Google Cloud Documentation

Migrate Remote Agents authentication to Google Cloud

Supported in:

Google secops SOAR

This document describes how to migrate remote agents to Google Cloud and use a Google Cloud service account for authentication and communication.

Before you begin

Make sure you have the following:

Necessary permissions to create service accounts in Google Cloud.
Required roles to create service account keys.
Minimum required Remote Agent version 2.6.2 and later.

Create a service account

A service account is a special type of Google Account that is used by an application to make authorized API calls. To create a service account, follow these steps:

In Google Cloud console, go to the Service Accounts page.

Go to Service Accounts

Click Create Service Account.
In the Service account details section, do the following:
1. Enter a name for the service account.
2. Enter a description for the service account.
3. Click Create and Continue.
In the Permissions section, do the following:
1. In the Select a role list, select the Chronicle SOAR Remote Agent role.
2. Click Continue.
In the Grant users access to this service account section, click Done.

Create a service account key

The service account key is required to authenticate the remote agent. To create this key, follow these steps:

In Google Cloud console, go to the Service Accounts page.

Go to Service Accounts

Click the name of the service account that you created.
Click the Keys tab.
Click Add Key > Create new key.

Select JSON as the key type and click Create.

A JSON file containing the key is downloaded to your computer.

Click Close.

Securely store the key file

After downloading the service account key, you must move it to the host machine where the remote agent will run.

Podman

Locate the downloaded JSON file on your computer.
Store the file in a secure location on the host machine where the agent process can access it.
Enter your agent's service account key full path on the host machine.
```
AGENT_SERVICE_ACCOUNT_PATH
```

Docker

Locate the downloaded JSON file on your computer.
Store the file in a secure location on the host machine where the agent process can access it.
Enter your agent's service account key full path on the host machine.
```
AGENT_SERVICE_ACCOUNT_PATH
```

Installer

Locate the downloaded JSON file on your computer.
Store the file in the following location:
```
AGENT_SERVICE_ACCOUNT_PATH
```
Make a note of the full path to this file, as it will be required when you configure the remote agent.

Map the remote agent service account

After creating the service account for your remote agent, you must authorize it within the platform to ensure it can successfully communicate with Google SecOps.

To map the service account:

Go to SOAR Settings > Advanced > Group Mapping.
Click add Add.
In the Add Role dialog, enter the full service account email address in the IAM Role / IdP group field.
Select the appropriate Environments that the remote agent will manage. Assigning SOC Roles is optional for remote agents.
Click Add.

Migrate the remote agent to Google Cloud

Podman

If you're deploying a new agent, read Deploy an agent with Podman.

If you're upgrading an agent, read Upgrade an agent with Podman.

Docker

If you're deploying a new agent, read Deploy an agent with Docker.

If you're upgrading an agent, read Upgrade an agent with Docker.

Installer

If you're deploying a new agent, read either Deploy an agent with CentOS or Deploy an agent with RHEL.

If you're upgrading an agent, read either Upgrade an agent with CentOS or Upgrade an agent with RHEL

Migrate environment variables for existing agent

Go to SOAR Settings > Advanced > Remote Agents and click View More on the required remote agent.

Copy the following values from the Docker Command field and paste them in the following commands.
You will be using them in the migration procedure:

ONE PLATFORM URL DOMAIN.
```
ONE_PLATFORM_URL_DOMAIN
```
ONE PLATFORM URL PROJECT.
```
ONE_PLATFORM_URL_PROJECT
```
ONE PLATFORM URL LOCATION.
```
ONE_PLATFORM_URL_LOCATION
```
ONE PLATFORM URL INSTANCE.
```
ONE_PLATFORM_URL_INSTANCE
```

Podman

To migrate the remote agent environment variables, follow these steps:

List running Podman containers.
```
podman ps
```
Enter your agent's container ID:
```
CONTAINER_ID
```

Paste the following environment variables from the earlier procedures and run this command:

podman exec CONTAINER_ID sh -c 'printf "export ONE_PLATFORM_URL_DOMAIN=ONE_PLATFORM_URL_DOMAIN\nexport ONE_PLATFORM_URL_PROJECT=ONE_PLATFORM_URL_PROJECT\nexport ONE_PLATFORM_URL_LOCATION=ONE_PLATFORM_URL_LOCATION\nexport ONE_PLATFORM_URL_INSTANCE=ONE_PLATFORM_URL_INSTANCE\nexport GOOGLE_APPLICATION_CREDENTIALS=/opt/SiemplifyAgent/agent-key.json" >> /home/siemplify_agent/.bash_profile'

Docker

To migrate the remote agent environment variables, follow these steps:

List running Docker containers.
```
docker ps
```
Enter your agent's container ID:
```
CONTAINER_ID
```

Paste the following environment variables from the earlier procedures and run this command:

docker exec CONTAINER_ID sh -c 'printf "export ONE_PLATFORM_URL_DOMAIN=ONE_PLATFORM_URL_DOMAIN\nexport ONE_PLATFORM_URL_PROJECT=ONE_PLATFORM_URL_PROJECT\nexport ONE_PLATFORM_URL_LOCATION=ONE_PLATFORM_URL_LOCATION\nexport ONE_PLATFORM_URL_INSTANCE=ONE_PLATFORM_URL_INSTANCE\nexport GOOGLE_APPLICATION_CREDENTIALS=/opt/SiemplifyAgent/agent-key.json" >> /home/siemplify_agent/.bash_profile'

Installer

To migrate the remote agent environment variables, follow these steps:

Paste the following environment variables from the earlier procedures and run this command:

cat << EOF >> /home/siemplify_agent/.bash_profile
export ONE_PLATFORM_URL_DOMAIN=ONE_PLATFORM_URL_DOMAIN
export ONE_PLATFORM_URL_PROJECT=ONE_PLATFORM_URL_PROJECT
export ONE_PLATFORM_URL_LOCATION=ONE_PLATFORM_URL_LOCATION
export ONE_PLATFORM_URL_INSTANCE=ONE_PLATFORM_URL_INSTANCE
export GOOGLE_APPLICATION_CREDENTIALS=/opt/SiemplifyAgent/agent-key.json
EOF

Migrate the service account into the Remote Agent

Once this step is completed, and all the environment variables are present in the remote agent, the migration is completed and the remote agent will communicate through Google Cloud

Podman

To migrate the remote agent, follow these steps:

List running Podman containers.
```
podman ps
```
Enter your agent's container ID:
```
CONTAINER_ID
```
Use the following command to copy the service account key to a dedicated path in the container.
```
podman cp AGENT_SERVICE_ACCOUNT_PATH CONTAINER_ID:/opt/SiemplifyAgent/agent-key.json
```

Use the following command to change the owner of the service account key in the container:

podman exec -u 0 CONTAINER_ID chown siemplify_agent:siemplify_agent /opt/SiemplifyAgent/agent-key.json

Run the following command to apply the changes:
```
podman restart CONTAINER_ID
```

Docker

To migrate the remote agent, follow these steps:

List running Docker containers.
```
docker ps
```
Enter your agent's container ID:
```
CONTAINER_ID
```
Use the following command to copy the service account key to a dedicated path in the container.
```
docker cp AGENT_SERVICE_ACCOUNT_PATH CONTAINER_ID:/opt/SiemplifyAgent/agent-key.json
```

Use the following command to change the owner of the service account key in the container:

docker exec -u 0 CONTAINER_ID chown siemplify_agent:siemplify_agent /opt/SiemplifyAgent/agent-key.json

Run the following command to apply the changes:
```
docker restart CONTAINER_ID
```

Installer

To migrate the remote agent, follow these steps:

Move the Service Account to the expected path

mv AGENT_SERVICE_ACCOUNT_PATH /opt/SiemplifyAgent/agent-key.json

Use the following command to change the owner of the service account key in the container:
```
chown siemplify_agent:siemplify_agent /opt/SiemplifyAgent/agent-key.json
```
Run the following command to restart the agent service:
```
supervisorctl restart siemplify_agent
```

Need more help? Get answers from Community members and Google SecOps professionals.