Table of Contents

        

 

2        Introduction        2

2.1        About        2

2.2        Prerequisites        2

3        Google PubSub Configuration        2

3.1        Create a new project        3

3.2        Create a new Topic        5

3.3        Create GCP service account        8

3.4        Generate a service account key and download the JSON file.        10

4        Beyond Identity Configuration        12

5        Appendix        12

 

2. Introduction

---

 

1. About

This guide provides instructions on how to:

• Integrate BI events data with Google PubSub

 

2. Prerequisites

Ensure that you have the following:

• You have a tenant configured for your organization and able to enroll users.

3. Google PubSub Configuration

• Create a new project
• Create a new Topic and default Subscription
• Create a GCP service account and grant it an IAM role that allows publishing to a Pub/Sub topic of your choice
• Generate a key and download the JSON representation. Share this JSON file with BI SME, Topic name and list of event types interested in. The appendix section explains how to get the event types

 

3. Create a new project

Access console.google.com with admin credentials.  Click on “Create a project” under IAM & Admin menu.

 

In the “New Project” screen, type in a project name for example bi-pubsub. Choose organization and location to suit your GCP configuration. Click “Create”

 

4. Create a new Topic

Enter “project” in the search box . In the drop-down search results, select the project you created under “PROJECTS , FOLDERS & ORGANIZATIONS.”

 

After selecting the project , in the search box type “topics”. In the drop-down search results, select “Topics”.

 

On the Topics screen , click “CREATE TOPIC”

 

Enter a name for the Topic ID for example “bi-data-export-pub-sub”. Leave “Add a default subscription” selected. This will create a subscription automatically. Click “CREATE TOPIC”.

 

 

 You will see the topic created with a default subscription. The default subscription created is “projects/bi-pubsub/subscriptions/bi-data-export-pubsub-sub”

 

5. Create GCP service account

 

The service account is used BI event integration code to authenticate to Google PubSub. In the Google cloud console, select your project and select “Service Accounts” under “IAM & Admin”.  Click “CREATE SERVICE ACCOUNT” in menu.

 

In the “Create service account” screen, enter a name for the service account, for example bi-data-export-sa. The Service account ID and the email address are automatically filled in. Enter description in Service account description and click “CREATE AND CONTINUE”

 

Under “Grant this service account access to project” click on the Role drop-down and select “Pub/Sub Publisher”. Click “Done”

6. Generate a service account key and download the JSON file.

 

Navigate to the service account you created  in IAM & Admin=>Service accounts

 

Click on the service account. Select “Create New Key” under “Add key” drop-down/

 

In the pop-up screen, select “JSON” key type. Click “CREATE”

 

The JSON file will be saved to your computer. Share this file securely with BI SME

 

 

4. Beyond Identity Configuration

In BI admin console, navigate to “Integrations”, “SIEM”. Click on “Add SIEM integration”,  In “ADD SIEM integration” pop up, choose “Cloud Pub/Sub”

In “Add SIEM integration” screen, provide a name, the topic name from section 3.2. For the service account upload the file from section 3.4. In events drop down window select all events or only the events  interested in. Make the “Status”, “ Active”. Click on “Save changes”

 

5. Appendix

 

How to get event types?

• Access https://developer.beyondidentity.com/reference/getevents
• Scroll down the page and under “Responses” look for “200”. Click on the button to the right of description

 

• This will pop-up the screen as shown below. All event types are listed under “event type” string required