Retrieve Credentials for a GCP Bucket

Note

To use the incident response tool features, you can add the DFIR package to your instance of the Cybereason platform for an additional cost or request an Express IR environment (partners only). Contact your Customer Success representative to request access to this package or for details on how to submit the request, see How to Request a Cybereason Express IR Environment.

Endpoint URL: https://<your server>/rest/irtools/credentials
Endpoint URI: irtools/credentials

Action: GET

Retrieves credentials for a predefined GCP bucket of your environment that you can use to access the tool results output.

This request is supported for versions 21.1.81 and later.

You must have the Responder L2 role assigned for your Cybereason user to run this request.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add an Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file containing the cookie details as part of every request.


Request Body

None


Request Parameters

URL/URI parameters: none

Request Body Parameters: none


Response Status Codes

This request can return the following status codes:

  • 200: Request OK


Response Success Schema

The response contains the following fields:

Field

Type

Description

bucketName

String

The name of the bucket containing your tool’s output.

serviceAccount

JSON

An object containing details on the bucket. For details on the fields in this object, see your GCP documentation.


Response Failure Schema

None


Important Response Fields

All fields in the response are important. You should save the content of the response as a JSON file to access the GCP bucket later.

You can also use the contents of the response with the GCP API to retrieve and use the data. For details, see your GCP documentation.


Example: Retrieve GCP credentials to access the bucket with the tool output

Request

curl --request GET \
  --url https://12.34.56.78/rest/irtools/credentials \
  --header 'Content-Type:application/json' \

Response

{
  "bucketName": "cr-ir-bucket-ir-test-cycle-2-a9e96119",
  "serviceAccount": {
      "token_uri": "https://oauth2.googleapis.com/token",
      "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cr-ir-sa-ir-test-cycle-2%40ir-test-cycle-2-50149bf5.iam.gserviceaccount.com",
      "private_key_id": "3f5026e48ff25307669d312b09a30ad6c8d1408e",
      "project_id": "ir-test-cycle-2-50149bf5",
      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
      "client_email": "cr-ir-sa-ir-test-cycle-2@ir-test-cycle-2-50249bg5.iam.gserviceaccount.com",
      "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClptH9DH9cImme\nFfyCmZ40v04hujOtlX3vcaVJS5WZf2e0T1q4zS66Kll4wXM6oPMpqkADPPA0jP86\nsq+UZz3fO7OQdhQ9xWVCexeMz9nrD9fvFnK2dog4f50J0td2ZW8dtUys1Za+zvUk\n+9xt9y6fDYdt5kOIc+kHD/EGi+zj76VEyQ7npHRr0kpNez7+/Zr95c8Qgg73npWD\n/P/U/SlBNbQaj48szMUW0EgdFW+mDQxeGIZVmfffWkA7wLRXahS9slU1iPFWs6X0\nCP1uPhxW0y6OwOotPApoSkR6UqFhHWCLcW6mh9LloYzCp62f7D9wMY/IzHK9k3S7\nmerAM5NFAgMBAAECggEADjLKSkJJTasKxSi6nVxwGbKmuRquAJw7pcu75cMQw44O\nuX8ZFkCgAgeh5kkj3fabC7XdXr8DvRKzcw3gdtE9QGZsRwmX7+N81myZNtHp/806\ng50M9WQbhkbfPaRQy4POOQxSfM33PyDwv4bG/LX0d7WVJ2+r14T33Z8ZgvzOBTYL\nStdPl76ccGiCJJVvV3zAifEdVL0h3EyYdK3R7iDO7A0XRv00DTb1sSpW/AxZucJK\nbo6x6zxfrmMqrscqQf1q80Clo8v/Gbi9Yy85SSfX4SFqOPRQDu5W14auA0kezSXe\nqUh8DzEqSMqeGq6IzbrXoSkNC9+hzFW5B31o1UKpUQKBgQDPh0YTh66FTm5k+f4G\ndu7ie9OyVEFgS2y6wRK4z+8/4r7xfOH6y2rHUUkG5Avt8MxgnTTMwJkVn34OLlhy\nV/CrA7o3gtISBL2Npswi3h4A5sB3nQGnDMuUck7otgzDDWJqjZMNL0ZjYWmebShF\nB/tXRPX3YTMtp/69q0yNR2ZXPwKBgQDMV5zgzZm/CL95Dh2UyljaHAhsUAKlCXpA\nTRxpHGJymKzui3zUZGUUTzgC5C4BhU8QOA7I/Sumg4sWUOSYWiY+nS9uhpCUkAJJ\n0/wt2oKepPCYNg1b5GqbfSyB5dq052rxaYVr3wvGMt/vEI/WoCkNS7XvUPamL+nn\nvctvs3ZYewKBgQCHLAYx7Ft5StfO/6I9FbSNYrhF3Glkzlv43I9UP2QHiapzYrNS\nhrJ7Nu/JBDrc9c45U8wzXXOYyPTzSa6kz7E3wsrFI3mu8NWCcVVflKuYTLSqdGLC\nKyxi+X16SDHRzmL/Ik3Y9aT0UFvaLCFhrUxB0JIhWndaUqUzZ2MKVqpLQwKBgQDH\n4i/v6s4pAzqhBMDE6gZuHBvVL5LWs2Wlfoh6/SwD4vrOQR3zdPOLIU6t7VxfWnKT\nb/Jugs/vCx/DzY8+xHhCqWlbWUAWQqQqabV1eRhqbPd4PO9mYxIxVQlza087xF9l\nFI5RjZYr41oPtQiurm5ZtiSam30Z5SaN7KcSdd8e/wKBgEVKlOG6slN7TwEMuBbT\nGHwC8IhFEJDvHoOKyopvhdfGAmeoBjBwvDUk6NGlxIAXsh0QyPvZHzYxF/rqC7GA\nz0bPW6GX9sxwW2IxWeoqIXOVaEZV4jGRoq5VorSWVESINZ+W9xKdYmKvub4rT0rn\nNVKn8p4WTecpRcDpjOFM1k1u\n-----END PRIVATE KEY-----\n",
      "type": "service_account",
      "client_id": "115944668658311446409"
  }
}