To enable the Secure-ISS SOC to ingest Google G Suite logs, Google G Suite Activity reports MUST be configured and an applicable service created for use by the Secure-ISS SOC SIEM technology.
Do not send any confidential information to our SOC team over email. Be sure to send a link to our team via the Secure-ISS secrets site found at https://pass.secure-iss.com
The following actions are completed in Google G Suite. You must be a Google administrator with the ability to manage users. Please follow IBM Security’s instructions on each of the links below:
Secure-ISS will require the username of the service account ID and the JSON file that is downloaded to your machine in the next step.
Create a service account with viewer access
https://www.ibm.com/docs/en/qsip/7.5?topic=ggsar-configuring-google-g-suite-activity-reports-communicate-qradar#task_g2g_th2_1kb
Grant API client access to a service account
https://www.ibm.com/docs/en/qsip/7.5?topic=ggsar-configuring-google-g-suite-activity-reports-communicate-qradar#task_zxl_l42_1kb
Secure-ISS will require the information captured above including:
Be sure to Encrypt this information via the Secure-ISS Secure Pass site found at https://pass.secure-iss.com
Once Encrypted, please send this information to your On-boarding Project Manager or to our support team at soc@secure-iss.com.