This repository provides a comprehensive collection of Terraform blueprints, modules, and CICD pipelines designed to automate the implementation of custom integrations, agents, and configurations for Google Cloud SecOps (formerly Chronicle). It aims to provide modular and scalable solutions for various SecOps automation needs.
This section details the available Terraform blueprints for deploying and managing Google Cloud SecOps components and integrations.
This blueprint is a simple script for running BindPlane OP Management Console container on Google Compute Engine instance with COS.
This blueprint is a modular and scalable solution for deployment of the BindPlane OP Management Console within a Google Kubernetes Engine (GKE) environment.
This blueprint offers a comprehensive and adaptable solution for constructing an automation for exporting raw data from a SecOps tenant to Google Cloud Storage for longer retention. The pipeline is built on top of various Google Cloud products.
This blueprint is a comprehensive and adaptable solution for constructing a SecOps pipeline for exporting raw data from a SecOps tenant, optionally anonymize this data and then import data back in a different SecOps tenant.
This blueprint is a modular and scalable solution for setting up a SecOps forwarder on Google Kubernetes Engine (GKE). This forwarder is designed to handle multi-tenant data ingestion, ensuring secure and efficient log forwarding to your SecOps SIEM instances.
This blueprint allows automated configuration of SecOps instance at both infrastructure and application level.
This blueprint allows automated configuration of a SecOps instance at both infrastructure and application level with out-of-the-box Feeds integration, automated deployment of SecOps rules and reference lists, as well as Data RBAC scopes.
This blueprint implements end-to-end configuration of new projects and SecOps SIEM tenants via YAML data configurations and secops-tenant blueprint code.
This folder contains a suite of Terraform modules for Google SecOps automation. These modules are designed to be composed together and can be forked and modified where the use of third-party code and sources is not allowed.
Modules aim to stay close to the low-level provider resources they encapsulate and share a similar interface that combines management of one resource or set of resources, and their corresponding IAM bindings.
This module allows configuration of Data RBAC in Google SecOps.
This module allows creation and management of custom rules as well as reference lists in Google SecOps.
This repository provides a collection of sample repositories for automating Google Cloud SecOps configuration through CICD pipelines.
This sample repository contains ready-to-use code for automated deployment of detection rules and reference lists in Google SecOps via CICD (currently with sample pipelines for GitLab and GitHub).
This sample repository provides a framework for managing SecOps parsers as code.
This sample repository provides a framework to manage and deploy SOAR playbooks using a "Response as Code" methodology.