
Sebelum memulai
Pastikan Anda memiliki prasyarat berikut:
- Instance Google SecOps
- Windows Server 2016 atau yang lebih baru, atau host Linux dengan
systemd - Jika beroperasi dari balik proxy, pastikan port firewall terbuka sesuai dengan persyaratan agen Bindplane
- Akses istimewa ke antarmuka web Citrix NetScaler
Mendapatkan file autentikasi penyerapan Google SecOps
- Login ke konsol Google SecOps.
- Buka Setelan SIEM > Agen Pengumpulan.
- Download File Autentikasi Penyerapan. Simpan file dengan aman di sistem tempat BindPlane akan diinstal.
Mendapatkan ID pelanggan Google SecOps
- Login ke konsol Google SecOps.
- Buka Setelan SIEM > Profil.
- Salin dan simpan ID Pelanggan dari bagian Detail Organisasi.
Menginstal agen Bindplane
Instal agen Bindplane di sistem operasi Windows atau Linux Anda sesuai dengan petunjuk berikut.
Penginstalan Windows
- Buka Command Prompt atau PowerShell sebagai administrator.
Jalankan perintah berikut:
msiexec /i "https://github.com/observIQ/bindplane-agent/releases/latest/download/observiq-otel-collector.msi" /quietTunggu hingga penginstalan selesai.
Verifikasi penginstalan dengan menjalankan:
sc query observiq-otel-collector
Layanan akan ditampilkan sebagai RUNNING.
Penginstalan Linux
- Buka terminal dengan hak istimewa root atau sudo.
Jalankan perintah berikut:
sudo sh -c "$(curl -fsSlL https://github.com/observiq/bindplane-agent/releases/latest/download/install_unix.sh)" install_unix.shTunggu hingga penginstalan selesai.
Verifikasi penginstalan dengan menjalankan:
sudo systemctl status observiq-otel-collector
Layanan akan ditampilkan sebagai aktif (berjalan).
Referensi penginstalan tambahan
Untuk opsi penginstalan dan pemecahan masalah tambahan, lihat Panduan penginstalan agen BindPlane.
Mengonfigurasi agen BindPlane untuk menyerap syslog dan mengirimkannya ke Google SecOps
Cari file konfigurasi
Linux:
sudo nano /etc/bindplane-agent/config.yamlWindows:
notepad "C:\Program Files\observIQ OpenTelemetry Collector\config.yaml"
Edit file konfigurasi
Ganti seluruh konten
config.yamldengan konfigurasi berikut:receivers: udplog: listen_address: "0.0.0.0:514" exporters: chronicle/chronicle_w_labels: compression: gzip creds_file_path: '/path/to/ingestion-authentication-file.json' customer_id: 'YOUR_CUSTOMER_ID' endpoint: malachiteingestion-pa.googleapis.com log_type: 'CITRIX_NETSCALER' raw_log_field: body ingestion_labels: service: pipelines: logs/source0__chronicle_w_labels-0: receivers: - udplog exporters: - chronicle/chronicle_w_labels
Parameter konfigurasi
Ganti placeholder berikut:
Konfigurasi penerima:
udplog: Gunakanudploguntuk syslog UDP atautcploguntuk syslog TCP0.0.0.0: Alamat IP yang akan didengarkan (0.0.0.0untuk mendengarkan semua antarmuka)514: Nomor port yang akan diproses (port syslog standar)
Konfigurasi eksportir:
creds_file_path: Jalur lengkap ke file autentikasi penyerapan:- Linux:
/etc/bindplane-agent/ingestion-auth.json - Windows:
C:\Program Files\observIQ OpenTelemetry Collector\ingestion-auth.json
- Linux:
YOUR_CUSTOMER_ID: ID Pelanggan dari bagian Dapatkan ID pelangganendpoint: URL endpoint regional:- Amerika Serikat:
malachiteingestion-pa.googleapis.com - Eropa:
europe-malachiteingestion-pa.googleapis.com - Asia:
asia-southeast1-malachiteingestion-pa.googleapis.com - Lihat Endpoint Regional untuk mengetahui daftar lengkapnya
- Amerika Serikat:
log_type: Jenis log persis seperti yang muncul di Chronicle (CITRIX_NETSCALER)
Simpan file konfigurasi
- Setelah mengedit, simpan file:
- Linux: Tekan
Ctrl+O, laluEnter, laluCtrl+X - Windows: Klik File > Save
- Linux: Tekan
Mulai ulang agen Bindplane untuk menerapkan perubahan
Untuk memulai ulang agen Bindplane di Linux, jalankan perintah berikut:
sudo systemctl restart observiq-otel-collectorPastikan layanan sedang berjalan:
sudo systemctl status observiq-otel-collectorPeriksa log untuk mengetahui error:
sudo journalctl -u observiq-otel-collector -f
Untuk memulai ulang agen Bindplane di Windows, pilih salah satu opsi berikut:
Command Prompt atau PowerShell sebagai administrator:
net stop observiq-otel-collector && net start observiq-otel-collectorKonsol layanan:
- Tekan
Win+R, ketikservices.msc, lalu tekan Enter. - Temukan observIQ OpenTelemetry Collector.
Klik kanan, lalu pilih Mulai Ulang.
Pastikan layanan sedang berjalan:
sc query observiq-otel-collectorPeriksa log untuk mengetahui error:
type "C:\Program Files\observIQ OpenTelemetry Collector\log\collector.log"
- Tekan
Mengonfigurasi penerusan Syslog di Citrix NetScaler
- Login ke antarmuka web Citrix NetScaler (NSIP).
- Buka Sistem > Audit > Syslog.
- Klik tab Server.
- Klik Tambahkan untuk membuat server syslog baru.
- Berikan detail konfigurasi berikut:
- Name: Masukkan nama deskriptif (misalnya,
Google-SecOps-Bindplane). - IP Server: Masukkan alamat IP host agen Bindplane.
- Port: Masukkan
514. - Tingkat Log: Pilih semua tingkat yang berlaku:
- SEMUA (direkomendasikan untuk logging komprehensif)
- Fasilitas: Pilih LOCAL0 (atau fasilitas pilihan Anda).
- Format Tanggal: Pilih MMDDYYYY.
- Zona Waktu: Pilih GMT_TIME (UTC direkomendasikan).
- TCP Logging: Pilih NONE (untuk UDP).
- Log Facility: Pilih LOCAL0.
- Name: Masukkan nama deskriptif (misalnya,
- Klik Create.
- Buka tab Kebijakan.
- Klik Tambahkan untuk membuat kebijakan audit syslog baru.
- Berikan detail konfigurasi berikut:
- Name: Masukkan nama deskriptif (misalnya,
Google-SecOps-Policy). - Server: Pilih server syslog yang dibuat sebelumnya.
- Name: Masukkan nama deskriptif (misalnya,
- Klik Create.
- Ikat kebijakan secara global:
- Buka Sistem > Audit.
- Klik Global Bindings di bagian Syslog Audit Policies.
- Klik Tambahkan Binding.
- Pilih kebijakan yang dibuat sebelumnya.
- Klik Tautkan.
- Pastikan pesan syslog dikirim dengan memeriksa log agen Bindplane.
Atau, konfigurasi melalui CLI:
add audit syslogAction Google-SecOps-Bindplane BINDPLANE_IP -serverPort 514 -logLevel ALL -dateFormat MMDDYYYY -timeZone GMT_TIME
add audit syslogPolicy Google-SecOps-Policy ns_true Google-SecOps-Bindplane
bind audit syslogGlobal -policyName Google-SecOps-Policy -priority 100
- Ganti
BINDPLANE_IPdengan alamat IP host agen Bindplane.
Tabel pemetaan UDM
| Kolom log | Pemetaan UDM |
|---|---|
aaa_info_flags |
additional.fields |
aaa_trans_id |
security_result.detection.fields |
aaad_flags |
additional.fields |
aaad_resp |
additional.fields |
aaaFlags |
additional.fields |
aaaFlags2 |
additional.fields |
act |
securtiy_result.action_details,security_result.action |
action |
security_result.action |
ADM_User |
additional.fields |
allowed_interface |
security_result.detection.fields |
applicationname |
target.application |
auth_type |
additional.fields |
authActionLen |
security_result.detection_fields |
AuthAgent |
additional.fields |
AuthDuration |
network.session_duration.seconds |
authnvs |
additional.fields |
authorizationStatus |
security_result.detection.fields |
AuthStage |
additional.fields |
Authtype |
additional.fields |
C |
principal.location.country_or_region |
caseId |
additional.fields |
cfg_limit |
additional.fields |
cgp_tag |
sec_result.detection_fields |
channel_id_X |
additional.fields |
channel_id_X_val |
additional.fields |
channel_update_begin |
additional.fields |
channel_update_end |
additional.fields |
cipher_suite |
network.tls.cipher |
client_fip |
target.ip target.asset.ip |
client_fport |
target.port |
client_ip |
principal.ip,principal.asset.ip |
client_port |
principal.port |
Client_security_expression |
additional.fields |
client_type |
additional.fields |
client_version |
network.tls.version |
client.nat.ip |
principal.nat_ip,principal.asset.nat_ip |
clientside_jitter |
additional.fields |
clientside_packet_retransmits |
additional.fields |
clientside_rtt |
additional.fields |
clientside_rxbytes |
network.sent_bytes |
clientside_txbytes |
network.received_bytes |
ClientVersion |
network.tls.version_protocol |
CN |
principal.resource.attribute.labels |
cn1 |
additional.fields |
cn2 |
additional.fields |
code |
additional.fields |
commandExecutionStatus |
security_result.action_details |
Compression_ratio_recv |
additional.fields |
Compression_ratio_send |
additional.fields |
configurationCmd |
security_result.detection.fields |
connectionId |
network.session_id |
copied_nsb |
sec_result.detection_fields |
core_id |
additional.fields |
core_refmask |
additional.fields |
cs1 |
additional.fields |
cs2 |
additional.fields |
cs4 |
additional.fields |
cs5 |
additional.fields |
cs6 |
additional.fields |
CSappid |
additional.fields |
CSAppname |
- |
csg_flags |
additional.fields |
ctx_flags |
additional.fields |
cur_attempts |
additional.fields |
CurfactorPolname |
additional.fields |
customername |
additional.fields |
days_for_pwd_exp |
additional.fields |
days_for_pwd_exp_STR |
additional.fields |
delinkTime |
additional.fields |
Denied_by_policy |
security_result.rule_name |
desc |
metadata.description |
destination.ip |
target.ip,target.asset.ip |
destination.port |
target.resource.attribute.labels |
device_event_class_id |
metadata.product_event_type |
device_version |
metadata.product_version |
Deviceid |
target.resource.product_object_id |
Devicetype |
additional.fields |
dht_delete_status |
additional.fields |
diagnostic_info |
additional.fields |
digestSignatureAlgorithm |
security_result.detection_fields |
dns_additional_count |
additional.fields |
dns_answer_count |
additional.fields |
dns_authority_count |
additional.fields |
dns_flags |
additional.fields |
dns_flags_raw |
network.dns.recursion_desired |
dns_flags_raw |
network.dns.recursion_available |
dns_id |
network.dns.id |
dns_question_count |
additional.fields |
dns_question_name |
network.dns.question.name |
domain |
security_result.detection.fields,additional.fields |
domain |
target.administrative_domain |
ecs_version |
additional.fields |
encrypt_status |
security_result.detection_fields |
end_time |
additional.fields |
End_time |
additional.fields |
entityName |
target.resource.name |
Error Code |
additional.fields |
event_id |
metadata.product_log_id |
event_name |
metadata.product_event_type |
event_type |
sec_result.summary |
expired_refmask |
additional.fields |
factor |
security_result.detection.fields |
flags |
additional.fields |
flags2 |
additional.fields |
flags3 |
additional.fields |
flags4 |
additional.fields |
func |
security_result.detection_fields |
geolocation |
location.country_region |
Group(s) |
target.user.group_identifiers |
Group(s) |
target.user.group.identifiers |
handshake_time |
network.session_duration.seconds |
HandshakeTime |
additional.fields |
host_hostname |
principal.hostname |
host_ip |
principal.ip principal.asset.ip |
host.name |
target.hostname,target.asset.hostname |
hostname |
intermediary.hostname,intermediary.asset.hostname |
hostname |
target.hostname,target.asset.hostname |
hostname_1 |
target.hostname,target.asset.hostname |
http_method |
network.http.method |
Http_resources_accessed |
security_result.detection.fields |
http_uri |
target.url |
HTTPS |
network.application_protocol |
ica_conn_owner_refmask |
sec_result.detection_fields |
ica_rtt |
additional.fields |
ica_uuid |
network.session_id |
ICAUUID |
network.session_id |
id |
metadata.id |
init_icamode_homepage |
additional.fields |
inter_hostname |
intermediary.hostname |
interfaceKind |
security_result.detection.fields |
ip |
intermediary.asset.ip |
ip_x |
principal.ip principal.asset.ip |
ipaddress |
target.ip,target.asset.ip |
is_post |
additional.fields |
IssuerName |
network.tls.server.certificate.issuer |
L |
principal.location.city |
last_contact |
additional.fields |
loc |
target.url |
localdate |
additional.fields |
lock_duration |
additional.fields |
log_action |
sec_result.detection_fields |
log_action |
security_result.detection.fields |
log_category |
additional.fields |
log_data |
additional.fields |
log_format |
additional.fields |
log_timestamp |
additional.fields |
log_type |
additional.fields |
log.syslog.priority |
additional.fields |
login_count |
sec_result.detection_fields |
login_count |
security_result.detection_fields |
LogoutMethod |
additional.fields |
max_attempts |
additional.fields |
message_content |
security_result.summary |
message_id |
metadata.product_log_id |
message_status_code |
additional.fields |
method |
network.http.method |
monitored_resource |
additional.fields |
msg |
metadata.description |
msi_client_cookie |
additional.fields |
msticks |
additional.fields |
Nat_ip |
additional.fields,principal.nat_ip,principal.asset.nat_ip(Jika Nat_ip bukan alamat IP, maka Nat_ip berada di additional.fields.) |
netscaler_principal_ip_context |
principal.resource.attribute.labels |
netscaler_tag |
intermediary.asset.product_object_id |
netscaler_target_ip_context |
target.resource.attribute.labels |
new_webview |
additional.fields |
newWebview |
additional.fields |
NonHttp_services_accessed |
security_result.detection.fields |
nsPartitionName |
additional.fields |
on_port |
additional.fields |
Organization |
principal.resource.attribute.labels |
OU |
principal.resource.attribute.labels |
owner_from |
additional.fields |
owner_id |
additional.fields |
pcb_devno |
additional.fields |
pcbdevno |
additional.fields |
Policyname |
security_result.rule_name |
port |
principal.port |
port_details |
principal.port |
prin_ip |
principal.ip principal.asset.ip |
prin_user |
principal.user.userid |
principal_ip |
principal.ip,principal.asset.ip |
principal_port |
principal.port |
prod_event_type |
metadata.product_event_type |
protocol |
network.ip_protocol |
protocol_feature |
security_result.detection.fields |
ProtocolVersion |
network.tls.protocol_version |
pwdlen |
additional.fields |
pwdlen2 |
additional.fields |
q_flags |
additional.fields |
reason_val |
security_result.description |
receiver_version |
additional.fields |
record_type |
network.dns.question.type |
refmask |
additional.fields |
remote_ip |
principal.ip principal.asset.ip |
remote_port |
principal.port |
request |
target.url |
ReqURL |
additional.fields |
resource_cmd |
target.resource.name |
resource_name |
principal.resource.name |
response |
additional.fields |
response_code |
additional.fields |
rule_id |
security_result.rule.id |
rule_name |
security_result.rule_name |
SerialNumber |
network.tls.server.certificate.serial |
server_authenticated |
additional.fields |
serverside_jitter |
additional.fields |
serverside_packet_retransmits |
additional.fields |
serverside_rtt |
additional.fields |
service_name |
principal.applications |
sess_flags2: |
additional.fields |
sess_seq |
network.session_id |
sessFlags2 |
additional.fields |
Session |
additional.fields |
session_cookie |
security_result.detection_fields |
session_guid |
network.session_id |
session_id_label |
network.session_id |
session_setup_time |
additional.fields |
session_type |
sec_result.description |
SessionId |
network.session_id |
skip_code |
additional.fields |
source_file |
additional.fields |
source_hostname |
principal.hostname,principal.asset.hostname |
source_line |
additional.fields |
source.ip |
principal.ip,principal.asset.ip |
source.port |
principal.resource.attribute.labels |
spcb_id |
security_result.detecrion.fields |
SPCBId |
sec_result.detection_fields |
spt |
principal.port |
src |
principal.ip principal.asset.ip |
src_hostname |
principal.hostname principal.asset.hostname |
src_ip |
principal.ip principal.asset.ip |
src_ip1 |
src.ip,src.asset.ip |
src_port |
principal.port |
ssid |
network.session_id |
SSLVPN_client_type |
additional.fields |
SSO |
additional.fields |
sso |
additional.fields |
sso_auth_type |
additional.fields |
sso_flags |
security_result.detection_fields |
sso_state |
additional.fields |
SSOduration |
additional.fields |
SSOurl |
additional.fields |
ssoUsername |
additional.fields |
ssoUsername2 |
additional.fields |
ST |
principal.location.state |
sta_port |
additional.fields |
sta_ticket |
additional.fields |
start_time |
additional.fields |
Start_time |
additional.fields |
State |
security_result.action_details |
state |
additional.fields |
state_value |
additional.fields |
StatusCode |
additional.fields |
SubjectName |
network.tls.client.certificate.subject |
summ |
security_result.summary |
summary |
security_result.summary |
sysCmdPolLen |
security_result.detection.fields |
syslog_priority |
additional.fields |
tags |
additional.fields |
tar_ip |
target.ip target.asset.ip |
tar_port |
target.port |
target_id |
target.resource.id |
target_port |
target.port |
TCP |
network.ip_protocol |
timeout_ms |
additional.fields |
timestamp |
metadata.event_timestamp |
Total_bytes_send |
network.sent_bytes |
Total_compressedbytes_recv |
additional.fields |
Total_compressedbytes_send |
additional.fields |
Total_policies_allowed |
security_result.detection.fields |
Total_policies_denied |
security_result.detection.fields |
Total_TCP_connections |
security_result.detection.fields |
Total_UDP_flows |
security_result.detection.fields |
track_flags |
additional.fields |
trans_id |
- |
tt |
metadata.event_timestamp |
User |
principal.user.userid |
user_agent.original |
network.http.user_agent |
user_email |
principal.user.email_addresses |
user_id |
principal.user.userid |
user.domain |
target.administrative_domain |
user.name |
principal.user.user_display_name |
userids |
target.user.userid |
ValidFrom |
network.tls.server.certificate.not_before |
ValidTo |
network.tls.server.certificate.not_after |
version |
additional.fields |
VPNexportState |
additional.fields |
Vport |
target.port |
Vserver Timestamp |
additional.fields |
vserver_id |
target.resource.product_object_id |
Vserver_ip |
target.ip,target.asset.ip |
vserver_port |
target.port |
Vserver_port |
target.port |
vserver_timestamp |
additional.fields |
vserver.ip |
target.ip,target.asset.ip |
wirep |
additional.fields |
wirep_name |
additional.fields |
wirep_ref_cnt |
additional.fields |
Referensi delta pemetaan UDM
Pada 3 Februari 2026, Google SecOps merilis parser NetScaler versi baru, yang mencakup perubahan signifikan pada pemetaan kolom log NetScaler ke kolom UDM dan perubahan pada pemetaan jenis peristiwa.
Delta pemetaan kolom log
Tabel berikut mencantumkan delta pemetaan untuk kolom log NetScaler ke UDM yang diekspos sebelum 3 Februari 2026 dan setelahnya (masing-masing tercantum dalam kolom Pemetaan lama dan Pemetaan saat ini):
| Kolom log | Pemetaan lama | Pemetaan saat ini |
|---|---|---|
act |
securit_.result.detetction_fields |
securtiy_result.action_details,security_result.action |
client_ip |
additional.fields |
principal.ip,principal.asset.ip |
ClientVersion |
network.tls.version |
network.tls.version_protocol |
connectionId |
security_result.detection_fields |
network.session_id |
CSAppname |
- |
- |
domain |
target.user.administrative_domain |
security_result.detection.fields,additional.fields |
end_time |
security_result.detection.fields security_result.last_discovered_time |
additional.fields |
event_id |
additional.fields |
metadata.product_log_id |
geolocation |
location.city |
location.country_region |
Group(s) |
target.user.group_display_name |
target.user.group_identifiers |
HandshakeTime |
network.session_duration.seconds |
additional.fields |
host.name |
intermediary.hostname |
target.hostname,target.asset.hostname |
hostname |
target.hostname,target.asset.hostname |
intermediary.hostname,intermediary.asset.hostname |
hostname |
principal.hostname,principal.asset.hostname |
target.hostname,target.asset.hostname |
ipaddress |
principal.ip,principal.asset.ip |
target.ip,target.asset.ip |
Nat_ip |
principal.ip,principal.asset.ip |
principal.nat_ip,principal.nat_ip |
port_details |
principal.labels |
principal.port |
principal_ip |
target.ip,target.asset.ip |
principal.ip,principal.asset.ip |
request |
security_result.summary |
target.url |
sess_seq |
additional.fields |
network.session_id |
session_guid |
metadata.product_log_id |
network.session_id |
source_hostname |
target.hostname,target.asset.hostname |
principal.hostname,principal.asset.hostname |
spcb_id |
additional.fields |
security_result.detecrion.fields |
ssid |
additional.fields |
network.session_id |
start_time |
security_result.detection.fields security_result.first_discovered_time |
additional.fields |
SubjectName |
principal.resource.attribute.labels |
network.tls.client.certificate.subject |
summary |
metadata.descritption |
security_result.summary |
target_port |
principal.port |
target.port |
trans_id |
security_result.detection.fields |
- |
user_id |
target.user.userid |
principal.user.userid |
Delta pemetaan jenis peristiwa
Tabel berikut mencantumkan perbedaan penanganan jenis peristiwa NetScaler sebelum 3 Februari 2026 dan setelahnya (masing-masing tercantum dalam kolom Old event_type dan Current event_type):
| event_type lama | event_type saat ini | Alasan |
|---|---|---|
NETWORK_CONNECTION |
NETWORK_DNS |
Jika message_type adalah DNS_QUERY atau diberi nama saat has_network_dns adalah true. |
NETWORK_CONNECTION |
NETWORK_HTTP |
Jika message_type adalah SSLVPN HTTPREQUEST. |
STATUS_UPDATE |
NETWORK_CONNECTION |
Dipetakan ke jenis peristiwa spesifik yang sesuai. |
STATUS_UPDATE |
USER_RESOURCE_UPDATE_CONTENT |
Jika message_type adalah SNMP TRAP_SENT dan has_target_resource adalah true, maka akan dipetakan ke jenis peristiwa spesifik yang sesuai. |
STATUS_UPDATE |
USER_UNCATEGORIZED |
Dipetakan ke jenis peristiwa spesifik yang sesuai saat pokok userid ada. |
USER_RESOURCE_ACCESS |
NETWORK_HTTP |
Jika message_type adalah SSLVPN HTTPREQUEST |
USER_STATS |
GENERIC_EVENT |
USER_STATS tidak digunakan lagi, jadi ini dipetakan ke jenis peristiwa spesifik yang sesuai. |
USER_STATS |
NETWORK_CONNECTION |
USER_STATS tidak digunakan lagi, jadi ini dipetakan ke jenis peristiwa spesifik yang sesuai. |
USER_STATS |
USER_LOGIN |
USER_STATS tidak digunakan lagi, jadi ini dipetakan ke jenis peristiwa spesifik yang sesuai. |
USER_STATS |
USER_LOGOUT |
USER_STATS tidak digunakan lagi, jadi ini dipetakan ke jenis peristiwa spesifik yang sesuai, saat message_type adalah LOGOUT. |
USER_UNCATEGORIZED |
GENERIC_EVENT |
Log tidak memiliki kolom mesin utama untuk dipetakan. |
USER_UNCATEGORIZED |
NETWORK_CONNECTION |
Dipetakan ke jenis peristiwa spesifik yang sesuai. |
USER_UNCATEGORIZED |
USER_LOGIN |
Dipetakan ke jenis peristiwa spesifik yang sesuai. |
Perlu bantuan lain? Dapatkan jawaban dari anggota Komunitas dan profesional Google SecOps.