Skip to main content

Configure the Integration

The Cyware Intel Exchange integration with Google SecOps SIEM requires setup on both platforms. This includes generating Cyware Intel Exchange API credentials, configuring Google Cloud resources, deploying the Cloud Function, and connecting the integration to ingest threat intelligence.

Once configured, the integration allows Cyware IOCs to flow into Google SecOps, making them available for dashboards, detection rules, and SIEM search.

Before you Start

Ensure that the following prerequisites are met before starting configuration:

  • Access to the Cyware Intel Exchange platform.

  • Access to the Google SecOps platform, including the Rules & Detection and Dashboard sections, to view and correlate ingested threat intelligence.

  • Your GCP project must have the service account permissions assigned so the Cloud Function and related resources can be deployed and run successfully. Assign the following roles to the service account used for deploying and running the integration:

    • Storage Admin

    • Chronicle API Editor

    • Cloud Run Admin

    • Project IAM Admin

    • Secret Manager Admin

    • Service Account User

    • Cloud Functions Developer

    • Cloud Scheduler Admin

    • Secret Manager Secret Accessor

    • Cloud Scheduler Job Runner

  • Your GCP project must have the required services enabled so that the Cloud Function and related resources can run successfully. Ensure the following Google APIs are enabled in your project:

    • Cloud Run Function (4-core CPU or higher is recommended)

    • GCS bucket

    • Secret Manager

    • Cloud Scheduler

Steps

To set up the integration and start ingesting Cyware threat intelligence into Google SecOps, follow these steps:

  1. Configure Rules and API Credentials in Intel Exchange

  2. Create Cloud Function ZIP

  3. Deploy the Cyware Intel Exchange Integration

  4. Verify Integration

  5. Redeploy an Upgraded Build