Publisher: Splunk
Connector Version: 2.0.8
Product Vendor: Google
Product Name: Big Query
Product Version Supported (regex): ".*"
Minimum Product Version: 5.1.0
This app allows running investigative actions against Google BigQuery
This app requires a pre-configured service account to operate. Please follow the procedure outlines
at this link to create a service account.
The following API will need to be enabled:
- Bigquery API
At the end of the creation process, the admin console should ask you to save the config as a JSON file. Copy the contents of the JSON file in the clipboard and paste it as the value of the "Contents of Service Account JSON file" asset configuration parameter. Double check to make sure that the "project_id" is the same project being used with BigQuery.
Once the service account has been created, you will then need to give the account the correct role. To do this, find "IAM & admin" on the menu to the left on the Google Cloud Console homepage. From there, find your service account, and give it the role "Bigquery Admin".
Package 'pyasn' has license 'MIT' with status 'needs revision'
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Big Query asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| key_json | required | password | Contents of Service Account JSON file |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
list tables - List Tables
get results - Get results from a job started with 'run query'
run query - Run a Query
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
List Tables
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| dataset | optional | Only list tables in this dataset | string | bigquery dataset |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.dataset | string | bigquery dataset |
| action_result.data.*.dataset_id | string | bigquery dataset |
| action_result.data.*.full_table_id | string | |
| action_result.data.*.project_id | string | |
| action_result.data.*.table_id | string | |
| action_result.summary.total_tables | numeric | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Get results from a job started with 'run query'
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| job_id | required | Job ID | string | bigquery job id |
| timeout | optional | How long to wait for results | numeric |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.job_id | string | bigquery job id |
| action_result.parameter.timeout | numeric | |
| action_result.data.* | string | |
| action_result.summary.job_id | string | bigquery job id |
| action_result.summary.num_rows | numeric | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Run a Query
Type: investigate
Read only: False
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| query | required | Query to run | string | bigquery query |
| timeout | optional | How long to wait for results | numeric |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.parameter.query | string | bigquery query |
| action_result.parameter.timeout | numeric | |
| action_result.data.* | string | |
| action_result.summary.job_id | string | bigquery job id |
| action_result.summary.num_rows | numeric | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |