My First Connector

What are connectors?

The connectors are the entry point for alerts into Google Security Operations. Their job is to translate raw input data from multiple sources into Google SecOps data. The connectors get alerts (or equivalent data – e.g., alarms, correlation events, etc.) from 3rd party tools sent to the Data Processing layer, to be ingested as Google SecOps alerts and events.

Overview

In this article, we will demonstrate how to develop an email connector in the IDE in order to ingest raw data from an email source (Gmail) and translate it into Google SecOps data in order to create cases in the platform.
The connector will scan each email message body in order to extract URLs from the email. In the next step we will check if these URLs are malicious using the product we have integrated with in My First Action.

Prerequisite steps

To allow the connector to connect to your email inbox there are a few steps that need to be completed.

1. Let's start off by creating a new Gmail account or using one that you already have for testing purposes.
2. "2-step verification", is one of the security adjustments to allow the Google SecOps platform to securely access the email inbox.

In order to leave your 2-step verification on, you can create an App Password that gives the Google SecOps platform permission to access your Google Account. App Passwords can only be used with accounts that have 2-step verification turned on.

Click on the App passwords icon and then fill in the relevant fields:

"Select app": select "Other (Custom name)" option and add URL associated with your Google SecOps platform (DNS).

The next step is to create the email connector in the IDE. Continue to Developing the connector.