Google Drive
LAST UPDATED: APR 11, 2025
Overview
Google Drive organizes files and drivers, and provides specific attributes for each to facilitate file/driver manipulation. D3's integration with Google Drive covers major actions such as listing files, uploading files, and deleting files.
D3 SOAR is providing REST operations to function with Google Drive.
Google Drive is available for use in:
Connection
To connect to Google Drive from D3 SOAR, follow this part to collect the required information below:
Parameter | Description | Example |
Admin Email | The email address of the Google administrator account used to authenticate the connection. | *****@*****.***** |
Service Account JSON | The content of the Service Account JSON file obtained from the Google Cloud Console. The value of the client_id field must be authorized through the Google Admin Console. Refer to Configuring Google Drive to Work with D3 SOAR and Creating a service account | Google for Developers for further information. |
JSON
|
API Version | The API version. | v3 |
Configuring Google Drive to Work with D3 SOAR
Creating the Service Account JSON File
Log into Google Cloud Platform (GCP) using an account that has administrator privileges.
Enter APIs and Services in the search bar, then click the matching result.
Navigate to Credentials, click the + Create credentials button, then select the Service account option.
Input a name for the service account, then click the DONE button.
The service account ID is automatically generated based on the service account name.
Select the newly created service account.
Select the Enable Google Workspace domain-wide delegation checkbox, click the SAVE button, then navigate to the KEYS tab.
Create the Service Account JSON file.
Click the Add key button.
Select the Create new key option.
Select the JSON option.
Click the Create button. Refer to step 3i sub-step 2 of the Configuring D3 SOAR to Work with Google Drive.
Enabling Google Drive API for the First Time
These steps are only required for users who have not previously used the Google Drive API.
Enter Library in the search bar, then click the matching result.
Scroll down and click on the Google Drive API card.
Click the Enable button.
Authorizing the Client ID from the JSON File on the Google Admin Console
Ensure that the user signed in to the Google Admin Console holds Super Admin privileges.

Log into the Google Admin console.
Enter API controls in the search bar, then click the matching result.
Scroll down and click the MANAGE DOMAIN-WIDE DELEGATION link.
Click the Add new button.
Copy the value of the client_id field in the downloaded service account JSON file.
Fill the Add a new client ID form.
Paste the copied client_id value into the Client ID field.
Enter https://www.googleapis.com/auth/drive in the OAuth scopes field.
Enter https://www.googleapis.com/auth/drive.appdata in the OAuth scopes field.
This scope is necessary to access appDataFolder.Click the Authorise button.
READER NOTE
For more information on domain-wide delegation, refer to Control API access with domain-wide delegation | Google Workspace Admin Help.
Configuring D3 SOAR to Work with Google Drive
Log in to D3 SOAR.
Find the Google Drive integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Google Drive in the search box to find the integration, then click it to select it.
Click on the + Connection button on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Google Drive.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add a description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, users have the option to choose the specific tenant sites to share the connection with. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.
Active: Check the checkbox to ensure the connection is available for use.
Configure User Permissions: Defines which users have access to the connection.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input the Admin Email. This must be the Google administrator Gmail account.
2. Input the content of the Service Account JSON file created from the Google Cloud Console. Refer to step 6d of Creating the Service Account JSON File.
3. Input the API Version. The default value is v3.
Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.
Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.
Test the connection.
Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
READER NOTE
If the client ID in the service account JSON file was not authorized through the Google Admin Console, the connection will fail and an alert will appear after clicking the Test Connection button. Ensure to follow the steps outlined in Authorizing the Client ID from the JSON File on the Google Admin Console.

Commands
Google Drive includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command function, users can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Google Drive API, refer to the Google Drive API reference.
READER NOTE
Certain permissions are required for each command. Refer to the Permission Requirements and Configuring Google Drive to Work with D3 SOAR sections for details.
Delete Files
Deletes specified files from Google Drive.
READER NOTE
Google Drive File IDs is a required parameter to run this command.
Run the List Files command to obtain the Google Drive File IDs. Google Drive File IDs can be found in the raw data at the path $.files[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Google Drive File IDs | Required | The IDs of the files to delete. Google Drive File IDs can be obtained using the List Files command. |
JSON
|
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Files failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: File not found: *****. |
Error Sample Data Delete Files failed. Status Code: 404. Message: File not found: *****. |
Get Files
Retrieves details of specified files.
READER NOTE
Google Drive File IDs is a required parameter to run this command.
Run the List Files command to obtain the Google Drive File IDs. Google Drive File IDs can be found in the raw data at the path $.files[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Google Drive File IDs | Required | The IDs of the files for which to retrieve details. Google Drive File IDs can be obtained using the List Files command. |
JSON
|
Include Items From All Drives | Optional | Whether to include items from both My Drive and shared drives. By default, the value is False. | False |
Fields | Optional | A comma-separated list of file fields to include in the response, alongside default fields set by D3—kind, id, name, mimeType, createdTime, modifiedTime, modifiedByMeTime, owners, lastModifyingUser, permissions, permissionIds, originalFilename, md5Checksum, size. Using * will include all available fields but may slow performance. By default, D3-set default fields are included in the returned response. Refer to REST Resource: files | Google for Developers for more information. | id,mimeType |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Files failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid field selection locationTType. |
Error Sample Data Get Files failed. Status Code: 400. Message: Invalid field selection locationTType. |
List Drives
Lists the user's shared drives.
Input
N/A
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Drives failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested. |
Error Sample Data List Drives failed. Status Code: 401. Message: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested. |
List Files
Lists or searches for files in Google Drive.
READER NOTE
Drive ID is an optional parameter to run this command.
Run the List Drives command to obtain the Drive ID. Drive IDs can be found in the raw data at the path $.drives[*].id.
Input
Input Parameter | Required/Optional | Description | Example |
Corpora | Optional | The scope within which to search for or list files. Available options include:
For better efficiency, use User or Drive over All Drives when possible. | User |
Drive ID | Optional | Only use this parameter if Corpora is set to Drive. The ID of the shared drive to search. Drive ID can be obtained using the List Drives command. | ***** |
Spaces | Optional | The comma-separated list of spaces to search within the corpus. Valid values are:
| drive,appDataFolder |
Filter | Optional | Filters results using a query string. Refer to the Search for files and folders | Google for Developers for syntax. | mimeType = "application/vnd.google-apps.folder" |
Page Size | Optional | The maximum number of files to return per page. Acceptable values are from 1 to 1000, inclusive. By default, the value is 100. Pages may return partial or empty results, even if the end of the file list has not been reached. | 10 |
Page Token | Optional | The token used for pagination to continue retrieving results from a previous request. This should be set to the nextPageToken value from the prior response. | ***** |
Fields | Optional | A comma-separated list of file fields to include in the response, alongside default fields set by D3—kind, id, name, mimeType, createdTime, modifiedTime, modifiedByMeTime, owners, lastModifyingUser, permissions, permissionIds, originalFilename, md5Checksum, size. Using * will include all available fields but may slow performance. By default, D3-set default fields are included in the returned response. Refer to REST Resource: files | Google for Developers for more information. | id,mimeType |
Include Items From All Drives | Optional | Whether to include items from both My Drive and shared drives. By default, the value is False. This parameter must be set to True if Drive ID is specified or if Corpora is set to Drive or Drives. | False |
Order By | Optional | The comma-separated list of sort keys. Available options are:
The default sorting order is ascending, but users can reverse it by adding the desc modifier, such as in folder,modifiedTime desc,name. | modifiedTime desc |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Files failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: The includeItemsFromAllDrives parameter must be set to true when driveId is specified or corpora contains drive or allDrives. |
Error Sample Data List Files failed. Status Code: 403. Message: The includeItemsFromAllDrives parameter must be set to true when driveId is specified or corpora contains drive or allDrives. |
Upload Files
Upload files from vSOC to Google Drive.
File IDs and File Source
It is not recommended to use the Test Command feature with the Upload Files command as it is designed for dynamic input files in Playbooks, Incident Attachments, and Artifact Attachments. There is a simple workaround to test the command:
Navigate to Configuration on the top bar menu.
Click on Utility Commands on the left sidebar menu.
Use the search box to find and select the Create a File from input Text Array command.
Click on the Test tab.
Input the required information for the parameters.
Click on the Test Command button. A D3 File ID will appear in the output data after the file has been successfully created. The D3 File Source of the created file will be Playbook File.
Input
Input Parameter | Required/Optional | Description | Example |
File IDs | Required | The IDs of the files to upload. |
JSON
|
File Source | Required | The file source of the files to upload. The options for file sources are:
| PB_FILE |
File Name | Optional | The name of the file being uploaded. Do not include the file extension. | drive_uploadfile_02 |
Fields | Optional | A comma-separated list of file fields to include in the response, alongside default fields set by D3—kind, id, name, mimeType, createdTime, modifiedTime, modifiedByMeTime, owners, lastModifyingUser, permissions, permissionIds, originalFilename, md5Checksum, size. Using * will include all available fields but may slow performance. By default, D3-set default fields are included in the returned response. Refer to REST Resource: files | Google for Developers for more information. | id,mimeType |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Upload Files failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: field ID: *****, File Source: IR_ATCHMNT downloadFile failed!! |
Error Sample Data Upload Files failed. Status Code: 404. Message: field ID: *****, File Source: IR_ATCHMNT downloadFile failed!! |
Test Connection
Allows users to perform a health check on an integration connection. Users can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Output Type | Description | Return Data Type |
Return Data | Indicates one of the possible command execution states: Successful or Failed. The Failed state can be triggered by any of the following errors:
More details about an error can be viewed in the Error tab. | String |
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 401. Message: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested. |