Google SecOps Data Processor Integration
Overview
Add this destination when you are building a Google SecOps data processing pipeline and need the graph to send its output to the SecOps project and credentials you already saved as a Google SecOps Data Processing integration. You supply an integration_id; Praxis uses that record to resolve region, project, and auth when talking to Chronicle.
Use it together with SecOps Streams and SecOps-capable processors; it is not a substitute for the Google SecOps collector destination used for OTLP-style export from agents.
Supported types: Logs
Configuration
| Parameter | Type | Required | Description |
|---|---|---|---|
| integration_id | string | Yes | The integration you created in Praxis for Google SecOps Data Processing (the saved connection this pipeline should use). |
| region | string | No | Optional Chronicle region override. |
| project | string | No | Optional Chronicle project ID override. |
| instance | string | No | Optional Chronicle instance/customer ID override. |
| target | object | No | Optional target override block (project, location, instance, region, customer_id). |
Example Configuration
{
"integration_id": "secops-int-001",
"region": "us",
"project": "my-gcp-project",
"instance": "my-secops-instance",
"target": {
"project": "my-gcp-project",
"location": "us",
"instance": "my-secops-instance",
"region": "us",
"customer_id": "customer-123"
}
}
See also
- Google SecOps data processing pipeline (integration) — full flow: integration instance,
integration_id, and Chronicle API alignment - SecOps Streams (source)