Skip to content

Google Workspace (G Suite)

The Google Workspace (G Suite) integration provides audit logging for Google Workspace data sources including Admin, Calendar, Drive, Login, and User Accounts among other services. CYDERES utilizes this information primarily to track admin and user behaviors for malicious entry points.

The same integration access can be utilized to pull Google Workspace Alert Center API for any security issues which Google has detected.

Configuration

  1. Navigate to https://console.cloud.google.com and select the project for this to be enabled in.
  2. Enable the "Admin SDK" service. This can be found quickly by using the Search products and resources bar and searching for "Admin SDK". Optionally, Enable the "G Suite Alert Center API" by the same process.

    gsuite1

  3. Create a Service Account and grant Domain-Wide Delegation of Authority. Follow this documentation to create that Service Account: https://developers.google.com/admin-sdk/reports/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account

  4. Setup authorization scopes for the user account created. Navigate to https://admin.google.com/.
  5. Select "Security" from the list of controls.
  6. Click on "Advanced Settings".
  7. Click "Manage API client access".
  8. In the "Client Name" field, type in the client ID of the service account created previously.
  9. In the One or More API Scopes field, enter the list of scopes that your application should be granted access to.

    text https://www.googleapis.com/auth/admin.reports.audit.readonly https://www.googleapis.com/auth/admin.reports.usage.readonly

    Optionally for the Alert Center API:

    text https://www.googleapis.com/auth/apps.alerts

  10. Click Authorize.

Gather Information

Please provide CYDERES the following information to complete setup:

  • The Service Account JSON credentials file.
  • An administrative level email address for Service Account impersonation.

gsuite2