Google BigQuery
Integration version: 6.0
Use Cases
Perform enrichment - Execute SQL Queries.
Product Permissions
In order to authenticate, the integration takes all of the values from the integration configuration parameters and JSON file.
Configure Google BigQuery integration in Google Security Operations SOAR
If you provide invalid:
- Account Type
- Private Key ID
- Client ID
- Auth URI
- Auth Provider X509 URL
- Client X509 URL
the integration still works. This is a normal behaviour from Google SDK.
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
Parameter Display Name | Type | Default Value | Is Mandatory | Description |
---|---|---|---|---|
Instance Name | String | N/A | No | Name of the Instance you intend to configure integration for. |
Description | String | N/A | No | Description of the Instance. |
Account Type | String | service_account | No | Type of the BigQuery account. Located at the "type" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Project ID | String | N/A | No | Project ID of the BigQuery account. Located at the "project_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Private Key ID | Password | N/A | No | Private Key ID of the BigQuery account. Located at the "private_key_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Private Key | Password | N/A | No | Private Key of the BigQuery account. Located at the "private_key" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Client Email | String | N/A | No | Client Email of the BigQuery account. Located at the "client_email" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Client ID | String | N/A | No | Client ID of the BigQuery account. Located at the "client_id" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Auth URI | String | https://accounts.google.com/o/oauth2/auth | No | Auth URI of the BigQuery account. Located at the "auth_uri" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Token URI | String | https://oauth2.googleapis.com/ token | No | Token URI of the BigQuery account. Located at the "token_uri" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Auth Provider X509 URL | String | https://www.googleapis.com/ oauth2/v1/certs | No | Auth Provider X509 URL of the BigQuery account. Located at the "auth_provider_x509_cert_url" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Client X509 URL | String | N/A | No | Client X509 URL of the BigQuery account. Located at the "client_x509_cert_url" parameter in the authentication JSON file. You need to copy the value and put it in this integration configuration parameter. |
Service Account Json File Content | String | N/A | No | Optional: Instead of specifying Private Key ID, Private Key and other parameters, specify here the full JSON content of the service account file. Other connection parameters are ignored if this parameter is provided. |
Verify SSL | Checkbox | Checked | No | If enabled, the integration verifies that the SSL certificate for the connection to the Google Cloud service is valid. |
Actions
Ping
Description
Test connectivity to the BigQuery with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.
Run On
The action doesn't run on entities, nor has mandatory input parameters.
Action Results
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
Case Wall
Result Type | Value / Description | Type |
---|---|---|
Output message* | The action should not fail nor stop a playbook execution: If successful: Print "Successfully connected to the BigQuery server with the provided connection parameters!" The action should fail and stop a playbook execution: If not successful: Print "Failed to connect to the BigQuery server! Error is {0}".format(exception.stacktrace) |
General |
Run SQL Query
Description
Execute queries in BigQuery.
Parameters
Parameter Display Name | Type | Default Value | Is Mandatory | Description |
---|---|---|---|---|
Dataset Name | String | N/A | Yes | Specify the name of the dataset, which will be used, when executing queries. |
Query | String | N/A | Yes | Specify the SQL query that needs to be executed. |
Max Results To Return | String | 50 | No | Specify how many results to return in the response. |
Run On
This action doesn't run on entities.
Action Results
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_success | True/False | is_success:False |
JSON Result
{
"Airport_Code": "MDW",
"Airport_Name": "Chicago, IL: Chicago Midway International",
"Time_Label": "2015/05",
"Time_Month": 5,
"Time_Month_Name": "May",
"Time_Year": 2015,
"Statistics___of_Delays_Carrier": 351,
"Statistics___of_Delays_Late_Aircraft": 546,
"Statistics___of_Delays_National_Aviation_System": 292,
"Statistics___of_Delays_Security": 2,
"Statistics___of_Delays_Weather": 100,
"Statistics_Carriers_Names": "Delta Air Lines Inc.,ExpressJet Airlines Inc.,Southwest Airlines Co.",
"Statistics_Carriers_Total": 3,
"Statistics_Flights_Cancelled": 88,
"Statistics_Flights_Delayed": 1289,
"Statistics_Flights_Diverted": 32,
"Statistics_Flights_On_Time": 6182,
"Statistics_Flights_Total": 7591,
"Statistics_Minutes_Delayed_Carrier": 19332,
"Statistics_Minutes_Delayed_Late_Aircraft": 34376,
"Statistics_Minutes_Delayed_National_Aviation_System": 12346,
"Statistics_Minutes_Delayed_Security": 48,
"Statistics_Minutes_Delayed_Total": 76163,
"Statistics_Minutes_Delayed_Weather": 100061
}
Case Wall
Result Type | Value / Description | Type |
---|---|---|
Output message* | The action should not fail nor stop a playbook execution: If successful: "Successfully executed query in the BigQuery dataset "{0}"!".format(dataset name) The action should fail and stop a playbook execution: If not successful: "Error executing action "Run SQL Query". Reason: {0}''.format(error.Stacktrace) |
General |
Case Wall Table | Table Name: Results Table columns - all columns in the response. |
General |