After you configure the connection between the AlienApp for G Suite for a deployed USM Anywhere Sensor and your Google G Suite environment, the predefined log collection jobs perform scheduled queries for events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall.. When USM Anywhere collects and analyzes the first of these events, the G Suite Audit and G Suite Drive dashboards are available in the Dashboard menu (according to the types of collected events).
Note: Currently, the AlienApp for G Suite supports the connection of one G Suite account per USM Anywhere Sensor. If you have more than one G Suite account that you want to monitor in USM Anywhere, you must configure each for a different sensor.
Set Up the Google Service Account
As a Google administrator, you must create a new project in your Google Developers console and create a service account in the Google API Console to support server-to-server interactions. See https://developers.google.com/accounts/docs/OAuth2ServiceAccount for more information about server-to-server authentication in Google.
As you complete the following setup tasks, you must collect these items to complete the integration with the AlienApp for G Suite:
- Client identification (ID) for the service account
- User email for the login that you use to create the account
- Private key file, which is saved to your computer when you create the service account and the key
Important: You must have administrative privileges to configure G Suite for integration with the AlienApp for G Suite. Ask your Google administrator for these privileges.
Service Account Creation
Create a service account according to the instructions in the G Suite Administrator Help page. Pay attention to these specifics:
- In Step 2: Enable the APIs, enable the Admin SDK.
In Step 3: Create the service account, do the following:
For key type, select P12 and click Create (item 8 in the article).
A dialog box opens informing you that the private key has been saved to your computer. It also displays the password for the private key.
- Copy the password and store it in a secure location.
- Skip item 11–16 in the article and continue with the rest of this document.
Domain-Wide Authority Delegation
Follow the steps listed in the Delegate domain-wide authority to your service account page.
In Step 5 enter the following OAuth Scopes:
Important: Adding the client and scopes in the G Suite console can be subject to a propagation time, which could be up to two hours. If you use the Check Connections tool for your G Suite platform in CloudMigrator, it may not be successful immediately.
Connecting the AlienApp for G Suite
After you create the new service account in Google G Suite and enable the Admin SDK, you must configure the connection within USM Anywhere.
Important: Adding the client and scopes in the G Suite console can be subject to a propagation time, which could be up to two hours. The AlienApp for G Suite connection configuration might not be successful immediately if these resources are not yet accessible.
To enable the AlienApp for G Suite
- In USM Anywhere, go to Data Sources > AlienApps.
- Click the Available Apps tab.
- Search for the AlienApp, and then click the tile.
- Click Configure API.
If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.
AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.
- In the Service Client ID field, enter the unique identification (ID) for the Google service account you created.
In the User Email field, enter the G Suite admin user email address.
Note: The G Suite admin user is the account you use to sign in to your Google Admin console. You cannot use the email address of the service account created for this integration.
(Optional.) If using, click Choose File to upload the P12 private key file for the Google service account you created.
- Click Save.
AlienApp Log Collection
Once the AlienApp has been configured, you can choose to have USM Anywhere collect logs from the app on a regular basis.
To configure log collection for the AlienApp
- Go to Settings > Scheduler.
- In the Job Scheduler, search for the AlienApp on the sensor to which it was deployed.
In the enabled column, click the icon for the inactive collection job.
The icon turns green, and collection is enabled.
- (Optional.) Click the icon to customize the frequency of the event collection.