0% found this document useful (0 votes)

122 views

Deploying Darktrace Google Workspace Security Module

The document provides steps to authorize the Darktrace Google Workspace Security Module. It outlines how to: 1. Create a project and enable the Admin SDK in the Google Developer Console as an admin of the domain to be monitored. 2. Generate a service account key and delegate domain-wide authority to the service account. 3. Ensure the app is trusted in the Google Admin Console. 4. Authorize the module in the Darktrace Threat Visualizer by inputting the service account's authorization certificate JSON.

Uploaded by

Andre Gaio

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

122 views

Deploying Darktrace Google Workspace Security Module

Uploaded by

Andre Gaio

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 7

Deploying Darktrace Google Workspace Security

Module
Threat Visualizer v5.1

Last Updated: August 4 2021

DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 2

G Suite (Google Workspace) Authorization

The following guide will take you through the process to authorize the Darktrace G Suite Security Module. These steps must
be performed before the module will monitor a domain and must be performed by an Admin of the domain to be monitored.

First, login as an admin of the domain to be monitored on the Google Developer Console.

Create a Project

1. Navigate to Developer Projects.

Click on CREATE PROJECT

2. Enter a project name (e.g., Darktrace) and click CREATE.

Enable Admin SDK

1. Navigate to the developer console and select Google API at

the top left of the screen. Ensure that the project created above is
selected on the drop-down menu.

2. In the search bar, search for Admin SDK and select it.

3. Click Enable - ignore any pop-ups that may appear.

Create a New Service Account

1. Navigate to the developer console service accounts.

If prompted, click Select a project and open the project created

above.
DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 3

2. Click CREATE SERVICE ACCOUNT.

3. Proceed through the Create service account dialog.

Enter a Service Account Name (e.g., darktrace-service) and a

Service account description (e.g., Darktrace Service Account).

Click CREATE.

4. Select Role as Project -> Viewer.

Click CONTINUE

5. Click CREATE KEY, and select JSON.

Ensure that the contents of this file are retained in a safe

location as it is necessary for later setup.

Click DONE

6. Click on the email to edit the new account.

Make a note of the service account’s Client ID (or Unique ID) as

this will be used later.
DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 4

7. Click Edit.

Locate the Enable Domain-wide Delegation checkbox and

ensure it is ticked. If it is not visible, click “Show domain-wide
delegation” to show the field.

8. Enter a Product Name (for example, “Darktrace Service”) and

save the changes.

Delegate Domain-Wide Authority to the Service Account

1. Navigate to the admin console and select Security from the list
of controls.

If you do not see Security listed, select MORE CONTROLS from

the gray bar at the bottom of the page, then select Security from
the list of controls.

If the controls are not visible, confirm you are signed in as an

administrator for the domain.

2. Select API Controls, then select MANAGE DOMAIN WIDE

DELEGATION.

3. In the corresponding page, click “Add New”

4. In the Client ID field enter the service account’s Client ID (or

Unique ID) recorded above.

The service account’s Client ID can also be found on the Service

accounts page.

5. In the OAuth scopes field enter in one line:

https://www.googleapis.com/auth/admin.reports.audit.readonly

Click Authorize.
DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 5

Ensure that the App is Trusted in the Admin Console

1. Navigate to the list of trusted apps in the admin console.

This list is also accessible from API Controls > MANAGE THIRD-
PARTY APP ACCESS.

Click Add App and select OAuth App Name or Client ID from the
drop down.

2. In the pop-up, search for the Client ID recorded above.

The project created earlier should appear as a search result.

Select it and click Add.

3. You will be returned to the App list where the App should now
appear as an entry.
DEPLOYING DARKTRACE GOOGLE WORKSPACE SECURITY MODULE 6

Darktrace Authorization
1. Open the Darktrace Threat Visualizer and navigate to the
System Config page. Choose Modules from the left-hand menu.
Select Google Workspace from the available Cloud/SaaS
Security modules.

2. A new dialog will appear. Ensure the module is enabled.

Click the “New Account” button to create an account - if an

account is already configured, the button is located underneath
the existing entry. Add an Account Name - this field will be
displayed in the Threat Visualizer alongside events from Google
Workspace (formerly G Suite).

3. In the Administrator Email field, enter the email address of the

admin account used to create the service account (i.e. the
email of the user who performed the config steps - note that this
is NOT the email of the service account itself).

4. Copy and paste the contents of the JSON file recorded above
into the Authorization Certificate JSON field.

Click the “authorize” button to begin monitoring your Google

Workspace (formerly G Suite) environment.

After attempting to retrieve data for the first time, the module will
report whether the poll cycle was successful. If any errors occur,
these will be reported in the Status section

The module is now authorized and monitoring your domains. Please note, if changes are made to your Google
Workspace (formerly G Suite) domains, this authorization may have to be repeated; your Darktrace representative can
advise on whether this is necessary.
US:+1 415 229 9100 UK:+44 (0) 1223 394 100 LATAM:+55 11 4949 7696 APAC:+65 6804 5010 [email protected] darktrace.com