Skip to content

Looker setup

This guide covers the installation and configuration of Looker dashboards for visualizing DomainTools data from Chronicle.

Prerequisites

  • Billing Project identifier (ID), Dataset name, and Service account file of BigQuery that stores Chronicle data for database connection in Looker
  • BigQuery Export feature needs to be enabled for your Chronicle tenant. (Reach out to your Chronicle representative to set this up.)
  • Administrator Role User - to create a database connection and install block from the marketplace

Create a connection to Google Chronicle in Looker

  1. To create a connection to Google Chronicle, first open the Looker instance and navigate to the Home page.
  2. Now open the main menu, select Administrator, and then go to the Connection page.
  3. Now click the Add connection to create a new connection.
  4. Enter the name of the connection as you prefer and select Google BigQuery Standard SQL in the Dialect. Now several new fields will appear.
  5. Enter Billing Project ID field. Example: "chronicle-crds" here, where Chronicle data is present.
  6. Enter the datalake in the Dataset name.
  7. To configure authentication, select the service account method and upload your Chronicle service account file.
  8. In the optional settings, set both the timestamps (Database timestamp and query timestamp) as Coordinated Universal Time (UTC) (the time fields shown in dashboards will be populated accordingly).
  9. Click the Connect button (![][image16]) to complete the connection setup. Looker is now connected to the Google Chronicle database.

Get the block from GitHub repository

  1. Go to DomainTools looker dashboard github repository and fork the same. Make sure to clear the option for fork only the main branch.
  2. Go to Looker and turn on Development Mode from the sidebar panel.
  3. Select Projects from the Develop menu.
  4. From the LookML Projects page, select New LookML Project to open the New Project page.
  5. On the New Project page, configure these options for your new project: Project Name: Give project name 'domaintools_dashboards'. Starting Point: Select Blank Project. Click Create Project. The project will be created and opened in the Looker Integrated Development Environment (IDE).
  6. Click the Settings icon from the navigation bar, and open the Configure Git page by selecting the Configure Git button.
  7. In Looker's Configure Git section, paste the URL of the for forked DomainTools Looker Dashboard Git Repository in the Repository URL field, then select Continue. For example, https://github.com/<your_username>/looker-dashboards.git.
  8. Enter the github username and Personal Access Token, then click Test and finalize setup.
  9. If you get an error like "Ensure credential allow write access failed", just enter the username and token again and click Skip tests and finalize setup.
  10. Click the git action tab and select 'develop-dashboards-production' branch in the current branch.
  11. Now, you should be able to see the code. If not visible
    1. In the 'Git Actions' tab from the left side, click the Pull from… option.
    2. Select the Pull From Remote (develop-dashboards-production) option and click the Confirm button.
  12. Click the File Browser tab from the left side, click manifest.lkml, and enter the value of the following constants. Then click Save Changes.
    1. CONNECTION_NAME: Name of the database connection for the Chronicle dataset in BigQuery.
    2. CHRONICLE_URL: The base URL of your Chronicle console tenant, for example, https://tenant.backstory.chronicle.security
    3. GOOGLE_CLOUD_FUNCTION_NAME: The name of the cloud function.
    4. GOOGLE_CLOUD_FUNCTION_REGION: The name of the cloud function region. List of regions can be found at https://cloud.google.com/functions/docs/locations
    5. GOOGLE_CLOUD_PROJECT_ID: The name of the cloud function project ID. Find Project ID https://support.google.com/googleapi/answer/7014113?hl=en
  13. In the Git Actions, click Commit to push changes to the repository and then click Deploy to Production: Note: 'Deploy to Production' will push code to the production branch that is set in the project settings. By default, it will be the 'main' branch. If you don't want to push code to 'main' branch, then create your own branch and set it to 'Git Production Branch Name' in project settings. Then click Deploy to Production.
  14. On the Homepage of your Looker instance, navigate to the "LookML dashboards" tab under the "Folders" tab to access and view all the dashboards.

Get the block from Marketplace

  1. After a successful connection, click the 'marketplace' button in the top-right corner.
  2. Click "Discover".
  3. It will open a Looker marketplace.
  4. Search "DomainTools", it will open the page for installation.
  5. Click "install+".
  6. Select Install and Accept terms and conditions.
  7. Click Agree and Continue.
  8. Select Connection Name from the dropdown.
  9. After Successful installation, the user will be able to see the DomainTools block under Home \=> Blocks. It would be displayed similarly to the Chronicle block displayed in the image below.
  10. After clicking it, the user will be able to see the below listed dashboards, which would populate DomainTools data from your configured Chronicle instance. Example, Dashboards are displayed after installing the Chronicle Block.