Interpres Application - Interpres Application - BigQuery

Type: SIEM/Data Lake
Vendor: Google
This app integrates with Google BigQuery to get Telemetry ingested in Google Chronicle
Vendor setup
Contact Google to generate a Service Account or generate one with the roles in point 2.
Add Roles to Service Account
roles/bigquery.jobUser
roles/bigquery.dataViewer
Generate service account keys (json file)﻿
App Configuration
App Parameters:
Credentials: The entire contents of the Google Cloud OAuth2 credential.json file
BigQuery Project Name: Project name that contains the table datalake.ingestion_metrics
App Validation
Check there is connectivity (green light) in the integration created.
Implemented Actions
Get Available Telemetry: Queries BigQuery ingestion_metrics and returns a list of telemetry identifiers with their current status. Query used:
Text
    SELECT
        log_type,
        ARRAY_AGG(DISTINCT event_type IGNORE NULLS) as event_type,
        CAST(SUM(event_count) AS INT64) AS event_count,
        MAX(end_time) as end_time
    FROM
        `{project_name}.datalake.ingestion_metrics`
    WHERE
        log_type IS NOT NULL
        AND DATETIME(end_time) > DATETIME_SUB(CURRENT_DATETIME, INTERVAL 8 HOUR)
    GROUP BY log_type
    SELECT
        log_type,
        ARRAY_AGG(DISTINCT event_type IGNORE NULLS) as event_type,
        CAST(SUM(event_count) AS INT64) AS event_count,
        MAX(end_time) as end_time
    FROM
        `{project_name}.datalake.ingestion_metrics`
    WHERE
        log_type IS NOT NULL
        AND DATETIME(end_time) > DATETIME_SUB(CURRENT_DATETIME, INTERVAL 8 HOUR)
    GROUP BY log_type
﻿
﻿

Did this page help you?

Interpres Application - Azure AD

Interpres Application - Interpres Application - Bitdefender GravityZone