[google-secops-siem-incidents] Creation of the connector (#5406) by Kakudou · Pull Request #6322 · OpenCTI-Platform/connectors

Kakudou · 2026-04-30T10:42:50Z

Proposed changes

Add new google-secops-siem-incidents external-import connector that fetches Chronicle SIEM rule alerts via the Legacy Search API, converts them to STIX2.1 (incidents, observables, relationships), and sends bundles to OpenCTI with backward-sliding-window pagination and checkpoint-based state persistence.

Catalog/Composer:

Log of the connector:

Tests:

Linter:

Manifest:

Related issues

#5406

Checklist

I consider the submitted work as finished
I have signed my commits using GPG key.
I tested the code for its functionality using different use cases
I added/update the relevant documentation (either on github or on notion)
Where necessary I refactored code to improve the overall quality

Further comments

codecov · 2026-04-30T10:44:49Z

⚠️ JUnit XML file not found

The CLI was unable to find any JUnit XML files to upload.
For more help, visit our troubleshooting guide.

…d entry point

…try point

…nd retry strategy

… pagination

…pers

…ert_id

…ll_api()

…onsibility methods

…cize compute_pagination_pivot

…ublic pivot API

…covery

… mappers

…and descriptions

Kakudou self-assigned this Apr 30, 2026

Kakudou added filigran team use to identify PR from the Filigran team connector: google-secops-incidents labels Apr 30, 2026

Kakudou changed the title ~~Feat/create google secops~~ [google-secops-siem-incidents] Creation of the connector (#5406) Apr 30, 2026

Kakudou linked an issue Apr 30, 2026 that may be closed by this pull request

[google-secops-siem-incidents] New connector for Google SecOps SIEM to collect Incidents, discovered IOCs #5406

Open

Kakudou force-pushed the feat/create-google-secops branch 10 times, most recently from 260b366 to cf72754 Compare April 30, 2026 11:29

Kakudou added the do not merge Do not merge this PR until this tag will be removed label May 4, 2026

Kakudou added 13 commits May 4, 2026 17:55

📦 chore(project): add tooling and dependency manifests

57f6fe6

✨ feat(boilerplate): add settings, converter stub, connector core, an…

a5f5518

…d entry point

✅ test(boilerplate): add pytest suite for settings, connector, and en…

eaf62b6

…try point

🐳 feat(docker): add containerisation with direct Python entrypoint

cda8a26

📄 docs(config): add config.yml.sample, .env.sample, and config.yml

0dd440d

✨ feat(api-engine): add exception hierarchy and ABC interfaces

e573913

✨ feat(api-engine): add circuit breaker, rate limiter, HTTP client, a…

7ccf0ac

…nd retry strategy

✅ test(api-engine): add 35 BDD pytest tests for all engine components

bff2c04

📝 docs(api-engine): add README

12d6222

🧬 feat(models): add RuleAlertResponse Pydantic models

860a08c

✅ test(chronicle-client): add RED tests with polyfactory factories

d040e0d

🛂 feat(client-api): add GoogleAuthHook and GoogleSecOpsApiClient with…

a9229fd

… pagination

✅ test(converter-stix): add RED tests for mappers and converter

b7d01cf

Kakudou and others added 24 commits May 4, 2026 17:55

🧬 feat(mappers): add incident, observable, and relationship mappers

4e25b6e

🔀 feat(converter): implement convert_rule_alert orchestrating all map…

7dd3fc8

…pers

🛂 feat(connector): implement async intelligence pipeline with pagination

3b4a385

✅ test(e2e): add end-to-end integration tests with log fixtures

a95044d

✨ feat(state): integrate SDK ConnectorStateManager for typed state

d968306

📝 docs(readme): add connector README

69f9201

🐛 fix(mappers): include rule_name in incident name and fallback to al…

6846967

…ert_id

📊 feat(connector): add unique count to stix_count and type_summary logs

6d762fb

♻️ refactor(client-api): fix Law of Demeter via public close() and ca…

5a1d064

…ll_api()

♻️ refactor(connector): decompose god method into focused single-resp…

4c57d4c

…onsibility methods

♻️ refactor(api-engine): propagate close() through strategy interface

adb33b7

♻️ refactor(client-api): extract parse_ts to shared utility and publi…

f1a3fa9

…cize compute_pagination_pivot

♻️ refactor(connector): use shared parse_ts, pure _send_bundle, and p…

94a9490

…ublic pivot API

✅ fix(tests): add RateLimiterRegistry cleanup and fix hidden test dis…

24d1a06

…covery

⚰️ fixup! 🧬 feat(mappers): add incident, observable, and relationship…

36c1b9f

… mappers

📦 chore(project): getting catalog ready

1057b0d

🚨 fix(linter): fix isort

eda6074

➕ fix(test-requirements): fix test-req

2193f82

🚨 fix(ci): fix isort and manifest.json

c7bf9e9

💥 fix(isort) T_T

e67fc49

refactor(connector): applying codestyle requirements

be72c00

🔧 refactor(settings): remove chronicle_ prefix from all config fields

baf053a

🐛 fix(mappers): iterate all matching outcomes instead of first only

11cb85f

♻️ refactor(settings): remove all Chronicle mentions from docstrings …

5511a5c

…and descriptions

Kakudou force-pushed the feat/create-google-secops branch from d5533a0 to 5511a5c Compare May 4, 2026 15:56

🚨 fix(linter)

fa66b6d

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[google-secops-siem-incidents] Creation of the connector (#5406)#6322

[google-secops-siem-incidents] Creation of the connector (#5406)#6322
Kakudou wants to merge 38 commits intomasterfrom
feat/create-google-secops

Kakudou commented Apr 30, 2026

Uh oh!

codecov Bot commented Apr 30, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Kakudou commented Apr 30, 2026

Proposed changes

Related issues

Checklist

Further comments

Uh oh!

codecov Bot commented Apr 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ JUnit XML file not found

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

codecov Bot commented Apr 30, 2026 •

edited

Loading