Skip to content

Interpres Application - Google SecOps

  • Type: SIEM/Data Lake
  • Vendor: Google

This app integrates with Google SecOps to get Detections, Alerts and Telemetry.

Vendor setup

For Standard and Enterprise customers

  • Enable Data export under Settings -> SIEM Settings -> Data export. It might add extra costs to the project. We only need the ingestion_metrics table, it doesn't appear in the list but once export is enable it's exported by default

  • Enable Backstory API access in the project and add this Role to a Service Account to access detections and alerts. Available through the customer management API using the getCustomer Endpoint

    • roles/chronicle.viewer (or add permissions to list alerts and rules)

  • Created on the GCP linked project. Enable BigQuery API access in the project and add these Roles to a Service Account to access BigQuery data

    • roles/bigquery.jobUser
    • roles/bigquery.dataViewer

For Enterprise Plus customers

  • Enable Backstory API access in the project and add this Role to a Service Account to access detections and alerts. Available through the customer management API using the getCustomer Endpoint

    • roles/chronicle.viewer (or add permissions to list alerts and rules)

  • Enable BigQuery API access in the project and add these Roles to a Service Account to access BigQuery data. Available through the customer management API using the getCustomer Endpoint

    • roles/bigquery.jobUser
    • roles/bigquery.dataViewer

App Configuration

App Parameters:

  • Base URL: SecOps API base URL (i.e: https://backstory.googleapis.com)

  • Credentials: The entire contents of the Google Cloud OAuth2 credential.json file

  • BigQuery Credentials: The entire contents of the Google Cloud OAuth2 credential.json file, used for BigQuery access

  • BigQuery Project Name: Project name that contains the table datalake.ingestion_metrics

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Detections: Gets latest version of rules.

  • Get Alerts: Gets the latest asset-based and user-based alerts.

  • Get Available Telemetry: Queries BigQuery ingestion_metrics and returns a list of telemetry identifiers with their current status.