Skip to main content

Hello everyone,

I am planning to ingest Zoom operation and activity logs into Google SecOps (Chronicle) and would like your insights on the most efficient way to achieve this.

My proposed approach involves using Cloud Functions in conjunction with Google Cloud Scheduler to run jobs that will fetch the logs from Zoom API endpoints. However, I am uncertain about the optimal receiving point. Here are the options I'm considering:

  1. Pub/Sub: I could create a topic and establish a direct feed from Chronicle to that topic. The Cloud Function would publish the fetched logs to this topic.

  2. Cloud Storage: The Cloud Function would dump all the logs into a bucket, and Chronicle would fetch them using a direct feed from the bucket.

  3. Log Ingestion API: The Cloud Function would post the logs directly to Chronicle using the available log ingestion API.

Which solution do you think is the most efficient? I plan to adopt the approach you suggest for similar situations in the future.

Thank you in advance for your assistance.

I'd recommend option 3 with the log ingestion API. It will keep your costs down (don't need another service running) and depending on the volume, as long as you batch the logs, you'll be able to limit the outbound pushes to only when there are full batches. Examples of batching are available here if you want to see what it looks like inside of Python: https://github.com/pilot006/google-secops-unofficial-api-collectors


-mike

I'd recommend option 3 with the log ingestion API. It will keep your costs down (don't need another service running) and depending on the volume, as long as you batch the logs, you'll be able to limit the outbound pushes to only when there are full batches. Examples of batching are available here if you want to see what it looks like inside of Python: https://github.com/pilot006/google-secops-unofficial-api-collectors


-mike


Thank you very much for the reply and I really appreciate it. I noticed that the scripts in that Github repo are sort of a chronicle SOAR integration. Is it possible to implement the same concept using a cloud function ?

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.