LimaCharlie users can now output events and detections to a Google Cloud BigQuery Table to turn security data into valuable insights.
Also, you can then connect a BigQuery Table to Google Sheets to manipulate the data there.
To send the data from LimaCharlie to Google Cloud BigQuery, you will need to configure an Output. To do it, navigate to the Outputs section of the web app & go to Add Output.
Next, choose the Output Stream (type) you want to send. You can send any LimaCharlie Output Streams to Google Cloud BigQuery.
In your BigQuery account, you will need to create a Service Account with the following roles:
BigQuery Job User: this role needs to be assigned at the Project level to create loading jobs.BigQuery Data Editor: this will permit LimaCharlie to write to the relevant dataset and table. This can be at the dataset / table level.
Then, generate a JSON Key for the new Service Account, you will need it in the next step.
After that's done, in LimaCharlie complete the configuration by adding the required information which includes:
Output name
Dataset: BigQuery dataset name where the data will be inserted (as found in your BigQuery account)
Table: BigQuery table name where the data will be inserted (as found in your BigQuery account)
Project: the project name where to send the data (as found in your BigQuery account)
Secret Key: the secret json key identifying a service account (as found in your BigQuery account)
Optionally, you can specify the number of other parameters, including:
Seconds per File: the number of seconds after which a batch of data is loaded
