TABLE OF CONTENTS
Overview
To create this Integration you will need to perform actions in Google Workspace followed by configuration in Samurai XDR.
In summary:
Google Workspace
Select a Google Cloud Console Project
Enable the Google Workspace Alert Center API (part of the Admin SDK API)
Create a Service Account and Key
Ensure that Domain-wide Delegation is enabled.
Samurai XDR → Create Telemetry Integration
Configure a new Samurai XDR Telemetry Integration for Google Workspace, providing authentication information configured above
Google Cloud Administrative Console
Select a Google Cloud Console Project
Navigate to the Google Cloud console (https://console.cloud.google.com/welcome) with your administrator credentials and either select a project or create a new one.
Enable the Google Workspace Alert Center API
With the project selected you need to enable the Google Workspace Alert Center API, it can be quickly located by using the Search field at the top of the Google Cloud Console screen:
Click the Enable button:
You will be redirected to the API & Services screen.
Create a Service Account and Key
Select the Credentials menu item:
Click the + Create Credentials button and select Service account:
At a minimum provide a Service account ID to identify these credentials. Then click Create and Continue, and then Done to create the service account:
To create a key, first click on the new Service account on the Credentials Screen:
Select the Keys tab:
Click Add Key and Create new key:
In the popup select JSON and hit the Create button, and the key will automatically download to your machine. Store this file securely. This file will be used later.
Domain-wide Delegation
Domain-wide Delegation enables a service account to access the Admin SDK API (which the Google Workspace Alert Center API is within) for the domain rather than being restricted to the project in which it was created.
Navigate to IAM & Admin > Service Accounts and select the service account created in the previous steps.
Expand the Advanced settings section and copy the Client ID (also referred to as Unique ID) using the button provided:
Then click the View Google Workspace Admin Console button, this will bring you to the Google Admin Console (https://admin.google.com/) and requires super user credentials.
From the main menu select Security → Access and data control → API controls:
Then click Manage Domain-Wide Delegation:
Click Add new, paste the Client ID you copied in the earlier step into the relevant field and the following:
https://www.googleapis.com/auth/apps.alertsinto the OAuth scopes field, and click Authorize:
Delegation User - Email Address
For the last step of Google Workspace configuration, an email address (user) needs to be set up for delegation.
The Service Account impersonates this user when retrieving telemetry so it is recommended to use an email address specifically dedicated to this purpose, however any existing user with the relevant permissions (Alert Center view access) could be used. Similarly we recommend creating a role specifically for this as shown below, although an existing role can be used if desired as long as it provides Alert Center view access.
The email address will be needed when configuring the new Telemetry Integration in Samurai XDR in addition to the JSON key created earlier in this documentation.
Create a Role
Continuing in the Google Admin Console (https://admin.google.com/), navigate to Account → Admin roles. Then click the Create new role button:
Provide a name and optional description for the role and click continue:
Scroll down or type Alert Center into the Search field and select View access:
Review your selection and click Create Role when ready:
Assign the Role
Navigate to the Directory → Users and identify the user with the email address you want to use for delegation. Take note of the email address for use configuring Samurai XDR.
Click on the user name and expand the Admin Roles and privileges section, locate the role you want to assign in the Roles table and toggle the slider to the Assigned position, click Save:
Configure the Integration in Samurai XDR
To create a new Google Workspace you will need the following information:
A name for your new integration. This will be displayed on the Telemetry → Integrations screen.
An optional description for your integration. This can be useful if you connect multiple products or instances of the same product.
The delegation user email address previously identified.
The JSON file containing the service account key downloaded from Google Workspace (the JSON file can be opened with a text editor to allow you to copy the contents).
Sign in to Samurai XDR and select Telemetry → Integrations from the main menu:
Click on the Create button:
Select Google Workspace from the available Integrations:
Provide the details listed above. For the service account key, paste the entire key file contents into the text field. Then click Next:
Click Test and Samurai XDR will reach out to Google Workspace to validate the credentials provided:
When the Test has passed, the Finish button is enabled, click it to save your new Integration, Samurai XDR will redirect you to the Telemetry Integrations screen, and your new integration will be visible on the list:
For general information on Integrations refer to the Integrations article.