Configure integrations
Integrations are packages that can be installed from the Google Security Operations Marketplace. When you install an integration, you are adding connectors, playbook actions and scheduled jobs. These are all able to connect Google Security Operations with third-party products in order to perform tasks. Each of these items can be configured from the relevant page (Connectors, Playbooks, Jobs Scheduler).
Each integration has multiple types of items that are relevant for different
use cases.
The connectors help you ingest alerts into Google Security Operations.
The actions are used to enrich existing data and perform proactive actions, such as block IP or send email.
The jobs scheduler help users perform scheduled tasks on the third-party product directly from Google Security Operations.
To use an integration, the user has to locate it in the Google Security Operations Marketplace, download it and then configure and test it. In addition, users should configure the specific connector, action, or job from the integration they would like to run.
From the left navigation, the connectors are configured from SOAR Settings > Connectors. The jobs are configured from Response > Jobs Scheduler. The integrations are configured from Response > Integrations Setup. Actions can be either used in playbooks (dragging actions to playbooks) or directly on alerts.
From the left navigation, navigate to the Integrations page by clicking on Response > Integrations Setup.
In the Integrations page you can configure an integration in several different ways and use them per environment. Each configuration is called an instance and once configured, can be selected within a playbook step. For example, when building a playbook which caters to a customer site using two Active Directories, it will now be possible to choose a different configured instance of the Active Directory integration within the playbook step.
On the left of this page are the environments in which you can configure an instance. The Shared Instances provides a container where you can configure instances that can be used in all environments. The default environment is the predefined environment that the platform provides.
To configure an instance:
- In the Environments list on the left, click on the environment you want to create an instance for.
-
On the right of the page, click
add
Create a new instance.
- Select the required integration and click Save.
-
In the Configure Instance dialog box that displays, add in all the relevant
information and parameters. When finished, click Save.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-04-24 UTC.