If I'm the admin of the GCP account without having a role assigned in chronicle can I still have permission to forward data to the Chronicle using the API and a JSON cred file?
Secops siem
+1
+16I dont think GCP admin matters in this case.
Sounds like you are trying to send data to the ingest api. The backstory service account should get you what you need. The account you are using now - we would need to know the roles or custom role assigned to that account.
+10If your service account has the correct permissions, you could send via the Ingestion API -https://cloud.google.com/chronicle/docs/reference/ingestion-api. You could also send to Cloud Logging and configure ingestion from there, with someone that has access, if ingestion is not already set up.
+1I have a SOC Role = admin, but no role assigned in secops? Can I ingest data into secops? using the SA's JSON cred file or is it mandatory to get a Role assigned to my account before using the JSon file for authentication?
+16I have a SOC Role = admin, but no role assigned in secops? Can I ingest data into secops? using the SA's JSON cred file or is it mandatory to get a Role assigned to my account before using the JSon file for authentication?
I think you have a SOAR account with a SOC role of admin. That SA json you have shouldnt work with that account. That account cannot be used for the API.
You need a service account.
https://cloud.google.com/iam/docs/service-account-overview?authuser=1
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.