We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
I have a log source which parses out a field into additional.fields["Num_cloned_repos"]. The value is parsed a...
Hi everyoneHas anyone had any experience with ingesting ZScaler logs?I was expecting a cloud-to-cloud connecti...
Hi Everyone,As per Chronicle documenation , we have 4 below pre built parsers. Would you please let me know th...
I'm configuring a PowerShell script and Task Scheduler to export Windows AD logs (user_context & asset_context...
Hi all,As far as I know, it is possible to use Chronicle SIEM in multi-tenant environments, and using labels y...
Is it possible to use Pub/Sub push to forward logs from an unbounded GCP project to Chronicle SIEM?The pub/sub...
Hello Team New to YARA L and i am trying to understand how to get a rule to alert if there is a "new" event NO...
Hello! I'm working on a YARA-L detection project and need some guidance. I'm trying to create a rule to detect...
Namaste everyone,I am hoping someone can help me out. I'm trying to learn how to write parsers from scratch in...
Is Google SecOps support the following log collection protocols: Syslog over Syslog NG, SDEE(Security Device E...
Hi Team,I am looking to get an alert if I miss a log from an endpoint from a server. Since the ingestion API m...
Namaste everyone,Since the raw search function has a limitation of 10,000 logs, it's difficult to identify whi...
Hello everyone,We activated most of the curated detection rules that are available within SecOps SIEM (about 1...
I have a rule with a match window of 4 hours and have the frequency of the rule set to 1 hour. I expect the ru...
Hello,I'm setting up asset enrichment through the ENTITY_CONTEXT. I have configured time interval as below:By ...
Do you have any documentation on the integration of Workday with CSIEM? I understand this typically involves a...
Just a question we are ingesting MISP logs through ingestion api we have the fields parsing now and we can sea...
Hello All,I'm trying to push some logs via Kafka to Chronicle SIEM. Kafka server has been set up and logs are ...
Hi,Does anyone have any experience with creating a YARA-L rule that looks for a particular event such as a vul...
Hi Team,We are unable to see Windows on Docker forwarder logs in Chronicle SIEM.Is there any documenation to f...
I am trying to create a view to have time difference between and value. And to then set an alert, dashboard et...
Hi,Has anyone got any experience with creating a YARA-L rule that detects when a log source drops ingesting? I...
Hello Team or esteemed members,Do we have any recommended best practices from Google or your own recommendatio...
Hello everyone, my windows servers are sending DNS debug logs and NPS debug logs from the corresponding files,...
Is there a way to run a SIEM search on rules so I can report out rules by name, status, last updated, updated ...
Dear Community,Did anyone manage to successfully transform or parse Windows Event Logs (System, Security) that...
Dear All,Could anyone please give a documentation for how to use "BindPlane OpenTelemetry collector" for syslo...
Hi everyone,I've been struggling to find a way to collect Crowdstrike Identity Protection logs in Google Chron...
Hi Team,Could someone please clarify the exact meaning of the "Parsing error" and "Validation error" in the Da...
User | Likes Count |
---|---|
9 | |
6 | |
4 | |
4 | |
3 |