Actions for Google Security Operations #
- Send Data to Google Security Operations. Sends a custom set of Lucidum data to Google Security Operations.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to Google Security Operations on a regular schedule.
- You can send normalized, enriched Lucidum data to Google Security Operations to be indexed, searched, and analyzed.
Prerequisites #
To execute Google Security Operations actions, you must:
- Configure a Google Security Operations API connection beforehand. The required parameters are described in the instructions for creating a Google Security Operations connector in Lucidum https://lucidum.io/docs/microsoft-active-directory.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
Google Security Operations Configuration #
To create a configuration for Google Security Operations actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
URL. The URL for the Google Security Operations APIs. For example, https://backstory.googleapis.com.
-
API Key. API Key for an account with read and write access to the Google Security Operations API. For details on permissions, see https://cloud.google.com/chronicle/docs/reference/feature-rbac-permissions-roles. For details about authentication, see https://cloud.google.com/chronicle/docs/reference/search-api#getting_api_authentication_credentials.
- Max # of Records per Payload. The maximum number of records to send to Google Security Operations in each action. The default value is “50”.
Create a New Action #
To create an action for Google Security Operations, contact Lucidum customer care.
