BigQuery
Overview
This document outlines the process for configuring the Google BigQuery to receive findings from AlphaSOC. The integration enables you to store, analyze, and visualize AlphaSOC's findings within your BigQuery environment.
To receive findings, set up the following Google BigQuery resources:
- Project that will host the dataset and table.
- Dataset that will organize the data.
- Table with configured table schema and table query that will store the findings.
- IAM permissions that enable secure data transmission from AlphaSOC.
To enable integration, provide the following configuration details to AlphaSOC:
- Project ID.
- Dataset name.
- Table name.
Configuring Table Schema
Enable "Edit as text" toggle and insert the following JSON configuration:
[
{
"mode": "NULLABLE",
"name": "eventType",
"type": "STRING"
},
{
"fields": [
{
"mode": "REQUIRED",
"name": "ts",
"type": "TIMESTAMP"
},
{
"mode": "NULLABLE",
"name": "srcIP",
"type": "STRING"
},
{
"mode": "NULLABLE",
"name": "srcPort",
"type": "INTEGER"
},
{
"mode": "NULLABLE",
"name": "srcHost",
"type": "STRING"
},
{
"mode": "NULLABLE",
Configuring Table Query
Replace the following placeholders with the appropriate resource identifiers.
{{PROJECT_ID}}- ID of your project{{DATASET_NAME}}- name of your dataset{{TABLE_NAME}}- name of your table
Enter the modified query in the query editor:
SELECT * FROM `{{PROJECT_ID}}.{{DATASET_NAME}}.{{TABLE_NAME}}` LIMIT 1000
Adding IAM Permissions
Configure the IAM permissions as shown below, using
data-export@alphasoc-io.iam.gserviceaccount.com as the principal. IAM
conditions can be optionally configured to specify AlphaSOC's resource access
scope. For implementing IAM conditions, refer to
IAM conditions documentation.
