Google Chronicle Search

introduction this guide tells you how to authenticate the google chronicle search connector in swimlane using oauth 2 0 service account authentication you will create a google cloud service account, assign the required permissions, generate a json key file, collect the required identifiers, and configure the connector in swimlane prerequisites google chronicle access requirements you must have google cloud permissions to access the google chronicle platform create and manage service accounts generate service account json keys assign chronicle api permissions access google security operations apis required credentials during setup, you will collect google chronicle api base url service account json key file oauth scopes authentication methods overview the google chronicle search connector supports oauth 2 0 service account authentication google chronicle setup take the following steps to create a service account log in to the google cloud console navigate to iam & admin → service accounts click create service account enter service account name description click create and continue assign appropriate chronicle or security operations roles click done take the following steps to generate a json key file open the created service account navigate to the keys tab click add key → create new key select json click create download and securely store the json key file take the following steps to base64 encode the json key file the swimlane connector requires the service account json contents to be base64 encoded linux / macos base64 service account json windows powershell \[convert] tobase64string(\[io file] readallbytes("service account json")) copy the generated base64 string for use in swimlane regional endpoints region endpoint united states multi region https //backstory googleapis com/ https //backstory googleapis com/ european multi region https //europe backstory googleapis com/ https //europe backstory googleapis com/ london https //europe west2 backstory googleapis com/ https //europe west2 backstory googleapis com/ singapore https //asia southeast1 backstory googleapis com/ https //asia southeast1 backstory googleapis com/ sydney https //australia southeast1 backstory googleapis com/ https //australia southeast1 backstory googleapis com/ tel aviv https //me west1 backstory googleapis com/ https //me west1 backstory googleapis com/ connector configuration in swimlane log in to turbine from the left hand navigation pane, click orchestration and click assets asset homepage opens click the plus icon to open the configure your connector asset window select google chronicle search from the asset type list fill in the asset settings and asset input as shown configuration – oauth 2 0 service account authentication field description required b64 service info base64 encoded service account json contents yes url google chronicle regional api endpoint yes scopes oauth scopes required for chronicle apis yes verify ssl enable or disable ssl verification no http proxy proxy configuration no recommended oauth scopes scope purpose https //www googleapis com/auth/cloud platform https //www googleapis com/auth/cloud platform access google cloud apis https //www googleapis com/auth/chronicle backstory https //www googleapis com/auth/chronicle backstory access chronicle apis troubleshooting authentication failures may occur due to incorrect base64 encoding invalid service account json file missing chronicle api permissions incorrect regional endpoint invalid oauth scopes fix ensure the json file is correctly base64 encoded verify service account permissions confirm the correct chronicle regional endpoint verify assigned oauth scopes regenerate service account keys if necessary you have successfully authenticated the google chronicle search connector in swimlane sources google chronicle api documentation https //cloud google com/chronicle/docs/reference https //cloud google com/chronicle/docs/reference google chronicle search api documentation https //cloud google com/chronicle/docs/reference/search api https //cloud google com/chronicle/docs/reference/search api google cloud service accounts documentation https //cloud google com/iam/docs/service accounts https //cloud google com/iam/docs/service accounts google cloud service account keys documentation https //cloud google com/iam/docs/keys create delete https //cloud google com/iam/docs/keys create delete