Gsuite API Integration with Logsign SIEM

1- Login with the admin account on https://admin.google.com

2- Click on the "Enable API Access" and saved in the API reference section under the Security tab.

1.png

Activating the Admin SDK:

1- Login to https://console.developers.google.com with an admin account.

2- With "New Project Tab", a new project is created. A name describing the project and the relevant organization are selected.

2.png

3.png

3- Select Enable APIs & Services on the Dashboard.

4.png

4- Enabled after the Admin SDK is seen on the Search screen.

5.png

5- After the created project is selected (TestProject), a new credential is created with the Service Account Key option over Create Credentials.

6.png

6- P12 is selected as the Key Type.

7- A desired string value is entered as the service account name.

8- Project Viewer is selected as the role.

7.png

9- When the Create button is pressed, the P12 file is downloaded to the client after being imported to Logsign.

10- Click on Service accounts on IAM & admin on the left tab.

8.png

11- The service created on the relevant table is saved to be entered on Email Logsign.

12- Click on Show client ID on the Actions button and the Client ID information is saved to be added as Domaint Wide Authorization.

9.png

10.png

 

Delegate domain-wide Authority to Your Service Account

1- Login with the admin account on https://admin.google.com

2- It is entered in the Advanced Settings field under Security.

11.png

3- Click on Manage API client access.

12.png

4- The Client ID is entered into the text box on the left side. The https://www.googleapis.com/auth/admin.reports.audit.readonly url is entered on the right side and authorize button is clicked.

13.png

Integrating G Suite into Logsign

1- Add New Device button is pressed in the Logsign Device List Tab.

2- Under Devices, G Suite is selected as API and Provider.

3- The file with the P12 extension downloaded on the client is imported as Private Key File.

4- As Service Account Email, the previously created service account email address is entered.

5- As User Email, the e-mail address of the user with admin authority is entered in the previous steps.

6- In the Activities section, which of the Admin, Drive, Login events you want to be displayed is selected.

7- The resource is saved with the Save button.

14.png

Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.