Enable OneView integration with Google Chronicle SIEM

The seamless integration between OneView and Google Chronicle SIEM enables system administrators to effortlessly import comprehensive data from OneView into the Google Chronicle SIEM platform. This allows for a thorough analysis of OneView's detection capabilities and the identification of potentially suspicious activities within the Google Chronicle SIEM platform. Follow the instructions in this article to enable the integration.

Generate Google Chronicle SIEM Feed Credentials

First, we must generate the Webhook URL and Webhook Secret within Google Chronicle SIEM. Later, we will enter these into OneView.

1. In Google SecOps, go to Settings > SIEM Settings > Feeds.
2. Click Add New.
3. Configure the following fields:
   • Feed Name: Malwarebytes
   • Source Type: Webhook
   • Log Type: Malwarebytes EDR
4. Click Next.
5. Click Next.
6. Click Submit. 
7. Go to the Details tab. 
8. Copy the URL under Endpoint Information and store it for later.
   
9. Go to the Secret Key tab.
10. Click Generate Secret Key.
11. Copy the Secret Key and store it for a later. 
    Note: The secret key is no longer visible once you close this window.
    
12. Click Done. 

Generate Google Cloud Product API Key

The OneView integration with Google Chronicle SIEM requires a Google Cloud Product (GCP) API Key. 

1. In Google Cloud Project, go to API & Services > Credentials.
2. Select Create Credentials > API Key.
3. Copy the API Key and store for later.
4. In the pop-up, click Edit API key.
5. Select Restrict Key.
6. In the drop-down menu, select Chronicle API. 
   Note: If Chronicle API is missing from the drop-down menu, see Configure a Google Cloud project for Google SecOps.
7. Click Save.

For more information, see Setting up API keys.

Configure Chronicle SIEM and OneView to ingest logs

Now that you have the API credentials, you can proceed to configure the integration in OneView.

1. In OneView, go to the Integrate page. 
2. Locate Google Chronicle SIEM and click Configure.
3. Toggle on Enable Setup.
4. Enter the following fields:
   • Webhook URL: URL copied from the Endpoint Information field of the Google Chronicle SIEM Feed Details page.
   • Webhook Secret: API Secret obtained from the Google Chronicle SIEM Feed Details page.
   • GCP API Key: API Key obtained from Google Cloud.
   • Site Selection: Select the site(s) to ingest data from.
5. Click Save.

After completing those steps, Google Chronicle SIEM is now able to ingest OneView logs. Learn how to Search data using the OneView integration with Google Chronicle SIEM.

Return to the OneView integration with Google Chronicle SIEM section.