This repository provides a comprehensive collection of Terraform blueprints, modules, and CICD pipelines designed to automate the implementation of custom integrations, agents, and configurations for Google Cloud SecOps (formerly Chronicle). It aims to provide modular and scalable solutions for various SecOps automation needs.
The SecOps Toolkit Foundation provides a comprehensive automated solution and reference implementation for setting up a production-ready Google SecOps tenant. Designed with a security-first approach, it seamlessly integrates with both new and existing GCP organizations, addressing common deployment challenges using best practices, Terraform, and YAML-based resource factories. It covers the end-to-end setup across multiple stages, from GCP project provisioning and VPC Service Controls to bootstrapping the SecOps instance with RBAC, rules, and configurations.
This section details the available Terraform blueprints for deploying and managing Google Cloud SecOps components and integrations.
This blueprint is a simple script for running BindPlane OP Management Console container on Google Compute Engine instance with COS.
This blueprint is a modular and scalable solution for deployment of the BindPlane OP Management Console within a Google Kubernetes Engine (GKE) environment.
This blueprint offers a comprehensive and adaptable solution for constructing an automation for exporting raw data from a SecOps tenant to Google Cloud Storage for longer retention. The pipeline is built on top of various Google Cloud products.
This blueprint is a comprehensive and adaptable solution for constructing a SecOps pipeline for exporting raw data from a SecOps tenant, optionally anonymize this data and then import data back in a different SecOps tenant.
This blueprint is a modular and scalable solution for setting up a SecOps forwarder on Google Kubernetes Engine (GKE). This forwarder is designed to handle multi-tenant data ingestion, ensuring secure and efficient log forwarding to your SecOps SIEM instances.
This blueprint allows automated configuration of a SecOps instance at both infrastructure and application level with out-of-the-box Feeds integration, automated deployment of SecOps rules and reference lists, as well as Data RBAC scopes.
This blueprint implements end-to-end configuration of new projects and SecOps SIEM tenants via YAML data configurations and secops-tenant blueprint code.
This blueprint is a tool that helps you migrate rules from a SIEM to Google SecOps and reduce the migration time significantly. It uses GenAI to help you migrate the rules in multiple steps.
This folder contains a suite of Terraform modules for Google SecOps automation. These modules are designed to be composed together and can be forked and modified where the use of third-party code and sources is not allowed.
Modules aim to stay close to the low-level provider resources they encapsulate and share a similar interface that combines management of one resource or set of resources, and their corresponding IAM bindings.
This module allows configuration of Data RBAC in Google SecOps.
This module allows creation and management of custom data tables in Google SecOps.
This module allows creation and management of custom rules as well as reference lists in Google SecOps.
This repository provides a collection of sample repositories for automating Google Cloud SecOps configuration through CICD pipelines.
This sample repository provides a framework for managing SecOps Native Dashboards as Code.
This sample repository contains ready-to-use code for automated deployment of detection rules and reference lists in Google SecOps via CICD (currently with sample pipelines for GitLab and GitHub).
This sample repository provides a framework for managing SecOps parsers as code.
This sample repository provides a framework to manage and deploy SOAR playbooks using a "Response as Code" methodology.
To ensure code quality, syntax correctness, and formatting consistency, this repository utilizes automated checks via GitHub Actions. You can run these validations locally before pushing your changes to the remote repository.
We use Ruff as our standard Python linter to check for syntax errors, undefined names, unused imports, and code style issues.
-
Install tool dependencies (including Ruff and YAPF):
pip install -r tools/requirements.txt
-
Run Ruff validation across all Python scripts in the repository:
ruff check .
We use YAPF to enforce standard Python code formatting. To format your code in-place locally:
yapf . -i --recursive --exclude "**/.terraform/" --exclude "tools/" --exclude "tests/" --exclude "**/*.yaml" --exclude "**/requirements.txt"














