Overview

Once set up, our Chronicle integration will be able to export security issues, API Protect events, and Mobile Protect events to your Chronicle instance.

SIEM

Prerequisites

• You will need to acquire credentials and configuration from Google Chronicle for sending events to the Ingestion API (see Chronicle’s documentation):

  • A service account key file tied to your Chronicle instance.

  • Your Google Chronicle customer_id. This is a UUID associated with your account.

  • The regional endpoint (base URL) associated with where your Chronicle instance was provisioned. For example, the US multi-region endpoint is https://malachiteingestion-pa.googleapis.com, and the Paris endpoint is https://europe-west9-malachiteingestion-pa.googleapis.com.

• Plan for and decide which Data Theorem events you want to send to Chronicle. Security scanning data is unlikely to be high volume (up to tens or hundreds of events per day), but API Protect and Mobile Protect events may be extremely high volume (depending on the volume of traffic or the number devices your apps are installed on, this could easily be hundreds of thousands or millions of events per day).

Setting up the Integration

Full details for setting up the integration can be found on the Chronicle integrations page within Data Theorem's portal. You can also find it on the DevSecOps page. The page will step you through the process of configuring the integration using the credentials and settings you gathered.