This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Remove unwanted service account key using remote agent

Posted on 07-12-2024 02:49 AM
khanhnh95
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I have a playbook to monitor unauthorized creation of GCP service account keys, I need to automate the removal of the service account key step once the key is deemed suspicious. Is there any feature from Chronicle that allows for such automation? Or is remote agent needed, if so what is the most efficient way to use remote agent to do so?

Thanks in advance

0 1 113
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
SoarAndy
Staff
Reply posted on --/--/---- --:-- AM

'Remote Agent' is required if you want SOAR to talk to an on-prem technology that is behind a firewall, as GCP is in the cloud this is unlikely. 

You either need to find the appropriate Action from the marketplace, or if this does not exist engage with a partner or look at the inbuild IDE to build the appropiate code. 

HTH

Top Solution Authors
View all