Google Chronicle is a cloud-native SIEM platform that helps organizations detect, investigate, and respond to security threats by ingesting and analyzing large amounts of security data in real-time.
Torq enables quick and easy integration with Google Chronicle, so you can automate anything and everything within moments. Torq's public Google Chronicle steps include:
Get Event
Get Log
List Assets
List IOCs
Run UDM search
+6 more...
If you don't see a step you need, you can create your own in various ways, such as using the Send an HTTP Request step or Torq’s Step Builder, and share it across your organization.
Use Google Chronicle Steps in Torq
Step One: Request API Authentication from Google's Service Representative
To use Google Chronicle steps in Torq, you must contact your Google Security Operations representative for API authentication credentials.
Request from your representative the appropriate credentials.
Per Google's documentation, you must provide the following scope to your representative:
https://www.googleapis.com/auth/chronicle-backstory
Your Google Security Operations representative will provide credentials as a JSON file. The credentials will be for a Service Account specifically created for you to access your Chronicle instance.
Step Two: Create a Google Cloud Platform Steps Integration in Torq
To use Torq's Google Chronicle steps, you must create a specific GCP Steps integration in Torq.
Navigate to Integration: In Torq, go to Build > Integrations > Steps > Google Cloud Platform (GCP) and click Add.
Give the integration a unique and meaningful name (such as Google Chronicle Integration).
Upload the JSON file sent to you by your Google Security Operations representative.
Finalize: Click Add.
Templates
Now that you've added your integration check out these specially crafted templates by Torq's security experts. Visit Torq's template library for more.