Skip to content

Interpres Application - Google SecOps

  • Type: SIEM/Data Lake
  • Vendor: Google

This app integrates with Google SecOps to get Detections, Alerts and Telemetry.

Vendor setup

  1. A Google SecOps Enterprise Plus Tier subscription is required
  2. Contact Google to generate a Service Account
  3. Add Roles to Service Account
    • roles/chronicle.viewer (or add permissions to list alerts and rules)
    • roles/bigquery.jobUser
    • roles/bigquery.dataViewer
  4. Generate service account keys (json file)

App Configuration

App Parameters:

  • Base URL: SecOps API base URL (i.e: https://backstory.googleapis.com)

  • Credentials: The entire contents of the Google Cloud OAuth2 credential.json file

  • BigQuery Project Name: Project name that contains the table datalake.ingestion_metrics

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Detections: Gets latest version of rules.

  • Get Alerts: Gets the latest asset-based and user-based alerts.

  • Get Available Telemetry: Queries BigQuery ingestion_metrics and returns a list of telemetry identifiers with their current status.