-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1266 from TOUFIKIzakarya/add/google_drive_reports
Add the google reports drive documentation
- Loading branch information
Showing
2 changed files
with
102 additions
and
0 deletions.
There are no files selected for viewing
99 changes: 99 additions & 0 deletions
99
...xdr/features/collect/integrations/cloud_and_saas/google/google_drive_reports.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| uuid: bb11239e-3dc6-11ee-be56-0242ac120002 | ||
| name: Google Drive Reports | ||
| type: intake | ||
|
|
||
| ## Overview | ||
|
|
||
| Google Reports is a data reporting and analysis platform offered by Google, designed to provide insights and metrics about user activities and interactions within various Google services. It allows organizations to track and visualize user engagement, application usage, and other relevant data points, enabling informed decision-making and optimization of digital experiences. And Google Reports Drive is just for the Google Drive service. | ||
|
|
||
| !!! warning | ||
| This format is in beta. | ||
|
|
||
| {!_shared_content/operations_center/detection/generated/suggested_rules_bb11239e-3dc6-11ee-be56-0242ac120002_do_not_edit_manually.md!} | ||
|
|
||
| {!_shared_content/operations_center/integrations/generated/bb11239e-3dc6-11ee-be56-0242ac120002.md!} | ||
|
|
||
| ## Google Cloud configuration procedure | ||
|
|
||
| ### Prerequisites | ||
|
|
||
| - Google licence Enterprise standard or higher | ||
| - Access to Sekoia.io Intakes and Playbook pages with write permissions | ||
| - Administrator access to the Google Cloud console | ||
|
|
||
| ### Create a dedicated service account | ||
|
|
||
| To create a service account you have to : | ||
|
|
||
| - Create a project | ||
| - Turn on the APIs for the service account | ||
| - Set up the OAuth consent screen | ||
| - Create the service account | ||
|
|
||
| For more details in each steps please read this [Documentation](https://support.google.com/a/answer/7378726?hl=en) | ||
|
|
||
| ### Create and download JSON keys (service account credentials) | ||
|
|
||
| To use a service account from outside of Google Cloud, such as on Sekoia.io, you must first establish the identity of the service account. Public/private key pairs provide a secure way of accomplishing this goal. When you create a service account key, the public portion is stored on Google Cloud, while the private portion is available only to you. | ||
|
|
||
| !!! Note | ||
| By default, service account keys never expire. | ||
|
|
||
| 1. Go to the Service accounts page | ||
| 2. Select your cloud project | ||
| 3. Click the email address of the service account that you want to create a key for | ||
| 4. Click the **Keys** tab | ||
| 5. Click the **Add key** drop-down menu, then select **Create new key** | ||
| 6. Select **JSON** as the Key type and click **Create** | ||
|
|
||
| !!! Important | ||
| Clicking **Create** downloads a service account key file. After you download the key file, you cannot download it again. You will need it on the following steps on Sekoia.io. | ||
|
|
||
| Find more information on the [official google documentation](https://cloud.google.com/iam/docs/keys-create-delete). | ||
|
|
||
| **Example of JSON key file** | ||
|
|
||
| ```JSON | ||
| { | ||
| "type": "service_account", | ||
| "project_id": "PROJECT_ID", | ||
| "private_key_id": "KEY_ID", | ||
| "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n", | ||
| "client_email": "SERVICE_ACCOUNT_EMAIL", | ||
| "client_id": "CLIENT_ID", | ||
| "auth_uri": "https://accounts.google.com/o/oauth2/auth", | ||
| "token_uri": "https://accounts.google.com/o/oauth2/token", | ||
| "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", | ||
| "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL" | ||
| } | ||
| ``` | ||
|
|
||
| ## Sekoia.io configuration procedure | ||
|
|
||
| ### Create your intake | ||
|
|
||
| 1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Google Report`. | ||
| 2. Copy the associated Intake key | ||
|
|
||
| ### Pull the logs to collect them on Sekoia.io | ||
|
|
||
| Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps: | ||
|
|
||
| - Click on **+ PLAYBOOK** button to create a new one | ||
| - Select **Create a playbook from scratch** | ||
| - Give it a name in the field **Name** | ||
| - Search for `Drive` keywork on the search bar and select the template named `Get activities from drive` | ||
| - Click on **Create** | ||
|
|
||
| - Create a **Module configuration** using your service account credentials from your Google Cloud environment extracted on a JSON file. Name the module configuration as you wish | ||
|
|
||
|
|
||
| - Create a **Trigger configuration** using: | ||
|
|
||
| * `Intake key` created on the previous | ||
| * `Admin email` | ||
|
|
||
| - Click on the **Save** button | ||
| - **Activate the playbook** with the toggle button on the top right corner of the page | ||
|
|
||
| ### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters