Community & Learning workshop - RSAC 2024
Attending RSAC 2024? Join us at the upcoming Google Security Operations workshop, where we'll do a deep dive i...
Forum Posts
New Google Cloud Security Customer Success Services Available!
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Integration of Oracle Cloud with Google Chronicle
We are in the process of integrating Oracle Cloud with Google Chronicle. Please share the possible methods for...
Snare Windows Event Logs with WINEVTLOG default parser
Dear Community,Did anyone manage to successfully transform or parse Windows Event Logs (System, Security) that...
ingestion labels for cloudflare & zscaler internet access logs
what is the correct log type OR ingestion label to use in the chronicle forwarder configuration for the follow...
Issues with ingesting EKS audit logs (CloudWatch)
I've set up a AWS CloudWatch feed to ingest EKS audit logs from an S3 bucket. Initially it fetches one file wi...
Azure AD SSO integration with Google Chronicle Secops
I am trying to integrate Azure AD SSO with Chronicle SIEM , The relevant team has provided the required keys t...
Feed management new features - Feed names and support for push logs
April 26, 2024 The feed management feature is now enhanced to include the following: Feed names: You can assig...
How can chronicle SIEM be used for storing data of multiple tenants?
We are looking to provide an MSSP type of service and build an XDR service, currently looking to explore how d...
Chronicle Forwarder data recovery
In the event a forwarder crashed, let's say 24-48 hours of downtime.How can we recover the events that were me...
Metadata Time Start and End Time Interval is not being followed
Hello,I'm setting up asset enrichment through the ENTITY_CONTEXT. I have configured time interval as below:By ...
Ingesting custom log data to Chronicle SIEM - Not existing Log Source and Log type
Hi Community,Did anyone try to ingest a completely custom log data to Chronicle SIEM?I mean log data which doe...
Ingest Azure Activity Logs
Good afternoon! I want to ingest Azure Activity Logs into our Chronicle instance. For that, I have found the f...
Restrict feed access to google's IPs
Hi!I am configuring a feed on Chronicle SIEM to obtain Azure Activity Logs following this guide: Ingest Azure ...
Getting "ConnectionResetError: [Errno 104] Connection reset by peer" when installing SIEM forwarder
Are you installing Chronicle forwarder and get the following error when setting up the forwarder when trying t...
How to find duplicate events ingestion into chronicle
Hi All,Is there any way that we can find the duplicate events ingested into chronicle. If yes, could you pleas...
GMAIL Log Ingestion
How are others ingesting Gmail logs into Chronicle?We've been sending them directly to BQ and querying them th...
How to send a chronicle siem alert to chronicle soar?
How to send a chronicle siem alert to chronicle soar? So basically we would need to send a chronicle siem aler...
Log not receiving - Notification
In Chronicle If I didn't log from a particular source within a timeframe of 30 minutes, will we be able to cre...
Proper JSON Format for an Entity such as a Server
Hello,I need to develop some code to that will export the characteristics of servers and various network eleme...
Statedump of a for loop
Hello!I am trying to understand the statedump of a for loop.Raw log in JSON: { "data":{ "businessPhones":[ "(1...
How to identify each device that sends logs to a single forwarder collector?
I have multiple firewalls (same log type) sending logs to a single collector and I need to identify them by th...
Maximum character in log message
Hi Team,We are using Wazuh agent in some of our endpoint and using Chronicle forwarder to ingest those logs in...
How to forward logs from Mysql DB server's table to Chronicle cloud or Chronicle Forwarder
Hi,We have a software product which writes logs to specific tables on Mysql DB on a Windows server, we need to...
MISP Question
Hi guys, I have q question while setup chronicle.When checking ioc matehes log, I can check the feed informati...
Chronicle script giving 404 (Resource Entity not found) at the time of ingesting logs to chronicle
Hi, CommunityWe have one of the chronicle script from https://github.com/chronicle/ingestion-scripts executing...
CSV Custom IOC Parser
I am trying to pull data by using the CSV Custom IOC feed from a GCP storage bucket. Looking at the Parser I s...
Office 365 Business Premium licenses - Impact on the logging capabilities
What will be Impact on the logging capabilities if we have Office 365 Business Premium licenses (and not E3 or...
JSON Parser
We are currently trying to get our feet wet in managing our own parsers in Chronicle. We have started with Vir...
MFA Related Logs
Hi Team,How can we check MFA logs/events in Chronicle SIEM using O365 (log source).
How to write a use cases for any network devices
Hi All,Please help us, how to write the use cases for Network devices in SIEM.Please share with me if have any...
Event type for login failure
Hi,How can we filter logs related to authentication failure across all log sources. We can see authentication ...