Integrate Google Forms with Google SecOps
This document explains how to integrate Google Forms with Google Security Operations (Google SecOps).
Integration version: 1.0
Before you begin
Before you configure the Google Forms integration in Google SecOps, complete the following prerequisite steps:
- Create a service account.
- Create a JSON key.
- Create a custom role for the integration.
- Assign the custom role to a user.
- Delegate domain-wide authority to your service account.
- Enable the Admin SDK API for your project.
Create a service account
To create a service account, complete the following steps:
In the Google Cloud console, go to the Credentials page.
From the Create credentials menu, select Service account.
Under Service account details, enter a name in the Service account name field.
Optional: Edit the service account ID.
Click Create and continue. A Grant this service account access to project screen appears.
Click Continue. A Grant users access to this service account screen appears.
Click Done.
Create a JSON key
To create a JSON key, complete the following steps:
- Select your service account and go to Keys.
- Click Add key.
- Select Create new key.
- For the key type, select JSON and click Create. A Private key saved to your computer dialog appears and a copy of the private key downloads to your computer.
Create a custom role for the integration
- In the Google Admin console, go to Account > Admin Roles.
- Click Create new role.
- Provide a name for the new custom role and click Continue.
- On the Select Privileges page, go to the Admin API privileges section.
Under Admin API privileges, select the following privileges:
- Organization Units
- Users
- Groups
Click Continue.
To create a new custom role, click Create Role.
Assign the custom role to a user
- To create a new user, go to Directory > Users page.
- Add a new user that is associated with the service account.
- Open settings for the newly created user. The user account tab opens.
- Click Admin roles and privileges.
- Click edit Edit.
- Select the custom role you created.
- For the selected role, switch the toggle to Assigned.
Delegate domain-wide authority to your service account
- From your domain's Google Admin console, go to Main menu > Security > Access and data control > API controls.
- In the Domain wide delegation pane, select Manage Domain Wide Delegation.
- Click Add new.
- In the Client ID field, enter the client ID obtained from the preceding service account creation steps.
In the OAuth Scopes field, enter the following comma-delimited list of the scopes required for your application:
https://www.googleapis.com/auth/forms.responses.readonlyClick Authorize.
Enable the Admin SDK API for your project
In the Google Cloud console, go to APIs & Services.
Click Enable APIs and Services.
Enable the Admin SDK API for your project.
Integration parameters
The Google Forms integration requires the following parameters:
| Parameter | Description |
|---|---|
Delegated Email |
Required An email address to use for the impersonation and access control. |
Service Account JSON |
Required The content of the service account key JSON file. |
Verify SSL |
Required If selected, the integration verifies that the SSL certificate for connecting to Google Forms is valid. Selected by default. |
For instructions about configuring an integration in Google SecOps, see Configure integrations.
You can make changes at a later stage if needed. After you configure an integration instance, you can use it in playbooks. For more information about configuring and supporting multiple instances, see Supporting multiple instances.
Actions
For more information about actions, see Respond to pending actions from your workdesk and Perform a manual action.
Ping
Use the Ping action to test the connectivity to Google Forms.
This action doesn't run on Google SecOps entities.
Action inputs
None.
Action outputs
The Ping action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
The Ping action can return the following output messages:
| Output message | Message description |
|---|---|
Successfully connected to the Google Forms server with the
provided connection parameters! |
The action succeeded. |
Failed to connect to the Google Forms server! Error is
ERROR_REASON |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Ping action:
| Script result name | Value |
|---|---|
is_success |
True or False |
Connectors
For detailed instructions on how to configure a connector in Google SecOps, see Ingest your data (connectors).
Google Forms – Responses Connector
Use the Google Forms – Responses Connector to pull responses from Google Forms.
The Google Forms – Responses Connector requires the following parameters:
| Parameter | Description |
|---|---|
Product Field Name |
Required The name of the field where the product name is stored. The default value is |
Event Field Name |
Required The field name used to determine the event name (subtype). The default value is |
Environment Field Name |
Optional
The name of the field where the environment name is stored. If the environment field isn't found, the environment is set to the default environment. The default value is |
Environment Regex Pattern |
Optional
A regular expression pattern to run on the value found in the
Use the default value If the regular expression pattern is null or empty, or the environment value is null, the final environment result is the default environment. |
Script Timeout (Seconds) |
Required The timeout limit in seconds for the Python process running the current script. The default value is 300 seconds. |
Delegated Email |
Required An email address to use for the impersonation and access control. |
Service Account JSON |
Required The content of the service account key JSON file. |
Form IDs To Track |
Required A comma-separated list of Google Forms IDs to track for responses. |
Alert Severity |
Optional A severity level to assign to all alerts that the connector creates based on the ingested Google Forms response. The possible values are as follows:
The default value is |
Max Hours Backwards |
Required A number of hours before the first connector iteration to retrieve responses from. This parameter applies either to the initial connector iteration after you enable the connector for the first time or the fallback value for an expired connector timestamp. The default value is 1 hour. |
Max Responses To Fetch |
Required The maximum number of responses to process for every connector iteration. The maximum number is 100. |
Disable Overflow |
Optional If selected, the connector ignores the Google SecOps overflow mechanism during alert creation. Not selected by default. |
Verify SSL |
Required If selected, the integration verifies that the SSL certificate for connecting to Google Forms is valid. Not selected by default. |
Proxy Server Address |
Optional The address of the proxy server to use. |
Proxy Username |
Optional The proxy username to authenticate with. |
Proxy Password |
Optional The proxy password to authenticate with. |
Connector rules
The Google Forms – Responses Connector supports proxies.
Connector events
The following example shows the JSON output of a Google SecOps event that the Google Forms – Responses Connector generated:
{
"responseId": "RESPONSE_ID",
"createTime": "2024-09-05T11:43:13.892Z",
"lastSubmittedTime": "2024-09-05T11:43:13.892123Z",
"event_type": "Question",
"questionId": "78099fe3",
"textAnswers": {
"answers": [
{
"value": "Option 1"
}
]
}
}