My First Connector
What are connectors?
The connectors are the entry point for alerts into Google Security Operations. Their job is to translate raw input data from multiple sources into Google Security Operations data. The connectors get alerts (or equivalent data – e.g., alarms, correlation events, etc.) from 3rd party tools sent to the Data Processing layer, to be ingested as Google Security Operations alerts and events.
Overview
In this article, we will demonstrate how to develop an email connector in the IDE in order to ingest raw data from an email source (Gmail) and translate it into Google Security Operations data in order to create cases in the platform.
The connector will scan each email message body in order to extract URLs from the email. In the next step we will check if these URLs are malicious using the
product we have integrated with in My First Action.
Prerequisite steps
To allow the connector to connect to your email inbox there are a few steps that need to be completed.
- Let's start off by creating a new Gmail account or using one that you already have for testing purposes.
- "2-step verification", is one of the security adjustments to allow the Google Security Operations platform to securely access the email inbox.
In order to leave your 2-step verification on, you can create an App Password that gives the Google Security Operations platform permission to access your Google Account. App Passwords can only be used with accounts that have 2-step verification turned on.
Click on the App passwords icon and then fill in the relevant fields:
"Select app": select "Other (Custom name)" option and add URL associated with your Google Security Operations platform (DNS).
The next step is to create the email connector in the IDE. Continue to Developing the connector.