First you will create a Google Workspace account that will serve as a sevice account used by Wazuh to connect. We will make sure to not give this account a Google Workspace licence, both for financial and security reasons.
In the Organizational units screen create an OrgUnit called Service accounts.
Change the Licence settings for that OrgUnit so that licenses are not automatically assigned. Note that the sliders do not appear until your mouse is over the option.
Create a new user in that OrgUnit, naming it for example First name SVC Wazuh and Last name Monitoring with an e-mail address of [email protected].
- in Admin roles and privileges check the
Reportsrole - in Licences double-check that the user does not have a paying licence
- in Apps double-check that the user does not have access to apps that it shouldn't
Depending on your policies you may also need to change other OrgUnit-wide settings for the OrgUnit, so that you can turn off 2-step verification or require password change in the Security tab sheet.
At https://console.cloud.google.com/ create a new project called Wazuh.
In the Enabled API & services enable the Admin SDK API
In the API & Services menu select the OAuth consent screen and create an internal user type and with an App name of for example Wazuh monitoring. Then click SAVE AND CONTINUE.
In the Scopes screen, add the scope https://www.googleapis.com/auth/admin.reports.audit.readonly. Then click SAVE AND CONTINUE.
In the Credentials screen create an OAuth client ID of type Web application. Set the Name of the client to Wazuh monitoring and add as Authorized redirect URI the URL http://localhost:8888/ (note the trailing slash).
Download the JSON containing the Client secret, you will use it in the next step.
