New Google Cloud Security Customer Success Services Available!
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
•
Posted
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Is there a list of out-of-box Chronicle rules available somewhere to review? Similar to what SCC Premium provi...
Hi all, I'm working on tuning that yaral rules gcp_cloudaudit/gcp_dns_modification.yaral from the github repo....
Hi All,I'm looking for a way to fulfill reporting requirements, potentially through dashboards. I understand t...
Recently we've been having trouble getting several Chronicle Ingestion scripts working (found here https://git...
Hey all, I open sourced our Chronicle detection rules (and a few helpers) on GitHub a couple of weeks back. I'...
Hello,how is the data (UDM and RAW) in the DB encrypted? For example if storing security strings.Thanks for th...
We are try to extract alert generated in Chronicle instance with the below approaches: Approach 1: https://clo...
I ingested 911K log lines and I can see in the "Data Ingestion and Health" dashboard that 8.2K failed, but I d...
Hi,is there a way to create a reference list via the GUI? The only way I found is via APIs...Thanks.A
If I do a UDM Search for network.email.to = "" it returns a result, but if I copy the UDM for network.session_...
I'm looking at events in Chronicle withmetadata.log_type = "WORKSPACE_ACTIVITY"metadata.product_name = "drive"...
Hello everyone! I just started working with Chronicle SIEM and I need some help with a YARA-L rule.I need to c...
Does Chronicle have the ability to forward data to other SIEM platforms? Such as Splunk, IBM QRadar.
Hi All,I want access the metrics available in Big Query which are ingested by Chronicle SIEM using Python. Can...
Hi all, what is the process we should be following to ensure we don’t get duplicate events? I found one refere...
Hi!I wrote a YARA-L rule for IOC matching where i need to check if the confidence level of the IOC is above 75...
Hi i'm searching for an API to monitor EPS for number of events ingested, parsed in UDM etc, Is there anything...
Hi all, I was writing a YARA-L detection rule in the Chronicle editor and I need to match the string "C:\Progr...
Hi all, can we send logs to chronicle via intranet traffic instead of going over the internet?
I have a question: When Ingesting from GCS buckets using feeds management UI, it mentions that chronicle doesn...
Hi there! Is there a way to simply inject syslog without any parser (because there is none available for the p...
Does anyone have any advice on how you could create a dashboard to see the average amount of time between the ...
In the documentation it seems that the arrays.contains function can be used like the following, arrays.contain...
Is it possible to make a Yara-L rule that is detecting off of a specific field in the additional section?I hav...
Does anyone know if Google have a list of Rules which are available in Chronicle Security and are base on whic...
What’s been your experience sharing log parsers with people on this community? Has it been beneficial? Risky? ...
Is there any way in Yara-L to check if a UDM field contains a substring of another UDM field? The following ex...
Hi Team, Looking for guidance creating customers in chronicle siem using the api. Can't seem to get it working...
Hi All, I was wondering if the Demo has the 'Enterprise insights' feature
Does anyone have any advice on how you could create a dashboard to see the average amount of time between the ...
User | Likes Count |
---|---|
8 | |
6 | |
5 | |
3 | |
3 |