Skip to main content
Google Chronicle

Use Google Chronicle steps in Torq to access assets, run searches, and automate your security investigations.

Updated over a month ago

Google Chronicle is a cloud-native SIEM platform that helps organizations detect, investigate, and respond to security threats by ingesting and analyzing large amounts of security data in real time.

Some of the pre-made steps available for Torq's Google Chronicle integration are:

  • Generate Google Chronicle Token

  • Get Event

  • Get Log

  • List Alerts

  • List Asset Aliases

  • List Assets

  • List Events

  • List IOC Details

  • List IOCs

  • List User Aliases

  • Run UDM search

As always, if you don't see a step you need, you can create your own steps using Torq's custom step builder and share them within your workspace or organization.

Request API Authentication from Google's Service Representative

  • To use Google Chronicle steps in Torq, you must contact your Google Security Operations representative for API authentication credentials.

  • Request from your representative the appropriate credentials.

    • Per Google's documentation, you must provide the following scope to your representative: https://www.googleapis.com/auth/chronicle-backstory

  • Your Google Security Operations representative will provide credentials as a JSON file. The credentials will be for a Service Account specifically created for you to access your Chronicle instance.

Create a Google Cloud Platform Steps Integration in Torq

In order to use Torq's Google Chronicle steps, you are required to create a specific GCP Steps integration in Torq.

  1. In Torq, go to Build > Integrations > Steps > Google Cloud Platform (GCP) and click Add.

  2. Give the integration a unique and meaningful name (such as Google Chronicle Integration).

  3. Upload the JSON file sent to you by your Google Security Operations representative.

  4. Click Add.

Did this answer your question?