Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.chronosphere.io/llms.txt

Use this file to discover all available pages before exploring further.

The Google Chronicle destination plugin (name: chronicle) lets you configure your telemetry pipeline to output data to Google Chronicle.

Supported telemetry types

The for Chronosphere Telemetry Pipeline supports these telemetry types:
LogsMetricsTraces

Configuration parameters

Use the parameters in this section to configure the . The Telemetry Pipeline web interface uses the items in the Name column to describe these parameters. Pipeline configuration files use the items in the Key column as YAML keys.

Chronicle Settings

NameKeyDescriptionDefault
Google Service Credentials Pathgoogle_service_credentialsThe Service Credentials file lets Telemetry Pipeline communicate directly with Google Cloud Services using a service account.none
GCP Service Account Emailservice_account_emailAccount email associated with the service. Available only if no credentials file has been provided.none
GCP Service Account Secretservice_account_secretPrivate key content associated with the service account. Available only if no credentials file has been provided.none
GCP Project Idproject_idThe project ID containing the tenant of Google Chronicle to stream into.none
Google Chronicle Customer IDcustomer_idRequired. The customer ID to identify the tenant of Google Chronicle to stream into.none
Google Chronicle Log Typelog_typeRequired. The log type to handle the request entries. Users must set up the valid, supported log type or the Google Chronicle service denies log ingestion.none
Google Chronicle Log Keylog_keyRequired. Specifies the field that contains the log type specified in log_type. By default, the whole log record is sent to Google Chronicle.none

Advanced

NameKeyDescriptionDefault
Region LocationregionThe GCP region in which to store Google Chronicle security logs. Accepted values: ASIA, EU, UK, US.US

Security and TLS

NameKeyDescriptionDefault
TLStlsIf true, enables TLS/SSL. If false, disables TLS/SSL. Accepted values: true, false.false
TLS Certificate Validationtls.verifyIf on, and if tls is true, enables TLS/SSL certificate validation. If off, disables TLS/SSL certificate validation. Accepted values: on, off.on
TLS Debug Leveltls.debugSets TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose).1
CA Certificate File Pathtls.ca_fileAbsolute path to CA certificate file.none
Certificate File Pathtls.crt_fileAbsolute path to certificate file.none
Private Key File Pathtls.key_fileAbsolute path to private key file.none
Private Key Path Passwordtls.key_passwdPassword for private key file.none
TLS SNI Hostname Extensiontls.vhostHostname to be used for TLS SNI extension.none

Advanced Networking

NameKeyDescriptionDefault
DNS Modenet.dns.modeSelects the primary DNS connection type, which can be TCP or UDP.none
DNS Resolvernet.dns.resolverSelects the primary DNS connection type, which can be LEGACY or ASYNC.none
Prefer IPv4net.dns.prefer_ipv4Prioritizes IPv4 DNS results when trying to establish a connection. Accepted values: true, false.false
Keepalivenet.keepaliveEnables or disables Keepalive support. Accepted values: true, false.true
Keepalive Idle Timeoutnet.keepalive_idle_timeoutSets the maximum time allowed for an idle Keepalive connection.30s
Max Connect Timeoutnet.connect_timeoutSets the maximum time allowed to establish a connection, which includes the TLS handshake.10s
Max Connect Timeout Log Errornet.connect_timeout_log_errorSpecifies whether to log an error on connection timeout. When disabled, the timeout is logged as a debug message. Accepted values: true, false.true
Source Addressnet.source_addressSpecifies the network address to bind for data traffic.none
Max Keepalive Recyclenet.keepalive_max_recycleSets the maximum number of times a keepalive connection can be used before it’s retired.2000