About mauriarre

mauriarre

Hey everyone,We have an issue with restricting access to a SecOps instance.Before, the provisioning procedure required an IDP group mapped to Chronicle's backend to grant access to users in said group. This meant that if a user was not part of the ID...

mauriarre

Hey, may I be added to the slack channel as well!

mauriarre

An additional tip for GROKs within parsers, you always have to use a double \ within a parser, so always use \\.

mauriarre · 06-24-2024

I can help with a couple of those.Managing log retention - Strategies for managing log retention for more than 12 monthsNormally the best way to manage log retention for more than 12 months is to leverage GCP to do so, I would recommend Cloud Storage...

mauriarre · 06-24-2024

As said by Mike, the best way to keep tabs on ingestion metrics is by using Monitoring directly on GCP.

My Stats

mauriarre's Bio

Badges mauriarre Earned

Recent Activity

Restricting access to Google SecOps instance

Re: Joining the SecOps Slack

Re: Chronicle Parser - Haproxy

Re: Google SecOps best practices

Re: YARA-L rule to detect ingestion drop