Google Chronicle Ingestion Scripts
The Google Chronicle Ingestion Scripts enable customers to ingest security telemetry data from various platforms/sources into the Chronicle.
Home > Case Studies > Google Chronicle Ingestion Scripts
Executive Summary
Before our solution, only a limited number of data sources had feeds available to transfer data to the Chronicle platform, leaving some sources unsupported.
By utilizing ingestion scripts, customers are able to extract security data from their desired sources, thus enabling them to leverage the features of the Chronicle platform.
Google Chronicle is a cloud-based security analytics platform that allows organizations to store, analyze and detect security threats in their environment. It uses advanced analytics and machine learning to help detect and investigate security incidents quickly, and its flexible data ingestion options support a wide range of data sources, including on-premise and cloud-based systems. As part of the Google Cloud Platform (GCP) ecosystem, Chronicle offers scalable data storage and processing capabilities, advanced threat detection and investigation features, and seamless integration with other GCP services.
Business Challenge
Ingesting security telemetry data from various sources into Google Chronicle is essential for effective detection, but the platform only offered feeds for a limited number of data sources. Unfortunately, there was no standard way for customers to bring data from unsupported sources into Chronicle, limiting their ability to take full advantage of the platform's capabilities.
Customer Solution
Crest Data has developed scripts for 15+ sources, which pulls the data from the source and ingests it into Google Chronicle. These scripts can be easily accessed from the public GitHub repository and are configurable, allowing users to adapt them to their specific needs.
To deploy the scripts, users can simply get them from the repository and deploy them to their GCP cloud function environment. They can also create a scheduler to trigger the cloud function at regular intervals based on their desired use cases. This ensures that the data is regularly updated and in-sync with the latest security telemetry data.
The ingestion scripts were developed to cover various sources, including Box Events, Onelogin Users, OneLogin Events, Citrix Audit logs, Citrix Sessions, MISP, PUBSUB, Slack, Duo Admin, Stix Taxii, Azure Event Hub, Google Cloud Storage, Tenable.io assets and vulnerabilities, Trend Micro Cloud App Security logs, Aruba Central & Proofpoint People API.
The Crest Difference
Streamlining customer access to security telemetry data from diverse sources and maximizing the potential of the Chronicle platform
The common reusable library for data ingestion into Chronicle optimizes the process by abstracting away complexity, saving customers valuable time and resources
Additional benefit of the solution provided by Crest Data is the availability of configurable options in the scripts to suit the needs of different users