USM Anywhere - G Suite Setup

USM Anywhere - G Suite Setup

Once the integration is enabled ( G-Suite APP ) the predefined log collection jobs take place and queue the events for analysis.

This provides the additional G-Suite Dashboard.

Currently, the AlienApp for G Suite supports the connection of one G Suite account per USM Anywhere Sensor. If you have more than one G Suite account that you want to monitor in USM Anywhere, you must configure each for a different Sensor.

Required to complete the integration:
1) Client ID for the service account
2) User email for the login that was used to create the service account
3) The Private Key file when you create the service account

Setting up the Google service account :
You must have administrative privileges to configure G Suite for integration with the AlienApp for G Suite
As a Google administrator:
1) Create a new project in your Google Developers console
2) Create a service account in the API Console to support server-to-server interactions.
a) Sign into the Google Developers Console :
b) Create a new project and give it a name easy to associate with alienvault.
c) Now, create a new service account , give it a name and set the role to "Owner"
d) A new "Service Account ID" should be generated
e) Check the box to create a new private key ( P12 Format )
f) Check the box "Enable G suite domain-wide Delegation"
g) Hit create.
NOTE: This should confirm the creation of the account and the key.
The password displayed should be safely stored.
The Private key file must be downloaded (.p12 format) -- See requirement 3. 
3) Return to the service accounts page.
4) Copy the Client ID for the service account  -- See requirement 1
5) Access the Google Admin console :
6) Navigate to : Security -> Advanced Settings -> Authentication -> Manage API client access
7) In the client name field paste the Client ID copied in step 4.
8) Enter in the One or More API Scopes field.
9) Click "Authorize".
10) Navigate to Security -> API Reference and check the "Enable API Access" box and click save.
Enabling the G Suite Admin SDK:
2) Select your project and check if the API was enabled.
3) In the API Manager Dashboard check to see if Admin SDK appears and if it is enabled.
4) You can find Admin SDK under the Google APIs tab. Enable it.

At this point all 3 requirements are met and available.

    • Related Articles

    • AlienVault USM Anywhere Customer Quick Start Guide

      Summary This document is intended as a step by step guide for new customer implementations of USM Anywhere with an introduction to the incident ticketing process and interacting with the SOC.  The solution and service are deployed in phases. The ...

         Pre-Requisites: You will need Domain Administrator Privileges to configure the G-Suite Integration within BDS.   Preparation Before configuring G-Suite in data processor, user would need to enable this feature in the google admin dashboard. 1. ...
    • Centers Of Excellence Overview

      Centers Of Excellence Overview The cyber security industry consists of 100's of manufacturers that have generated 1000's of security solutions. While many of these solutions overlap in purpose and functionality each have their own specifics related ...
    • Alienvault-Advisory

        SolarWinds Orion Supply Chain Attack                        Detections in AT&T Unified Security Management™ and IoCs in the AT&T Alien Labs Open Threat Exchange™ December 16, 2020, 11:15am (CST) TLP: Amber Dear USM Customer, The details of this ...
    • XDR: Deploying The Windows Agent

      Overview The Windows agent collects relevant security data from Windows event logs running. Forwarding Windows event logs provides necessary log data required for many compliance regulations and increases overall visibility within the organization. ...