Create a new directory for the cloud function deployment and add the following files into that directory:
- Contents of the desired platform (i.e.
OneLogin_User) commondirectory
Edit the .env.yml file to populate all the required environment variables. Information related to all the environment variables can be found in the README.md file.
Following is the table listing all the Google Security Operations related runtime environment variables that must be configured for all the ingestion scripts.
| Variable | Description | Required | Default | Secret |
|---|---|---|---|---|
| POLL_INTERVAL | Poll interval | Yes | - | No |
| : : for the cloud : : : : | ||||
| : : function. : : : : | ||||
| CHRONICLE_CUSTOMER_ID | Chronicle | Yes | - | No |
| : : customer Id. : : : : | ||||
| CHRONICLE_REGION | Chronicle | Yes | us | No |
| : : region. : : : : | ||||
| CHRONICLE_SERVICE_ACCOUNT | Contents of | Yes | - | Yes |
| : : the Chronicle : : : : | ||||
| : : ServiceAccount : : : : | ||||
| : : JSON file. : : : : |
Environment variables marked as Secret must be configured as secrets on Google Secret Manager. Refer this page to learn how to create secrets.
Once the secrets are created on Secret Manager, use the secret's resource name as the value for environment variables. For example:
CHRONICLE_SERVICE_ACCOUNT: projects/{project_id}/secrets/{secret_id}/versions/{version_id}
The namespace that the Google Security Operations logs are ingested into can be configured by
setting the CHRONICLE_NAMESPACE environment variable.
Execute the following command from inside the previously created directory to deploy the cloud function.
gcloud functions deploy <FUNCTION NAME> --entry-point main --trigger-http --runtime python39 --env-vars-file .env.yml
These scripts are provided as examples and are not officially supported. We welcome feedback on how we can improve them. To submit feedback, go to the Chronicle Ingestion Script documentation and click "Send Feedback".