Google Workspace APIs

phil_pearce · May 24, 2021, 6:42am

Hi,

I’m trying to use insightconnect to feed in alerts etc from Google Workspace…
Such as users sharing external docs, docs shared with emails outside of our domain… etc.

I would like to be able to utilise there
SuspiciousActivity | Alert Center API | Google Developers and most of these apis Google Workspace Admin SDK | Google Developers

I cant seem to find a plugin in order to utilise this. (Also a decent way of feeding into IDR except syslog forwarder)

What are you recommendations for doing these? I thought about the python module but not sure if you can import libraries required for the initial authentication.

matt_domko_deprecated · May 24, 2021, 5:10pm

Probably want to make this a plugin request (I would be interested too)

That said, you can export your workspace logs to BigQuery… I have a custom plugin that polls bigquery every N minutes; if results > 0 , do the action.

phil_pearce · May 25, 2021, 6:50am

Thats exactly what Im doing at the moment, just think theres a better way of getting these events into IDR

ilee1 · October 5, 2022, 6:13pm

@phil_pearce @matt_domko_deprecated

Afternoon Folks,

I’m looking to do something similar and came across this thread. Did either of you come up with a better solution to deal with Google APIs? If not would you mind sharing a bit about your custom plugin to query BigQuery?