XDR G SUITE INTEGRATION
Pre-Requisites:
- You will need Domain Administrator Privileges to configure the G-Suite Integration within BDS.
Preparation
Before configuring G-Suite in data processor, user would need to enable this feature in the google admin dashboard.
1. Enabling the G-Suite Admin SDK API.
a. Goto console.cloud.google.com
b. Choose "APIs & Services" - "Library"
c.
d. Search for "Admin SDK" and press "Enable"
2. Creating a service account
a. Click "IAM & Admin" > "Service accounts" b. Click Create Service Account.
i. Enter a name for the service account name field ii. Enter a description for the service account
c. Click Create
d. Click Continue > Create Key
i. The key type need to be set to JSON and click Create. You will see a message that the service account JSON file downloaded to your computer
e. Click Close > Done
3. Adding service account to G Suite
a. Go to G Suite Admin Console (admin.google.com)
b. Click Security, Advanced settings
c. Click Manage API client access from the authentication section d. Open the JSON key file downloaded from item 2
e. Enter the "Client ID" retrieved from JSON file to the "Client Name" field.
f. In the One or More API Scopes field, enter the list of scopes to be granted. The following is the sample to access the report API:
g. Click "Authorize"
BDS UI configuration
1. Adding new G-Suite connection under UI Collect-Connectors
a. Admin Email field need to be gsuite admin email account
b. API Scopes are the authorized scopes specified in item 3(f). This will be the same string that you enter in item 3(f). If you have multiple scopes, you can separate them by comma as what is specified in google admin console.
c. Service Account Key File is the file downloaded in item 2(d).
d. Please ensure to select the tenant while you perform the integration if you are admin of the tenant.
2. You can click G-Suite Test button to test gsuite connectivity
Please note that the most recent G-Suite data may take up to 2 hours to show up due to google does not seem to process those data in real time.
Please let SOC know if you have questions in the process of integration. You can always email socir@cyflare.com to have the integration done if you can retrieve the credentials like admin email ID, JSON file and API Scopes to be added into the BDS integratio
Related Articles
USM Anywhere - G Suite Setup
Once the integration is enabled ( G-Suite APP ) the predefined log collection jobs take place and queue the events for analysis. This provides the additional G-Suite Dashboard. Currently, the AlienApp for G Suite supports the connection of one G ...AWS Cloudtrail Integration Guide With Breach Detection
Overview AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS ...Office 365 Integration with Breach Detection Service (Latest Version)
Overview Office 365 is a critical part of your infrastructure. The Pulse Breach Detection platform provides API based integration with Office 365 & Azure AD to provide visibility into system changes, file sharing and authentication related events ...XDR: Vendor Advisory for SolarWinds Orion Products - Countermeasure guidelines
December 2020 Detect SolarWinds SUNBURST Backdoor with Stellar Cyber Open-XDR Platform On December 13 2020, multiple vendors such as FireEye and Microsoft reported emerging threats from a nation-state threat actor who compromised SolarWinds, and ...XDR: Deploying The Windows Agent
Overview The Windows agent collects relevant security data from Windows event logs running. Forwarding Windows event logs provides necessary log data required for many compliance regulations and increases overall visibility within the organization. ...