Solved: Curated detections capacity

Paulo-Lopes · 02-20-2024 01:34 PM

Hello,

I enabled some curated detections and now chronicle is saying that I'm reaching the full capacity that will prevent enable further rules.

But I did not enabled all curated rules, there are some missing windows threats to enable.

Is there anyway to upgrade curated rules capacity? How can I use these rules if I cannot enable all of them?

DAPerry

Thanks for referencing the link!

Since quantities aren't publicly referenced (that I could find as of this post) I have to point you towards your account team/security engineer to provide more personalized context on your existing capacity (150 based on your screenshot) and allow them to discuss with you any potential options for increases if that's the desired end goal.

View solution in original post

DAPerry

Thanks Paulo for reaching out. I'd suggest opening a support ticket for this in order to request an increase to your Curated Detection capacity.

Depending on which rules (and licensing) that you have enabled, the capacity upper limits could be consumed quickly.

Alternatives to an increase could be disabling rules that have high capacity utilization quantities.

Paulo-Lopes

Thanks DAPerry!

Do you know where can I find these licences limits for Curated Rules? I didn't find in documentation.
https://cloud.google.com/chronicle/docs/detection/curated-detections

DAPerry

Thanks for referencing the link!

Since quantities aren't publicly referenced (that I could find as of this post) I have to point you towards your account team/security engineer to provide more personalized context on your existing capacity (150 based on your screenshot) and allow them to discuss with you any potential options for increases if that's the desired end goal.