Skip to main content
Solved

Chronicle integration help

  • October 1, 2025
  • 8 replies
  • 177 views
MikelSA
Forum|alt.badge.img+8

Hi,

 

im trying to configurate the new chronicle integration via Chronicle API because i want to add the “Data tables” actions to my playbooks, and only works in Chronicle API, not backstory legacy.

 

So first of all, i created my service Account with some permissions like “getReferencesList.list” and others.

 

Then i configured the API UI, and API Root according to the documentation:

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle

https://cloud.google.com/chronicle/docs/reference/rest?rep_location=eu

 

API UI: https://INSTANCE.chronicle.security/

API ROOT: https://chronicle.eu.rep.googleapis.com/v1alpha/projects/PROJECT_ID/locations/eu/instances/INSTANCE_ID.

User's Service Account: that is the Json that i downloaded when i created the Service account.

 

And im struggling over here, since i get the 400 bad request error al the time:

 

400 Client Error: Bad Request
Unable to connect to Google Chronicle, please validate your credentials: Request contains an invalid argument
 

Please I need some Help since im struggling a lot, and i cant connect, and cant use the actions.

 

Thanks a lot

 

Best answer by MikelSA

Is the project your BYOP project attached to SecOps?

Hi I found the solution, with this API root is working: 

https://europe-chronicle.googleapis.com/v1alpha/projects/The project/locations/eu/instances/INSTANCE_ID

instead of the documentation one. 

 

Thanks a lot!

 

Ikerv

8 replies

cmorris
Staff
Forum|alt.badge.img+10
  • cmorris
  • Staff
  • October 1, 2025

Just to confirm - in the configuration, did you update the values of INSTANCE in the UI root and PROJECT_ID and INSTANCE_ID in the API root?

MikelSA
Forum|alt.badge.img+8
  • MikelSABronze 2
  • Author
  • Bronze 2
  • October 1, 2025

Just to confirm - in the configuration, did you update the values of INSTANCE in the UI root and PROJECT_ID and INSTANCE_ID in the API root?

Hi, yes I did.

 

This is the full error that it gives me,

 

I replace my real project nad instance id 

 

================= Main - Param Init =================
Reading configuration from Server
Reading configuration from Server
Parameter Workload Identity Email was not found or was empty, used default_value None instead
Reading configuration from Server
API Root: https://chronicle.eu.rep.googleapis.com/v1/projects/My-project/locations/eu/instances/My-instance_ID
Reading configuration from Server
Verify SSL: True
----------------- Main - Started -----------------
Failed to connect to the Google Chronicle. Error is Unable to connect to Google Chronicle, please validate your credentials: Request contains an invalid argument.
Unable to connect to Google Chronicle, please validate your credentials: Request contains an invalid argument.
Traceback (most recent call last):
  File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/GoogleChronicle_V65.0/b0n4zsfq.h1m/GoogleChronicleManager.py", line 1190, in validate_response
    response.raise_for_status()
  File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/GoogleChronicle_V65.0/lib/python3.11/site-packages/requests/models.py", line 1024, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://chronicle.eu.rep.googleapis.com/v1/projects/My-project/locations/eu/instances/My-instance_ID/referenceLists?view=REFERENCE_LIST_VIEW_BASIC

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/GoogleChronicle_V65.0/b0n4zsfq.h1m/GoogleChronicleManagerV2.py", line 175, in test_connectivity
    self.get_reference_list(
  File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/GoogleChronicle_V65.0/b0n4zsfq.h1m/GoogleChronicleManagerV2.py", line 479, in get_reference_list
    json_results, _ = _get_reference_list_all_view()
  File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/GoogleChronicle_V65.0/b0n4zsfq.h1m/GoogleChronicleManagerV2.py", line 472, in _get_reference_list_all_view
    self.validate_response(response)
  File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/GoogleChronicle_V65.0/b0n4zsfq.h1m/GoogleChronicleManager.py", line 1199, in validate_response
    raise exceptions.GoogleChronicleManagerError(
exceptions.GoogleChronicleManagerError: Request contains an invalid argument.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/GoogleChronicle_V65.0/b0n4zsfq.h1m/fg4ta3vj.hvn.py", line 58, in main
    manager.test_connectivity()
  File "/opt/siemplify/siemplify_server/bin/Scripting/PythonSDK/IntegrationsVirtualEnvironment/#/GoogleChronicle_V65.0/b0n4zsfq.h1m/GoogleChronicleManagerV2.py", line 184, in test_connectivity
    raise exceptions.GoogleChronicleManagerError(
exceptions.GoogleChronicleManagerError: Unable to connect to Google Chronicle, please validate your credentials: Request contains an invalid argument.
----------------- Main - Finished -----------------
Status: 2: Result Value: false
Output Message: Failed to connect to the Google Chronicle. Error is Unable to connect to Google Chronicle, please validate your credentials: Request contains an invalid argument.

cmorris
Staff
Forum|alt.badge.img+10
  • cmorris
  • Staff
  • October 1, 2025

Can you try adding Chronicle API Admin to the SA you are using for the connection as well?

MikelSA
Forum|alt.badge.img+8
  • MikelSABronze 2
  • Author
  • Bronze 2
  • October 1, 2025

Can you try adding Chronicle API Admin to the SA you are using for the connection as well?

I added already

Chronicle api administrador and editor roles, and nothing.

cmorris
Staff
Forum|alt.badge.img+10
  • cmorris
  • Staff
  • October 1, 2025

From the error, sounds like it is an issue with the creds. When setting up integrations in the past, I ran into an error once where these was an extra empty line at the end of the JSON file that, when copied over, resulted in the test failing. I would double check for something like that, add the JSON contents in and test again.

If that does not work, you’ll likely need to file a case. The integration has worked for me with INSTANCE, PROJECT_ID, and INSTANCE_ID configured and JSON for a SA with Chronicle API Admin.

MikelSA
Forum|alt.badge.img+8
  • MikelSABronze 2
  • Author
  • Bronze 2
  • October 2, 2025

 

From the error, sounds like it is an issue with the creds. When setting up integrations in the past, I ran into an error once where these was an extra empty line at the end of the JSON file that, when copied over, resulted in the test failing. I would double check for something like that, add the JSON contents in and test again.

If that does not work, you’ll likely need to file a case. The integration has worked for me with INSTANCE, PROJECT_ID, and INSTANCE_ID configured and JSON for a SA with Chronicle API Admin.

Still nothing, I dont know if i am missing something, to be honest.

 

I have chronicle API up in my gcp, do i have to add Identity and Access Management (IAM) API?

cmorris
Staff
Forum|alt.badge.img+10
  • cmorris
  • Staff
  • October 2, 2025

Is the project your BYOP project attached to SecOps?

MikelSA
Forum|alt.badge.img+8
  • MikelSABronze 2
  • Author
  • Bronze 2
  • Answer
  • October 2, 2025

Is the project your BYOP project attached to SecOps?

Hi I found the solution, with this API root is working: 

https://europe-chronicle.googleapis.com/v1alpha/projects/The project/locations/eu/instances/INSTANCE_ID

instead of the documentation one. 

 

Thanks a lot!

 

Ikerv
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.