This document explains how to develop an email connector in the Integrated Development Environment (IDE). The process involves:
Ingesting raw data from an email source (Gmail).
Translating that data into Google Security Operations format.
Creating cases within the platform from the translated data.
The connector scans each email message body to extract URLs. You can then use
the product integrated in Develop your first action to check if these URLs are malicious.
Understand connectors
Connectors are the entry point for alerts into Google SecOps.
Their job is to translate raw input data from multiple sources into
Google SecOps format. The connectors get alerts (or equivalent
data, such as alarms or correlation events) from third-party tools sent to the
data processing layer and send them for ingestion as Google SecOps alerts
and events.
Before you begin
Before the connector can connect to your email inbox, complete the following steps:
For testing purposes, create a new Gmail account or use an existing one.
Two-step verification: Enable two-step verification to grant Google SecOps secure access to the email inbox.
Leave your two-step verification on: Create an App Password that grants the Google SecOps platform permission to access your account. App Passwords can only be used with accounts that have two-step verification enabled.
In your Google Account, click App Passwords and then fill in the required fields:
In Select app, select Other (Custom name)
add the URL associated with your Google SecOps platform (DNS)
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-18 UTC."],[[["\u003cp\u003eConnectors serve as the entry point for alerts into Google Security Operations, translating raw input data from various sources.\u003c/p\u003e\n"],["\u003cp\u003eThis article guides the development of an email connector to ingest data from Gmail and convert it into Google SecOps data for case creation.\u003c/p\u003e\n"],["\u003cp\u003eThe email connector will extract URLs from email bodies and assess their potential malicious nature using an integrated product.\u003c/p\u003e\n"],["\u003cp\u003eSetting up a Gmail account with 2-step verification and an App Password is required for the connector to securely access the email inbox.\u003c/p\u003e\n"],["\u003cp\u003eThe next step after prerequisite completion is the creation of the connector in the IDE, found at the "Developing the connector" link.\u003c/p\u003e\n"]]],[],null,[]]
