Overview
Google Cloud Chronicle is a modern, cloud-native SecOps platform that empowers security teams to better defend against todayʼs and tomorrowʼs threats.
Add Wiz as a Google Cloud Chronicle custom source to include Wiz Issues in your security alerts and gain a comprehensive view of your security state.
Prerequisites
- Need to have Administrator login credentials.
- Access to Wiz as a role with W(rite) permissions on the Settings > Integrations page. Global roles can create Integrations and Automation Rules available in all Projects in Wiz; Project-scoped roles can do so only for their Projects.
Integration in WIZ
Integration steps
1. In Wiz, go to the Connect to Wiz page.
2. Under Integrations, click Google Cloud Chronicle.
3. Select the Scope of the integration.
4. Enter your Chronicle Customer ID.
To get the Customer ID, go to the Chronicle Settings > Profile page and copy the Customer ID from the Organization Details section.
5. Insert the Regional Endpoints for your Chronicle instance.
Regional Endpoints like
Canada - https://northamerica-northeast2-malachiteingestion-pa.googleapis.com
Dammam - https://me-central2-malachiteingestion-pa.googleapis.com
Europe Multi-Region - https://europe-malachiteingestion-pa.googleapis.com
Frankfurt - https://europe-west3-malachiteingestion-pa.googleapis.com
London - https://europe-west2-malachiteingestion-pa.googleapis.com
Mumbai - https://asia-south1-malachiteingestion-pa.googleapis.com
Singapore - https://asia-southeast1-malachiteingestion-pa.googleapis.com
Sydney - https://australia-southeast1-malachiteingestion-pa.googleapis.com
Tel Aviv - https://me-west1-malachiteingestion-pa.googleapis.com
Tokyo - https://asia-northeast1-malachiteingestion-pa.googleapis.com
United States Multi-Region—https://malachiteingestion-pa.googleapis.com
Zurich - https://europe-west6-malachiteingestion-pa.googleapis.com
6. (Optional) To identify the data domain source of the logs, add a Namespace.
7. Upload the Google Developer Service Account Key, which is required for the Chronicle ingestion API.
Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.
Comments
0 comments
Please sign in to leave a comment.