Introducing Modern Security Operations Free Course
For anyone interested, Google Cloud has a free online Modern SecOps (MSO) course focusing on Modernizing Cyber...
SIEM Forum
Find answers to your questions from passionate experts in the community, share industry updates, and engage in discussion.
Forum Posts
New Google Cloud Security Customer Success Services Available!
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Chronicle Rule
Hi, i wrote a Rule, but working the Exclusion "WindowsBackup" not.Can you help me?Regards rule Powershell {met...
Parser Extension for GCP Loadbalancer
Hi,I'm looking to create a parser extension for the default GCP Loadbalancer one, since it currently doesn't p...
Search query combining UDM and Raw
Hi All,Is there any way to combine a raw log search with some UDM filter applied. Let's say I want to search a...
Hubspot logs to chronicle
Hi,Is there a way to ingest Hubspot CRM audit logs to collect to Chronicle? I think we can collect them to GCP...
Chronicle Alert export to the hive
Hi,I want to export alerts from Chronicle to TheHive. How can I realize that. I made search for REST API but I...
VirusTotal Relationships
Hi,My firm has Chronicle und VT Lizenz. How can I use VirusTotal Relationships (vt) in YARA Rule?ThanksSerbay
Json parsing
Hello everyone, we are currently developing a parser for logs that are in JSON format (not raw JSON). Is it po...
Ingesting logs from legacy Dell Storages
Hi All,We are already ingesting logs from Dell EMC PowerStore (with a custom parser), but there is also a requ...
Require new data type for Huawei OceanStor
Hi all,My client wants to ingest logs from their Huawei OceanStor Pacific appliances, but there is no datatype...
FLUENTD Logs Uploaded by forwarder not showing on Chronicle
Hi All,I recently tried to do a PoC of chronicle SIEM and after setting up a forwarder to send logs collected ...
Clone Widget to another dashboard
Hi,Is there any way to clone a widget from one dashboard to another? I see an option to duplicate the widget w...
Parser for Raw logs
HI team, I require assistance in developing a custom parser for processing raw logs. Additionally, I seek guid...
Detection Request Around Golden Image Lateral Movement in GCP
Recently I reviewed an article covering an attack path that an actor took in a Google Workspace/GCP environmen...
Is this type of SIEM needs agents to be installed on the client host?
I will like to know, if this type of SIEM needs agents to be installed on the client host?
SIEM rule to detect encryption
anyone here tried creating a rule that was able to capture encryption in a host,I would like to get some ideas...
Incoming Forwarder Bytes Limit
Hello,our customer tries to sent files to parser which are bigger than 65000 bytes. Is this a forwarder limita...
Dashboard Sharing Request
Does anyone have a dashboard to share? I have a few, but I'd like to see some different perspectives.
Chronicle SIEM release date
Do any of you know when Google Chronicle SIEM was officially released? I cannot find any resources about this.
Migrating log data to a new data label
Has anyone here ingested data to SIEM via a temporary label and then migrated to a new data label? We recently...
Deprecated label in YARA-L Rule
Hello everyone!I am having a doubt regarding the deprecated label; i.e., $ioc.graph.entity.labels.key, which h...
UDM event for Storage.Object events
Hey folks!!For GCP audit logs does anyone know if there are any udm event for storage.object.get or storage.ob...
Event Color Coding
What does this different color (Green, Grey, Red, violet etc..) coding says for an Event? Are there any more ?...
What is BigQuery export feature in Chronicle ?
There's an official Chronicle Looker block available on the Marketplace, and it mentions that the 'BigQuery Ex...
Regex in YARA-L rule
Hello everyone!Im currently struggling with the regex usage in the rule.I need to create a regex in order to d...
Chronicle default threat detection rules - is there any repo to review them?
Is there a list of out-of-box Chronicle rules available somewhere to review? Similar to what SCC Premium provi...
gcp_dns_modification.yaral tuning issue
Hi all, I'm working on tuning that yaral rules gcp_cloudaudit/gcp_dns_modification.yaral from the github repo....
Reporting through Dashboards
Hi All,I'm looking for a way to fulfill reporting requirements, potentially through dashboards. I understand t...
Chronicle Ingestion Script errors
Recently we've been having trouble getting several Chronicle Ingestion scripts working (found here https://git...
Open sourced our Chronicle detection rules
Hey all, I open sourced our Chronicle detection rules (and a few helpers) on GitHub a couple of weeks back. I'...
Data Storage in Chronicle SIEM
Hello,how is the data (UDM and RAW) in the DB encrypted? For example if storing security strings.Thanks for th...
