Google Chronicle

What is Google Chronicle? #

Chronicle is a cloud service, built as a specialized layer on top of core Google infrastructure, designed for enterprises to privately retain, analyze, and search the massive amounts of security and network telemetry they generate.

Chronicle SIEM normalizes, indexes, correlates, and analyzes the data to provide instant analysis and context on risky activity.

Chronicle SOAR (Security Orchestration, Automation and Response) enables security teams to automate response to threats.

Why Should You Use the Google Chronicle Connector? #

The Google Chronicle connector provides visibility into the assets in your environment. You can use this visibility to:

ensure assets are managed per your security policies
derive relationships between assets, users, applications, and data

How Does This Connector Work? #

Lucidum executes read-only requests to the Google Chronicle REST API and ingests only meta-data about Google Chronicle devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum #

Field	Description	Example
Customer ID	The Customer ID, assigned by Google. To find the customer ID, navigate to Settings > Organization > License Management. Customer ID is located in the System Version area.	c3674b58-d412-4614-a23b-4cac04593e25
Region Prefix	Region prefix where your Google Chronicle instance resides. To find your default region, see https://cloud.google.com/compute/docs/regions-zones/changing-default-zone-region#looking_up_the_default_region_or_zone.	us-east4-a
Artifact Search Domain	The domain name associated with your assets.	mycompany.com
JSON Key File	For details on creating a service account and a JSON Key for that account, see https://cloud.google.com/iam/docs/keys-create-delete#creating.

Source Documentation #

Creating Credentials #

For details on creating a service account, see:

https://cloud.google.com/iam/docs/service-accounts-create#creating

For details on creating a JSON Key for that account, see:

https://cloud.google.com/iam/docs/keys-create-delete#creating.

Required Permissions #

When creating the service account, assign the role Chronicle API Viewer ( roles/chronicle.viewer).

API Documentation #

https://cloud.google.com/chronicle/docs/reference/search-api

Solutions

COMPANY

Resource Library

Ready to Try?

What is Lucidum?

Getting Started with Lucidum

Proxy Server

Managing Users

Connectors

Dashboards

Value-Oriented Dashboards (VODs)

Streamlining Queries with SmartLabels and Tags

Value-Oriented SmartLabels (VOSLs)

Risk

Actions

Use Cases

Viewing Data

Running Headless with Webhooks

Lucidum API v1

Lucidum API v2

Sending Alerts to Slack

Managing Your Lucidum System

L

Google Chronicle

What is Google Chronicle? #

Why Should You Use the Google Chronicle Connector? #

How Does This Connector Work? #

Configuring the Connector in Lucidum #

Source Documentation #

Creating Credentials #

Required Permissions #

API Documentation #

What are your Feelings

Quick LInks

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library

Solutions

COMPANY

Resource Library

Ready to Try?

What is Google Chronicle? #

Why Should You Use the Google Chronicle Connector? #

How Does This Connector Work? #

Configuring the Connector in Lucidum #

Source Documentation #

Creating Credentials #

Required Permissions #

API Documentation #

What are your Feelings

Share This Article :

Still stuck? How can we help?

Quick LInks

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library