Skip to main content
Skip table of contents

Google Drive

LAST UPDATED: APR 11, 2025

Overview

Google Drive organizes files and drivers, and provides specific attributes for each to facilitate file/driver manipulation. D3's integration with Google Drive covers major actions such as listing files, uploading files, and deleting files.

D3 SOAR is providing REST operations to function with Google Drive.

Google Drive is available for use in:

D3 SOAR

V12.7.0+

Category

Cloud Services

Deployment Options

Option II, Option IV

Connection

To connect to Google Drive from D3 SOAR, follow this part to collect the required information below:

Parameter

Description

Example

Admin Email

The email address of the Google administrator account used to authenticate the connection.

*****@*****.*****

Service Account JSON

The content of the Service Account JSON file obtained from the Google Cloud Console. The value of the client_id field must be authorized through the Google Admin Console. Refer to Configuring Google Drive to Work with D3 SOAR and Creating a service account | Google for Developers for further information.

JSON 
{
  "type": "service_account",
  "project_id": "*****",
  "private_key_id": "*****",
  "private_key": "*****",
  "client_email": "*****@*****.*****",
  "client_id": "*****",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_secret": "*****",
  "redirect_uris": [
    "https://localhost"
  ]
}

API Version

The API version.

v3

Configuring Google Drive to Work with D3 SOAR

Creating the Service Account JSON File

  1. Log into Google Cloud Platform (GCP) using an account that has administrator privileges.

  2. Enter APIs and Services in the search bar, then click the matching result.

  3. Navigate to Credentials, click the + Create credentials button, then select the Service account option.

  4. Input a name for the service account, then click the DONE button.

The service account ID is automatically generated based on the service account name.

  1. Select the newly created service account.

  2. Select the Enable Google Workspace domain-wide delegation checkbox, click the SAVE button, then navigate to the KEYS tab.

  3. Create the Service Account JSON file.

    1. Click the Add key button.

    2. Select the Create new key option.

    3. Select the JSON option.

    4. Click the Create button. Refer to step 3i sub-step 2 of the Configuring D3 SOAR to Work with Google Drive.

Enabling Google Drive API for the First Time

These steps are only required for users who have not previously used the Google Drive API.

  1. Enter Library in the search bar, then click the matching result.

  2. Scroll down and click on the Google Drive API card.

  3. Click the Enable button.

Authorizing the Client ID from the JSON File on the Google Admin Console

Ensure that the user signed in to the Google Admin Console holds Super Admin privileges.

  1. Log into the Google Admin console.

  2. Enter API controls in the search bar, then click the matching result.

  3. Scroll down and click the MANAGE DOMAIN-WIDE DELEGATION link.

  4. Click the Add new button.

  5. Copy the value of the client_id field in the downloaded service account JSON file.

    copy client id.gif

  6. Fill the Add a new client ID form.

    Group 22.png

    1. Paste the copied client_id value into the Client ID field.

    2. Enter https://www.googleapis.com/auth/drive in the OAuth scopes field.

    3. Enter https://www.googleapis.com/auth/drive.appdata in the OAuth scopes field.
      This scope is necessary to access appDataFolder.

    4. Click the Authorise button.

READER NOTE

For more information on domain-wide delegation, refer to Control API access with domain-wide delegation | Google Workspace Admin Help.

Configuring D3 SOAR to Work with Google Drive

  1. Log in to D3 SOAR.

  2. Find the Google Drive integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type Google Drive in the search box to find the integration, then click it to select it.

    4. Click on the + Connection button on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to Google Drive.

    1. Connection Name: The desired name for the connection.

    2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.

    4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): Add a description for the connection.

    6. Tenant (Optional): When configuring the connection from a master tenant site, users have the option to choose the specific tenant sites to share the connection with. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.

    7. Active: Check the checkbox to ensure the connection is available for use.

    8. Configure User Permissions: Defines which users have access to the connection.

    9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

      1. Input the Admin Email. This must be the Google administrator Gmail account.

      2. Input the content of the Service Account JSON file created from the Google Cloud Console. Refer to step 6d of Creating the Service Account JSON File.

      3. Input the API Version. The default value is v3.

    10. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.

    11. Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.

  4. Test the connection.

    1. Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.

    2. Click OK to close the alert window.

    3. Click + Add to create and add the configured connection.

READER NOTE

If the client ID in the service account JSON file was not authorized through the Google Admin Console, the connection will fail and an alert will appear after clicking the Test Connection button. Ensure to follow the steps outlined in Authorizing the Client ID from the JSON File on the Google Admin Console.

Commands

Google Drive includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command function, users can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Google Drive API, refer to the Google Drive API reference.

READER NOTE

Certain permissions are required for each command. Refer to the Permission Requirements and Configuring Google Drive to Work with D3 SOAR sections for details.

Delete Files

Deletes specified files from Google Drive.

READER NOTE

Google Drive File IDs is a required parameter to run this command.

  • Run the List Files command to obtain the Google Drive File IDs. Google Drive File IDs can be found in the raw data at the path $.files[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Google Drive File IDs

Required

The IDs of the files to delete. Google Drive File IDs can be obtained using the List Files command.

JSON 
["*****"]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Files failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: File not found: *****.

Error Sample Data

Delete Files failed.

Status Code: 404.

Message: File not found: *****.

Get Files

Retrieves details of specified files.

READER NOTE

Google Drive File IDs is a required parameter to run this command.

  • Run the List Files command to obtain the Google Drive File IDs. Google Drive File IDs can be found in the raw data at the path $.files[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Google Drive File IDs

Required

The IDs of the files for which to retrieve details. Google Drive File IDs can be obtained using the List Files command.

JSON 
[
  "*****",
  "*****"
]

Include Items From All Drives

Optional

Whether to include items from both My Drive and shared drives.

By default, the value is False.

False

Fields

Optional

A comma-separated list of file fields to include in the response, alongside default fields set by D3—kind, id, name, mimeType, createdTime, modifiedTime, modifiedByMeTime, owners, lastModifyingUser, permissions, permissionIds, originalFilename, md5Checksum, size. Using * will include all available fields but may slow performance.

By default, D3-set default fields are included in the returned response.

Refer to REST Resource: files | Google for Developers for more information.

id,mimeType

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Files failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Invalid field selection locationTType.

Error Sample Data

Get Files failed.

Status Code: 400.

Message: Invalid field selection locationTType.

List Drives

Lists the user's shared drives.

Input

N/A

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Drives failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.

Error Sample Data

List Drives failed.

Status Code: 401.

Message: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.

List Files

Lists or searches for files in Google Drive.

READER NOTE

Drive ID is an optional parameter to run this command.

  • Run the List Drives command to obtain the Drive ID. Drive IDs can be found in the raw data at the path $.drives[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Corpora

Optional

The scope within which to search for or list files. Available options include:

  • User (files the user has created, opened, or had directly shared with them)

  • Drive (files located in the designated shared drive, specified by driveId)

  • Domain (files accessible within the user's domain)

  • Drives (encompasses both User and Drive scopes across all drives the user belongs to)

For better efficiency, use User or Drive over All Drives when possible.

User

Drive ID

Optional

Only use this parameter if Corpora is set to Drive.

The ID of the shared drive to search. Drive ID can be obtained using the List Drives command.

*****

Spaces

Optional

The comma-separated list of spaces to search within the corpus. Valid values are:

  • drive

  • appDataFolder

drive,appDataFolder

Filter

Optional

Filters results using a query string. Refer to the Search for files and folders | Google for Developers for syntax.

mimeType = "application/vnd.google-apps.folder"

Page Size

Optional

The maximum number of files to return per page. Acceptable values are from 1 to 1000, inclusive.

By default, the value is 100.

Pages may return partial or empty results, even if the end of the file list has not been reached.

10

Page Token

Optional

The token used for pagination to continue retrieving results from a previous request. This should be set to the nextPageToken value from the prior response.

*****

Fields

Optional

A comma-separated list of file fields to include in the response, alongside default fields set by D3—kind, id, name, mimeType, createdTime, modifiedTime, modifiedByMeTime, owners, lastModifyingUser, permissions, permissionIds, originalFilename, md5Checksum, size. Using * will include all available fields but may slow performance.

By default, D3-set default fields are included in the returned response.

Refer to REST Resource: files | Google for Developers for more information.

id,mimeType

Include Items From All Drives

Optional

Whether to include items from both My Drive and shared drives. By default, the value is False.

This parameter must be set to True if Drive ID is specified or if Corpora is set to Drive or Drives.

False

Order By

Optional

The comma-separated list of sort keys. Available options are:

  • createdTime

  • folder

  • modifiedByMeTime

  • modifiedTime

  • name

  • name_natural

  • quotaBytesUsed

  • recency

  • sharedWithMeTime

  • starred

  • viewedByMeTime

The default sorting order is ascending, but users can reverse it by adding the desc modifier, such as in folder,modifiedTime desc,name.

modifiedTime desc

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Files failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: The includeItemsFromAllDrives parameter must be set to true when driveId is specified or corpora contains drive or allDrives.

Error Sample Data

List Files failed.

Status Code: 403.

Message: The includeItemsFromAllDrives parameter must be set to true when driveId is specified or corpora contains drive or allDrives.

Upload Files

Upload files from vSOC to Google Drive.

File IDs and File Source

It is not recommended to use the Test Command feature with the Upload Files command as it is designed for dynamic input files in Playbooks, Incident Attachments, and Artifact Attachments. There is a simple workaround to test the command:

  1. Navigate to Configuration on the top bar menu.

  2. Click on Utility Commands on the left sidebar menu.

  3. Use the search box to find and select the Create a File from input Text Array command.

  4. Click on the Test tab.

  5. Input the required information for the parameters.

  6. Click on the Test Command button. A D3 File ID will appear in the output data after the file has been successfully created. The D3 File Source of the created file will be Playbook File.

Input

Input Parameter

Required/Optional

Description

Example

File IDs

Required

The IDs of the files to upload.

JSON 
["*****"]

File Source

Required

The file source of the files to upload. The options for file sources are:

  • Incident Attachment File: Manually uploaded file from Incident

  • Playbook File: Output from another Task

  • Artifact File: Ingested Artifact in an Event

PB_FILE

File Name

Optional

The name of the file being uploaded. Do not include the file extension.

drive_uploadfile_02

Fields

Optional

A comma-separated list of file fields to include in the response, alongside default fields set by D3—kind, id, name, mimeType, createdTime, modifiedTime, modifiedByMeTime, owners, lastModifyingUser, permissions, permissionIds, originalFilename, md5Checksum, size. Using * will include all available fields but may slow performance.

By default, D3-set default fields are included in the returned response.

Refer to REST Resource: files | Google for Developers for more information.

id,mimeType

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Upload Files failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: field ID: *****, File Source: IR_ATCHMNT downloadFile failed!!

Error Sample Data

Upload Files failed.

Status Code: 404.

Message: field ID: *****, File Source: IR_ATCHMNT downloadFile failed!!

Test Connection

Allows users to perform a health check on an integration connection. Users can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Output Type

Description

Return Data Type

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

More details about an error can be viewed in the Error tab.

String

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Drive portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 401.

Message: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close