Scribd Logo
Upload

Welcome to Scribd!

  • Deploying Darktrace Google Workspace Security Module

    Uploaded by

    Andre Gaio
    83 views7 pages
    The document provides steps to authorize the Darktrace Google Workspace Security Module. It outlines how to: 1. Create a project and enable the Admin SDK in the Google Developer Console as an admin of the domain to be monitored. 2. Generate a service account key and delegate domain-wide authority to the service account. 3. Ensure the app is trusted in the Google Admin Console. 4. Authorize the module in the Darktrace Threat Visualizer by inputting the service account's authorization certificate JSON.

    Original Description:

    Original Title

    Deploying Darktrace Google Workspace Security Module[5]

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides steps to authorize the Darktrace Google Workspace Security Module. It outlines how to: 1. Create a project and enable the Admin SDK in the Google Developer Console as an admin of the domain to be monitored. 2. Generate a service account key and delegate domain-wide authority to the service account. 3. Ensure the app is trusted in the Google Admin Console. 4. Authorize the module in the Darktrace Threat Visualizer by inputting the service account's authorization certificate JSON.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    83 views7 pages

    Deploying Darktrace Google Workspace Security Module

    Uploaded by

    Andre Gaio
    The document provides steps to authorize the Darktrace Google Workspace Security Module. It outlines how to: 1. Create a project and enable the Admin SDK in the Google Developer Console as an admin of the domain to be monitored. 2. Generate a service account key and delegate domain-wide authority to the service account. 3. Ensure the app is trusted in the Google Admin Console. 4. Authorize the module in the Darktrace Threat Visualizer by inputting the service account's authorization certificate JSON.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 7

    Deploying Darktrace Google Workspace Security

    Module
    Threat Visualizer v5.1

    Last Updated: August 4 2021


    DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 2

    G Suite (Google Workspace) Authorization


    The following guide will take you through the process to authorize the Darktrace G Suite Security Module. These steps must
    be performed before the module will monitor a domain and must be performed by an Admin of the domain to be monitored.

    First, login as an admin of the domain to be monitored on the Google Developer Console.

    Create a Project

    1. Navigate to Developer Projects.

    Click on CREATE PROJECT

    2. Enter a project name (e.g., Darktrace) and click CREATE.

    Enable Admin SDK

    1. Navigate to the developer console and select Google API at


    the top left of the screen. Ensure that the project created above is
    selected on the drop-down menu.

    2. In the search bar, search for Admin SDK and select it.

    3. Click Enable - ignore any pop-ups that may appear.

    Create a New Service Account

    1. Navigate to the developer console service accounts.

    If prompted, click Select a project and open the project created


    above.
    DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 3

    2. Click CREATE SERVICE ACCOUNT.

    3. Proceed through the Create service account dialog.

    Enter a Service Account Name (e.g., darktrace-service) and a


    Service account description (e.g., Darktrace Service Account).

    Click CREATE.

    4. Select Role as Project -> Viewer.

    Click CONTINUE

    5. Click CREATE KEY, and select JSON.

    Ensure that the contents of this file are retained in a safe


    location as it is necessary for later setup.

    Click DONE

    6. Click on the email to edit the new account.

    Make a note of the service account’s Client ID (or Unique ID) as


    this will be used later.
    DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 4

    7. Click Edit.

    Locate the Enable Domain-wide Delegation checkbox and


    ensure it is ticked. If it is not visible, click “Show domain-wide
    delegation” to show the field.

    8. Enter a Product Name (for example, “Darktrace Service”) and


    save the changes.

    Delegate Domain-Wide Authority to the Service Account

    1. Navigate to the admin console and select Security from the list
    of controls.

    If you do not see Security listed, select MORE CONTROLS from


    the gray bar at the bottom of the page, then select Security from
    the list of controls.

    If the controls are not visible, confirm you are signed in as an


    administrator for the domain.

    2. Select API Controls, then select MANAGE DOMAIN WIDE


    DELEGATION.

    3. In the corresponding page, click “Add New”

    4. In the Client ID field enter the service account’s Client ID (or


    Unique ID) recorded above.

    The service account’s Client ID can also be found on the Service


    accounts page.

    5. In the OAuth scopes field enter in one line:

    https://www.googleapis.com/auth/admin.reports.audit.readonly

    Click Authorize.
    DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 5

    Ensure that the App is Trusted in the Admin Console

    1. Navigate to the list of trusted apps in the admin console.

    This list is also accessible from API Controls > MANAGE THIRD-
    PARTY APP ACCESS.

    Click Add App and select OAuth App Name or Client ID from the
    drop down.

    2. In the pop-up, search for the Client ID recorded above.

    The project created earlier should appear as a search result.

    Select it and click Add.

    3. You will be returned to the App list where the App should now
    appear as an entry.
    DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 6

    Darktrace Authorization
    1. Open the Darktrace Threat Visualizer and navigate to the
    System Config page. Choose Modules from the left-hand menu.
    Select Google Workspace from the available Cloud/SaaS
    Security modules.

    2. A new dialog will appear. Ensure the module is enabled.

    Click the “New Account” button to create an account - if an


    account is already configured, the button is located underneath
    the existing entry. Add an Account Name - this field will be
    displayed in the Threat Visualizer alongside events from Google
    Workspace (formerly G Suite).

    3. In the Administrator Email field, enter the email address of the


    admin account used to create the service account (i.e. the
    email of the user who performed the config steps - note that this
    is NOT the email of the service account itself).

    4. Copy and paste the contents of the JSON file recorded above
    into the Authorization Certificate JSON field.

    Click the “authorize” button to begin monitoring your Google


    Workspace (formerly G Suite) environment.

    After attempting to retrieve data for the first time, the module will
    report whether the poll cycle was successful. If any errors occur,
    these will be reported in the Status section

    The module is now authorized and monitoring your domains. Please note, if changes are made to your Google
    Workspace (formerly G Suite) domains, this authorization may have to be repeated; your Darktrace representative can
    advise on whether this is necessary.
    US:+1 415 229 9100 UK:+44 (0) 1223 394 100 LATAM:+55 11 4949 7696 APAC:+65 6804 5010 info@darktrace.com darktrace.com

    You might also like