Guides
/
Provider Configuration
/
Google Chronicle SIEM Configuration Guide

This guide walks you through gaining access to a Google Developer Service Account Credential, and gathering the configuration needed to create an Google Chronicle SIEM integration.

Gain access to a Google Developer Service Account

Before you begin, you will need to have a Google Chronicle instance provisioned for you, and communication open with your Google Security Operations representative.

1. Gather Search API credentials

You will need credentials for the Search API. The service account needed to access the API must reside in a Google managed cloud account. Your Google Security Operations representative will provide you with a JSON file containing the necessary values. Note the 'client_email', 'client_id', and 'private_key' storing them in a safe location.

2. Gather Ingestion API credentials

You will need credentials for the Ingestion API. The service account needed to access the API must reside in a Google managed cloud account. Your Google Security Operations representative will provide you with a JSON file containing the necessary values. Note the 'client_email', 'client_id', and 'private_key' storing them in a safe location.

Configure the Integration

Create your integration by supplying all of the required and any desired optional values.

Search URL (Optional) Leave this blank to use the default "backstory" URL. If you are using an alternate or special deployment of the Google API, find the correct URL for your deployment. This is the root URL without any paths included. For example 'https://backstory.googleapis.com'.

Search Credential: Token URL (Optional) Leave this blank to use the default google token URL: 'https://oauth2.googleapis.com/token'

Search Credential: Client Email This is the 'client_email' value gathered in step 1.

Search Credential: Client ID This is the 'client_id' value gathered in step 1.

Search Credential: Private Key This is the 'private_key' value gathered in step 1.

Ingestion URL (Optional) Leave this blank to use the default "malachite" URL. If you are using an alternate or special deployment of the Google API, find the correct URL for your deployment. This is the root URL without any paths included. For example 'https://malachiteingestion-pa.googleapis.com'.

Ingestion Credential: Token URL (Optional) Leave this blank to use the default google token URL: 'https://oauth2.googleapis.com/token'

Ingestion Credential: Client Email This is the 'client_email' value gathered in step 2.

Ingestion Credential: Client ID This is the 'client_id' value gathered in step 2.

Ingestion Credential: Private Key This is the 'private_key' value gathered in step 2.

Previous page
Next page