This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Ingesting custom log data to Chronicle SIEM - Not existing Log Source and Log type

Posted 3 weeks ago
aivaras
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi Community,

Did anyone try to ingest a completely custom log data to Chronicle SIEM?

I mean log data which does not fall under any log sources (JSON, KV, etc.) and does not fall under any log types (Azure AD, Linux Auditing System (AuditD), etc.)?

I can write a parser after ingestion, but it is not too clear how to inject data which cannot be attached to any of current categories (log sources or log types).

P.S. Log data type was created without consideration of existing log types and sources.

Solved Solved
1 1 103
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
cmorris
Staff
Reply posted on --/--/---- --:-- AM

Hi aivaras,

Please submit a support case for the creation of a new log type. That new log type can be internal to your Chronicle instance. Once the new log type has been set up, you can configure ingestion and then build a custom parser.

Chris

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
cmorris
Staff
Reply posted on --/--/---- --:-- AM

Hi aivaras,

Please submit a support case for the creation of a new log type. That new log type can be internal to your Chronicle instance. Once the new log type has been set up, you can configure ingestion and then build a custom parser.

Chris

Jump to Solution
Top Solution Authors
View all