This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Has anyone ingested island enterprise browser logs into Google SecOps

Posted on 01-18-2025 12:49 AM
rav1and3
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

I didn't see log type "Island Browser logs" in available log types listed in thrid party API source type. Can someone explain me how to integrate it if you have done it in the past?

0 3 439
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
alube
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hey Rav1and3,

Its important to note that just because a vendor has data label support, it doesn't necessarily mean there is ingestion support. This is especially true for vendors where the only option for exporting data is via API. If there is no 3rd Party API support, Google does offer a small list of ingestion scripts via their github page - https://github.com/chronicle/ingestion-scripts

Unfortunately there is no script for Island Browser logs.

It might be possible that Island provides some connectors with Cloud storage that you can configure. If the logs are only available via API,  you'll need to develop a service that polls the Island Browser REST API internally and forward the logs to SecOps.

For cases like this, Google provides end users with an Ingestion API that allows you to send either raw logs, or UDM events to SecOps. This is what the Google Ingestion scripts use to forward data to your tenant.

 https://cloud.google.com/chronicle/docs/reference/ingestion-api

 

Posted on --/--/---- --:-- AM
rajukg
Staff
Reply posted on --/--/---- --:-- AM

You should use the log type:  ISLAND_BROWSER while ingesting logs into the system.

0 Likes

Posted on --/--/---- --:-- AM
ajohnson
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

It may depend on your license for Island browser, but in the Island Browser Settings there is a way to export logs to SIEMs, there is one for Chronicle.
You change change the authentication type to HTTPS in Island Browser and then in SecOps you can set up a webhook feed. 

 
Top Solution Authors
View all