New Google Cloud Security Customer Success Services Available!
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
SIEM Forum
Find answers to your questions from passionate experts in the community, share industry updates, and engage in discussion.
Forum Posts
SIEM search filter by numeric additional.fields
I have a log source which parses out a field into additional.fields["Num_cloned_repos"]. The value is parsed a...
Zscaler log ingestion
Hi everyoneHas anyone had any experience with ingesting ZScaler logs?I was expecting a cloud-to-cloud connecti...
Difference between all Crowdstrike available Parsers
Hi Everyone,As per Chronicle documenation , we have 4 below pre built parsers. Would you please let me know th...
Exporting Windows AD Logs (user_context & asset_context) - NXLog Issue
I'm configuring a PowerShell script and Task Scheduler to export Windows AD logs (user_context & asset_context...
Multi Tenant SIEM instances
Hi all,As far as I know, it is possible to use Chronicle SIEM in multi-tenant environments, and using labels y...
Pub/SUB push from unbounded GCP project
Is it possible to use Pub/Sub push to forward logs from an unbounded GCP project to Chronicle SIEM?The pub/sub...
Enriching S-1-5-18 System Account
Does anyone else have an issue with the SID S-1-5-18 (System / LocalSystem)? It's not being pulled from our AD...
Trying to understand sliding window in YARA L
Hello Team New to YARA L and i am trying to understand how to get a rule to alert if there is a "new" event NO...
Understanding YARA-L Rules
Hello! I'm working on a YARA-L detection project and need some guidance. I'm trying to create a rule to detect...
Help! Looking for Video Tutorial on Writing Parsers from Scratch in Google Chronicle
Namaste everyone,I am hoping someone can help me out. I'm trying to learn how to write parsers from scratch in...
Log collection protocols
Is Google SecOps support the following log collection protocols: Syslog over Syslog NG, SDEE(Security Device E...
Silent log source detection
Hi Team,I am looking to get an alert if I miss a log from an endpoint from a server. Since the ingestion API m...
Requesting Assistance : Identifying Unparsed Logs in Chronicle SIEM UI
Namaste everyone,Since the raw search function has a limitation of 10,000 logs, it's difficult to identify whi...
Better understanding of curated detection rules
Hello everyone,We activated most of the curated detection rules that are available within SecOps SIEM (about 1...
Match window and detections
I have a rule with a match window of 4 hours and have the frequency of the rule set to 1 hour. I expect the ru...
Metadata Time Start and End Time Interval is not being followed
Hello,I'm setting up asset enrichment through the ENTITY_CONTEXT. I have configured time interval as below:By ...
Workday Integration to Chronicle SIEM
Do you have any documentation on the integration of Workday with CSIEM? I understand this typically involves a...
Yara - L question
Just a question we are ingesting MISP logs through ingestion api we have the fields parsing now and we can sea...
Chronicle forwarder: Kafka
Hello All,I'm trying to push some logs via Kafka to Chronicle SIEM. Kafka server has been set up and logs are ...
Compare event to previous similar event - YARA-L rule
Hi,Does anyone have any experience with creating a YARA-L rule that looks for a particular event such as a vul...
Issues with SIEM forwarder for Windows on Docker
Hi Team,We are unable to see Windows on Docker forwarder logs in Chronicle SIEM.Is there any documenation to f...
Log source stopped reporting from last (x) days
I am trying to create a view to have time difference between and value. And to then set an alert, dashboard et...
YARA-L rule to detect ingestion drop
Hi,Has anyone got any experience with creating a YARA-L rule that detects when a log source drops ingesting? I...
Google SecOps best practices
Hello Team or esteemed members,Do we have any recommended best practices from Google or your own recommendatio...
Timestamp for Windows events
Hello everyone, my windows servers are sending DNS debug logs and NPS debug logs from the corresponding files,...
search to find changes in rules - SIEM
Is there a way to run a SIEM search on rules so I can report out rules by name, status, last updated, updated ...
Snare Windows Event Logs with WINEVTLOG default parser
Dear Community,Did anyone manage to successfully transform or parse Windows Event Logs (System, Security) that...
BindPlane OpenTelemetry collector
Dear All,Could anyone please give a documentation for how to use "BindPlane OpenTelemetry collector" for syslo...
Collecting Crowdstrike IDP logs
Hi everyone,I've been struggling to find a way to collect Crowdstrike Identity Protection logs in Google Chron...
Data Ingestion and Health dashboard
Hi Team,Could someone please clarify the exact meaning of the "Parsing error" and "Validation error" in the Da...
