Hello,
I have a playbook to monitor unauthorized creation of GCP service account keys, I need to automate the removal of the service account key step once the key is deemed suspicious. Is there any feature from Chronicle that allows for such automation? Or is remote agent needed, if so what is the most efficient way to use remote agent to do so?
Thanks in advance
'Remote Agent' is required if you want SOAR to talk to an on-prem technology that is behind a firewall, as GCP is in the cloud this is unlikely.
You either need to find the appropriate Action from the marketplace, or if this does not exist engage with a partner or look at the inbuild IDE to build the appropiate code.
HTH
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.