Managing content via Google SecOps' API

Hey [removed by moderator] ,

Parsers, the custom lists from the SOAR, and potentially being to automate basic log validation with https://github.com/chronicle/logstory would be items we would like to be able to manage in CI/CD platform. Not sure if any of these should live in Content Manager, but the idea of having one repo to manage this would be neat and easier to manage.

With what you have above Curated Detections would be amazing to get away from the GUI given some of the clunkiness of the different menus given the move to put them in Content Hub.

Cheers,

[removed by moderator]

Thanks ​@Grumbler!

​@David-French isn’t there an overlap with https://github.com/google/secops-wrapper?

​@ar3diu it’s a fair question. My plan is to use secops-wrapper in Content Manager when it has all of the functionality that’s needed. Content Manager provides additional functionality that makes it convenient to manage content in Google SecOps via a CI/CD pipeline (e.g. GitHub Actions). It includes a set of tests, schema validation for content (e.g. rules), and example workflows for configuring GitHub Actions and GitLab CI/CD.

Hello, 

If possible - can something be done about addit a functionality to update the Connectors?

We have about 170 connectors, today for example I updated 56 Graph connectors manually. Adding an API endpoint for this would be great.

Regards, and thanks for all the good work! 

​@borocausev are you referring to connectors in SOAR?

Hi ​@David-French - yes, I am referring to the SOAR Connectors, mainly because in your post you mentioned “and possibly other SOAR content” - this would be of great use for MSSPs as we deal with large number of connectors, integrations etc...