Develop your first Connector

Supported in:

This document explains how to develop an email connector in the Integrated Development Environment (IDE). The process involves:

  • Ingesting raw data from an email source (Gmail).
  • Translating that data into Google Security Operations format.
  • Creating cases within the platform from the translated data.

The connector scans each email message body to extract URLs. You can then use the product integrated in Develop your first action to check if these URLs are malicious.

Understand connectors

Connectors are the entry point for alerts into Google SecOps. Their job is to translate raw input data from multiple sources into Google SecOps format. The connectors get alerts (or equivalent data, such as alarms or correlation events) from third-party tools sent to the data processing layer and send them for ingestion as Google SecOps alerts and events.

Before you begin

Before the connector can connect to your email inbox, complete the following steps:

  1. For testing purposes, create a new Gmail account or use an existing one.
  2. Two-step verification: Enable two-step verification to grant Google SecOps secure access to the email inbox.
  3. Leave your two-step verification on: Create an App Password that grants the Google SecOps platform permission to access your account. App Passwords can only be used with accounts that have two-step verification enabled.
  4. In your Google Account, click App Passwords and then fill in the required fields:
    • In Select app, select Other (Custom name)
    • add the URL associated with your Google SecOps platform (DNS)
    • .
  5. Create the email connector in the IDE. For details, see Develop the connector.

Need more help? Get answers from Community members and Google SecOps professionals.