Google Apps are a set of cloud-based productivity applications. In order to collect data from Google apps, you must use a Google account that has Admin privileges. Rapid7 recommends that you use a private browsing window to set this event source up to ensure that you log onto the correct admin level account.
In order to read Google Apps logs, the collector needs to reach the Google server to pull the logs, and must be able to connect to https://www.googleapis.com
The only permission that we request in the authorization grant is admin.reports.audit.readonly
Google Apps is enabled via an OAuth credential. The requirements for this credential are described here.
Setting up Google integration
- Log onto your Google Admin account.
Note: If you are logged into an account that does not have Admin privileges, for example your personal Gmail account, the OAuth popup displays to use that logon instead, which won't have the rights you need. Log out and log onto a Google account that has Admin privileges.
- From InsightOps, click Data Collection.
- Select Add Data in the top right corner.
- Select the Cloud Service icons from the Security Data section.
- Select Google Apps from the list of event sources in the dropdown.
- Optionally name your event source, and choose whether or not to send unfiltered logs.
- Optionally configure a fallback domain.
- Select Begin.
After the Google Apps event source is added to the Collector list, it will take a few seconds to start communicating. When it is running and communicating with the Collector, a check mark appears on the right.
InsightOps also fetches a listing of all users via the users' API.
Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications.
Click here for more information.