For anyone interested, Google Cloud has a free online Modern SecOps (MSO) course focusing on Modernizing Cyber...
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Hi, i wrote a Rule, but working the Exclusion "WindowsBackup" not.Can you help me?Regards rule Powershell {met...
Hi,I'm looking to create a parser extension for the default GCP Loadbalancer one, since it currently doesn't p...
Hi All,Is there any way to combine a raw log search with some UDM filter applied. Let's say I want to search a...
Hi,Is there a way to ingest Hubspot CRM audit logs to collect to Chronicle? I think we can collect them to GCP...
Hi,I want to export alerts from Chronicle to TheHive. How can I realize that. I made search for REST API but I...
Hi,My firm has Chronicle und VT Lizenz. How can I use VirusTotal Relationships (vt) in YARA Rule?ThanksSerbay
Hello everyone, we are currently developing a parser for logs that are in JSON format (not raw JSON). Is it po...
Hi All,We are already ingesting logs from Dell EMC PowerStore (with a custom parser), but there is also a requ...
Hi all,My client wants to ingest logs from their Huawei OceanStor Pacific appliances, but there is no datatype...
Hi All,I recently tried to do a PoC of chronicle SIEM and after setting up a forwarder to send logs collected ...
Hi,Is there any way to clone a widget from one dashboard to another? I see an option to duplicate the widget w...
HI team, I require assistance in developing a custom parser for processing raw logs. Additionally, I seek guid...
Recently I reviewed an article covering an attack path that an actor took in a Google Workspace/GCP environmen...
I will like to know, if this type of SIEM needs agents to be installed on the client host?
anyone here tried creating a rule that was able to capture encryption in a host,I would like to get some ideas...
Hello,our customer tries to sent files to parser which are bigger than 65000 bytes. Is this a forwarder limita...
Does anyone have a dashboard to share? I have a few, but I'd like to see some different perspectives.
Do any of you know when Google Chronicle SIEM was officially released? I cannot find any resources about this.
Has anyone here ingested data to SIEM via a temporary label and then migrated to a new data label? We recently...
Hello everyone!I am having a doubt regarding the deprecated label; i.e., $ioc.graph.entity.labels.key, which h...
Hey folks!!For GCP audit logs does anyone know if there are any udm event for storage.object.get or storage.ob...
What does this different color (Green, Grey, Red, violet etc..) coding says for an Event? Are there any more ?...
There's an official Chronicle Looker block available on the Marketplace, and it mentions that the 'BigQuery Ex...
Hello everyone!Im currently struggling with the regex usage in the rule.I need to create a regex in order to d...
Is there a list of out-of-box Chronicle rules available somewhere to review? Similar to what SCC Premium provi...
Hi all, I'm working on tuning that yaral rules gcp_cloudaudit/gcp_dns_modification.yaral from the github repo....
Hi All,I'm looking for a way to fulfill reporting requirements, potentially through dashboards. I understand t...
Recently we've been having trouble getting several Chronicle Ingestion scripts working (found here https://git...
Hey all, I open sourced our Chronicle detection rules (and a few helpers) on GitHub a couple of weeks back. I'...
Hello,how is the data (UDM and RAW) in the DB encrypted? For example if storing security strings.Thanks for th...