For anyone interested, Google Cloud has a free online Modern SecOps (MSO) course focusing on Modernizing Cyber...
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Hi Team,We are unable to see Windows on Docker forwarder logs in Chronicle SIEM.Is there any documenation to f...
I am trying to create a view to have time difference between and value. And to then set an alert, dashboard et...
Hi,Has anyone got any experience with creating a YARA-L rule that detects when a log source drops ingesting? I...
Hello Team or esteemed members,Do we have any recommended best practices from Google or your own recommendatio...
Hello everyone, my windows servers are sending DNS debug logs and NPS debug logs from the corresponding files,...
Is there a way to run a SIEM search on rules so I can report out rules by name, status, last updated, updated ...
Dear Community,Did anyone manage to successfully transform or parse Windows Event Logs (System, Security) that...
Dear All,Could anyone please give a documentation for how to use "BindPlane OpenTelemetry collector" for syslo...
Hi everyone,I've been struggling to find a way to collect Crowdstrike Identity Protection logs in Google Chron...
Hi Team,Could someone please clarify the exact meaning of the "Parsing error" and "Validation error" in the Da...
Dear All,Could anyone please give me the script for ingestion UDM events directly to Chronicle via an Ingestio...
How we can integrate Google Threat Intelligence GTI to SIEM specially to Microsoft Sentinel or Splunk
Hi!I want to generate a rule that looks for the value of 'target.ip' field in a reference list.I have 3 refere...
Hey AllIn the workspace user parser my users get the same email added to the entity.user.email_addresses field...
Hi everyone, I need to migrate a SPL rule to Chronicle, can someone assit how this can be converted to YARA-L?...
Is there any documentation available that outlines the differences between audit logs and user activity logs? ...
How do i resolve thia error? Who do I need to reach out to? { "error": { "code": 403, "message": "Malachite In...
I've tried found solutions on google but none fixed my issue.Have you already faced this prolem ?You help woul...
Why we are getting the output in the below format when we validate the sample log with parser using cbn-tool/c...
Does anyone have or know a tool to generate custom parsers for logs
Hey Team,I'm looking for a way to parse raw logs outside of Chronicle to UDM, does something like that exist? ...
I want to add longer descriptions in the meta of some SIEM rules so the info shows up in the related SOAR case...
Team,I am in the process of deploying Google Chronicle in our organization and following the instructions prov...
Hi How can I detects suspicious links and files that been sending outside of my domain?
Hello,How can I perform a transformation to the data in the environment ?Thank you
Hello Team,For the 'impossible_travel_login_activity' alert involving from a user, our initial review of the e...
Hello,I need to send alerts from one chronicle siem to another.How can I do this?Thank you
I've seen conflicting information on this topic: Is it required today that a new Google SecOps client bring th...
Good morning, I have a question about log ingestion via the ingestion API. Initially, my logs contained only 1...