This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

service account

Posted 2 weeks ago
vanitharaj1208
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Hi All, 

i have questions while configuring google chronicle , google cloud compute integrations its asks for service account json file.

is it created by us or google provides us?

if it is created by us what and and permissions has be be given ?

is permissions differ by integration?

i did not find any documents 

Regards,

vanitha

0 5 202
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
_K_O
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hi @vanitharaj1208 is this the Google Cloud Compute Marketplace integration? The Docs for the integration contains information about the SA, permissions, etc. : https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-cloud-compute 


Posted on --/--/---- --:-- AM
vanitharaj1208
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Hi @_K_O ,

thank you but what about  google chronicle and Google Cloud API in these 2 integration doc ... user service account has which permissions?

0 Likes

Posted on --/--/---- --:-- AM
ylandovskyy
Staff
In response to vanitharaj1208
Reply posted on --/--/---- --:-- AM

Hey @vanitharaj1208,.

Google Cloud API integration - is a generic integration. It requires only the permissions that you are going to use within the integration itself. Meaning that if you are going to use Google Cloud API integration to work with Compute -> need Compute permissions on SA.

Google Chronicle SA that comes with deployment has only permissions to interact with SIEM API.

0 Likes

Posted on --/--/---- --:-- AM
vanitharaj1208
Silver 2
Silver 2
In response to ylandovskyy
Reply posted on --/--/---- --:-- AM

so which permissions should i assign to service account to interact with SIEM API. for Google chronicle integration?

when i compare other integration documents they have specified which permissions needs to be given and its clear .

0 Likes

Posted on --/--/---- --:-- AM
arjohnson
Bronze 1
Bronze 1
In response to vanitharaj1208
Reply posted on --/--/---- --:-- AM

To set up the Chronicle SIEM Integration in SOAR, you historically needed the backstory API key provided from your Google Rep.
99% of the time recently, especially with up to date Chronicle integrations and the Unified SecOps, you may not need to enter any key if it is a 1:1 relationship with SIEM & SOAR. 

If you're trying to send data to Google SecOps SIEM, it would be the ingestion api found in SIEM Settings https://cloud.google.com/chronicle/docs/reference/ingestion-api

0 Likes
Top Solution Authors
View all