Lucidum has been acquired by Cyderes → [Read the announcement]

Lucidum has been acquired by Cyderes → [Read the announcement]

View Categories

Google Security Operations SIEM

Estimated Reading Time: 2 min read

What is Google Security Operations SIEM? #

Chronicle is a cloud service, built as a specialized layer on top of core Google infrastructure, designed for enterprises to privately retain, analyze, and search the massive amounts of security and network telemetry they generate.

Chronicle SIEM normalizes, indexes, correlates, and analyzes the data to provide instant analysis and context on risky activity.

Chronicle SOAR (Security Orchestration, Automation and Response) enables security teams to automate response to threats.

Why Should You Use the Google Security Operations SIEM Connector? #

The Google Security Operations SIEM connector provides visibility into the assets in your environment. You can use this visibility to:

  • ensure assets are managed per your security policies

  • derive relationships between assets, users, applications, and data

How Does This Connector Work? #

Lucidum executes read-only requests to the Google Security Operations SIEM REST API and ingests only meta-data about Google Security Operations SIEM devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum #

Field

Description

Example

Customer ID

The Customer ID, assigned by Google.

To find the customer ID, navigate to Settings > Organization > License Management. Customer ID is located in the System Version area.

c3674b58-d412-4614-a23b-4cac04593e25

Location

Location where your Google Security Operations SIEM instance resides. the default value is “us”

To find your default region, see https://cloud.google.com/compute/docs/regions-zones/changing-default-zone-region#looking_up_the_default_region_or_zone.

us-east

Chronicle JSON Key File

To use this connector, you must create a service account in Google Security Operations SIEM. For details, see https://docs.cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#authenticate-google-chronicle-with-sa-json

In this field, JSON file that contains the credentials for the service account that is used by the Meridian Connector.

Source Documentation #

Creating Credentials #

For details on creating a service account for the Meridian connector and downloading the Chronicle JSON Key File, see:

https://docs.cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#authenticate-google-chronicle-with-sa-json

Required Permissions #

When creating the service account, assign the role Chronicle API Editor.

API Documentation #

https://cloud.google.com/chronicle/docs/reference/search-api

What are your Feelings