Where does SpanVA upload logs?

SpanVA uploads logs to GCP:

*.storage.googleapis.com at port 443

Google Cloud Storage (GCS) IP addresses consist of many blocks. GCS uses the same netblocks as all other Google APIs and services. These netblocks change periodically. There are no simple fixed static network blocks from Google. Google provides the following recommendations in determining its service IP address blocks for a customer’s firewall rule use.

• Use the complete list of IP ranges that Google publishes to the internet in a JSON file goog.json.
• These IP ranges are updated approximately two to four times per year. Use a script to monitor the file change, and update firewall rules accordingly.
• Use firewalls to securlist *.storage.googleapis.com if possible to avoid monitoring the IP range changes. If this isn’t feasible, use a script to manage rules based on the Google-published IP address list file goog.json, adding and removing ranges resulting from the changes.
• if SpanVA is configured to use a proxy, whitelist the destination using both the URL (storage.googleapis.com) and the IP range.

Google Cloud Storage doesn’t provide regional URLs and IP ranges. It uses a global load balancer to route traffic to the region where a GCS storage bucket resides. The bucket name is in the GCS URL path rather than in the hostname when the GCS is accessed. The Broadcom CloudSOC Audit Service uses GCS in EU regions for customers in the EU, and GCS in the US for other customers.

Reference: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/product-advisories/Symantec-Information-Security-product-migration-to-the-Google-Cloud-Platform-Migration-What-you-need-to-know/16109