After you configure the connection between the AlienApp for G Suite for a deployed USM Anywhere Sensor and your G Suite environment, the predefined log collection jobs perform scheduled queries for eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall.. When USM Anywhere collects and analyzes the first of these events, the G Suite dashboards are available in the DASHBOARDS menu (according to the types of collected events).
Note: Currently, the AlienApp for G Suite supports the connection of one G Suite account per USM Anywhere Sensor. If you have more than one G Suite account that you want to monitor in USM Anywhere, you must configure each for a different Sensor.
As a Google administrator, you must create a new project in your Google Developers console and create a service account in the API Console to support server-to-server interactions. For more information about server-to-server authentication in Google, refer to https://developers.google.com/accounts/docs/OAuth2ServiceAccount.
As you complete the following set up task, you must collect these items to complete the integration with the AlienApp for G Suite.
- Client ID for the service account
- User email for the login that you use to create the account
- Private key file, which you download from Google when you create the service account
Important: You must have administrative privileges to configure G Suite for integration with the AlienApp for G Suite. Ask your Google administrator for these privileges.
To set up the G Suite service account
- Go to the Google Developers Console and sign into your account.
Click project selector at the top of the page to open the Select dialog.
If you have an existing project that you want to use for the service account, select it and click Open.
If you want to create a new project for this purpose, click the + button in the Select dialog. Enter the Project name and click Create.
- Click the menu ( ) icon and select IAM & Admin > Service accounts.
- At the top of the page, click Create Service Account to define the new service account.
Enter a Service account name and set the Role to Project > Owner.
The dialog generates a unique Service account ID.
- Select the Furnish a new private key option, choose P12.
Select the Enable G Suite Domain-wide Delegation option.
This produces a dialog that confirms the creation of the new account and key. It also displays the password for the private key.
Click the Copy () icon and store the password in a secure location and then click CLOSE to return to the Service Accounts page.
Note: This password is not required for AlienApp configuration, but you might need it in the future to manage the service account.
Next to the service account that you just created, click VIEW CLIENT ID and then copy the Client ID value from the displayed page.
- Open a new web browser window, access the Google Admin console, and enter your user credentials.
- Select Security > Advanced Settings.
In the Authentication section, click Manage API client access.
In the Client Name field, paste the service account Client ID that you copied.
Enter https://www.googleapis.com/auth/admin.reports.audit.readonly in the One or More API Scopes field and click Authorize.
Important: Adding the Client and Scopes in the G Suite console can be subject to a propagation time, which could be up to two hours. If you use the Check Connections tool for your G Suite platform in CloudMigrator, it may not be successful immediately.
Before you connect the AlienApp for G Suite to your new service account, make sure that Enable API access is selected in your project. You must be signed in as an owner of the project or super admin for this task.
- Go to the Setup Tool.
Click Select a project, and select the project you created.
The system informs you that the API was enabled.
In the API Manager Dashboard, check to see if Admin SDK appears and if it is enabled.
If not, click the Google APIs tab and search for Admin SDK. Select it and then click Enable.
After you create the new service account in G Suite and enable the Admin SDK, you must configure the connection within USM Anywhere.
Important: Adding the Client and Scopes in the G Suite console can be subject to a propagation time, which could be up to two hours. The AlienApp for G Suite connection configuration might not be successful immediately if these resources are not yet accessible.
To enable the AlienApp for G Suite
- In USM Anywhere, go to DATA SOURCES > INTEGRATIONS.
Click the AlienApps tab.
On the AlienApps page, click the Google G Suite tile.
If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.
USM Anywhere AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Choose the sensor that can access the integration endpoint.
- Select the Credentials tab.
Enter the Service Client IDand your G Suite User Email.
- In the Private Key field, click Choose File and select the downloaded P12 private key file for the Google service account you created.
- Click Save Credentials.