![vali logo_FINAL-2-08-2.png]](https://support.valicyber.com/hs-fs/hubfs/vali%20logo_FINAL-2-08-2.png?height=40&name=vali%20logo_FINAL-2-08-2.png){kind=small}
The data collected in an Activity Log is critical for system administrators in monitoring events, troubleshooting issues, and ensuring security. Everything from user activity, endpoint events, and information on alerts (Alert ID, Type of alert, links to specific alerts) is collected in the log. For example, an administrator can see detailed SSH-MFA alert data such as the success/failure of the attempts, the source IP address, and the hostname with the date and time of the event.
Google SecOps
- In Google SecOps, navigate to Settings → SOAR settings → Ingestion → Webhooks.
- Click the + icon to create a new webhook. Enter a name, description, and select an environment (the default environment is used in this example).
- Hover over the Webhook URL field and click the copy icon. Save this URL—you’ll need it to configure ZMC to forward activity to Google SecOps.
- Configure the HTTP transport fields in ZMC
- Navigate to System Configuration à Integrations in ZMC.
- From the Google SecOps webhook URL, copy only the server name (for example,
\<SECOPS_HOSTNAME\>) and paste it into the HTTP Transport Hostname field in ZMC. Do not include the https:// prefix. - From the same webhook URL, copy everything after the server name, starting with the first / and paste it into the Path field in ZMC.
- Select UPDATE to confirm changes.
- Upload a sample JSON alert from ZMC so you can map fields from the ZMC alert payload to the corresponding Google SecOps alert fields.
Exercise: Download this sample JSON file to import into Google SecOps by clicking the Upload JSON sample button. This will be used to perform the data mapping. - Map the data from the sample alert to the required alert fields in Google SecOps.
- When you have finished mapping the data, click Save to store your mappings.
- When alerts begin coming through from ZMC, verify that they appear on the Cases screen in Google SecOps. Their appearance indicates that the setup is successful.
You have successfully configured the ZeroLock Management Console to send activity data to Google SecOps.