We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Hi everyone, Yesterday I noticed that there could be a problem with our SIEM. I'll give you an example:In cura...
Hi All,I just want to know is there any feasibility to merge similar alerts into one single alert that matches...
Hi guys,I am creating a yara rule to find the lateral movement of the users. But i am stuck at assigning risk ...
Attending RSAC 2024? Join us at the upcoming Google Security Operations workshop, where we'll do a deep dive i...
Hi,is there any API endpoint to manage alerts? We'd like to be able to close alerts from scripting and externa...
Hey everyone!I've come across a peculiar issue and wanted to see if anyone else is experiencing the same thing...
@Marie_Chudolij YouTube video 2-27-24 - Chronicle SOAR to the Rescue: Orchestrate SIEM Reference List Updates ...
Empowering Detection Engineering with Chronicle SIEM and Mandiant Security Validation Introduction Detection e...
Hi All,Can we parse a log with the below mentioned format with out making any changes while ingesting?[ { "hea...
The Parser syntax reference documentation https://cloud.google.com/chronicle/docs/reference/parser-syntax#gsub...
I changed the buffersize from default (65000) to 512000 both in im_file & om_tcp modules but it give the follo...
Hello All,I was trying to install forwarder on my test machine which has been newly configured and it is showi...
I have created a custom parser for json raw data for proofpoint. I tested my parser and was able to get all re...
Hi community. Yesterday I noticed something weird working on Chronicle SIEM. We received an alert coming from ...
The following doc makes reference to the term "predicate".https://cloud.google.com/chronicle/docs/detection/ya...
Hi All,How to collect the specific application logs for Windows servers. could you please us.
Hello everyone!I am creating a custom parser for json logs and I need to convert domains_list into principal.u...
Hello everyone, we are currently developing a parser for logs that are in JSON format (not raw JSON). Is it po...
Has anyone here ingested data to SIEM via a temporary label and then migrated to a new data label? We recently...
Hey folks!!For GCP audit logs does anyone know if there are any udm event for storage.object.get or storage.ob...
What does this different color (Green, Grey, Red, violet etc..) coding says for an Event? Are there any more ?...
We are try to extract alert generated in Chronicle instance with the below approaches: Approach 1: https://clo...
I'm looking at events in Chronicle withmetadata.log_type = "WORKSPACE_ACTIVITY"metadata.product_name = "drive"...