# Google SecOps
### Overview
The Google SecOps integration connects Bindplane to your Google SecOps instance, enabling two key features:
* [**SecOps Pipelines**](/feature-guides/pipeline-processing/google-secops-pipelines.md)**:** Create and manage log processing pipelines directly in Google SecOps from Bindplane.
* [**Validate SecOps Parser**](/feature-guides/pipeline-intelligence/inspect-telemetry.md#validate-secops-parser)**:** Test a log type's parser against raw log samples without deploying changes, letting you verify parsing behavior before it reaches your live environment.
***
### Connecting the Google SecOps Integration
{% hint style="warning" %}
It is highly recommended to setup the Google SecOps Pipelines for a given tenant with only 1 Bindplane Project
{% endhint %}
#### Prerequisites
* A Google SecOps instance
* A supported Bindplane plan
* [Bindplane Enterprise](https://docs.bindplane.com/plans-and-pricing/enterprise)
* [Bindplane (Google Edition)](https://docs.bindplane.com/plans-and-pricing/google-edition#bindplane-google-edition)
* [Bindplane Enterprise (Google Edition)](https://docs.bindplane.com/plans-and-pricing/google-edition#bindplane-enterprise-google-edition)
{% hint style="info" %}
New Google SecOps customers as of March 2026 or later may need to contact their Google SecOps Account Manager to get access to the "Data Processing Pipelines Preview" in order to use this integration
{% endhint %}
#### Setup
1. Navigate to your Bindplane **Project Settings** page
2. Scroll down to the **Integrations** section and click **Connect**
3. Provide details about your SecOps instance:
* Customer ID
* GCP Project Number
4. Configure an Authentication Method\
View the [example commands](#example-commands) below for configuring IAM resources.
1. *Service Account JSON*\
\
The Service Account JSON authentication method requires providing the JSON key to a service account residing in the same GCP Project as your Google SecOps Instance. The service account must have the [required IAM permissions](#required-iam-permissions) as described below.
2. *Workload Identity Federation (WIF)*\
\
WIF authentication allows you to authenticate the Google SecOps Integration without providing raw credentials. This authentication method is only supported in Bindplane Cloud. The following documentation provides instructions on how to set up WIF auth.\
[How to Connect the Google SecOps Integration with WIF Auth](https://docs.bindplane.com/how-to-guides/google-secops/connect-the-google-secops-integration-with-wif-auth)
5. Click **Connect** to complete the integration setup. If successful, the **SecOps Pipelines** tab will now appear in Bindplane, and the **Validate SecOps Parser** button will be present when viewing snapshots of telemetry being sent to a Google SecOps Destination.
***
### Required IAM Permissions
The service account used by the Google SecOps integration requires *either* of the following:
* The "Chronicle API Admin" Role
Or
* A custom role with the following permissions
```
chronicle.logProcessingPipelines.list
chronicle.logProcessingPipelines.get
chronicle.logProcessingPipelines.create
chronicle.logProcessingPipelines.update
chronicle.logProcessingPipelines.delete
chronicle.logProcessingPipelines.associateStreams
chronicle.logProcessingPipelines.dissociateStreams
chronicle.logProcessingPipelines.fetchAssociatedPipeline
chronicle.logProcessingPipelines.fetchSampleLogsByStreams
chronicle.logProcessingPipelines.testPipeline
chronicle.logTypes.list
chronicle.logTypes.get
chronicle.feeds.list
chronicle.feeds.get
chronicle.logs.list
chronicle.parsers.list
chronicle.parsers.run
```
***
### Example Commands
Below are gcloud CLI command templates for creating a custom role with the minimum required permissions, and binding it to a service account.
1. Create custom IAM role
```bash
# Replace PROJECT_ID with your Google Cloud project ID (not the project number).
gcloud iam roles create BindplaneSecOpsIntegration \
--project=PROJECT_ID \
--title="Bindplane SecOps Integration" \
--description="Grants Bindplane the permissions required for the Google SecOps integration." \
--permissions=\
chronicle.feeds.get,\
chronicle.feeds.list,\
chronicle.logs.list,\
chronicle.logProcessingPipelines.associateStreams,\
chronicle.logProcessingPipelines.create,\
chronicle.logProcessingPipelines.delete,\
chronicle.logProcessingPipelines.dissociateStreams,\
chronicle.logProcessingPipelines.fetchAssociatedPipeline,\
chronicle.logProcessingPipelines.fetchSampleLogsByStreams,\
chronicle.logProcessingPipelines.get,\
chronicle.logProcessingPipelines.list,\
chronicle.logProcessingPipelines.testPipeline,\
chronicle.logProcessingPipelines.update,\
chronicle.logTypes.get,\
chronicle.logTypes.list,\
chronicle.parsers.list,\
chronicle.parsers.run \
--stage=GA
```
2. Bind the role to a service account
```bash
# Replace PROJECT_ID and SERVICE_ACCOUNT_EMAIL with the appopriate values.
gcloud projects add-iam-policy-binding PROJECT_ID \
--member="serviceAccount:SERVICE_ACCOUNT_EMAIL" \
--role="projects/PROJECT_ID/roles/BindplaneSecOpsIntegration"
```
***
### Disconnecting the Integration
To disconnect the integration, go to **Project Settings**, **Integrations**, select **Google SecOps**, and click **Disconnect**. You will no longer have access to the **SecOps Pipelines** page or the **Validate SecOps Parser** feature. However, existing pipelines already deployed to Google SecOps are not deleted when disconnecting the integration.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.bindplane.com/feature-guides/partner-integrations/google-secops.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.