Community & Learning workshop - RSAC 2024
Attending RSAC 2024? Join us at the upcoming Google Security Operations workshop, where we'll do a deep dive i...
Forum Posts
New Google Cloud Security Customer Success Services Available!
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
SPLUNK SIEM TO CHRONICLE MIGRATION
Hi All I have been working to create an approach for customers migration from existing SPLUNK SIEM (on prem) t...
SIEM Rules
Curious, do people share rules here that they have developed? Based on seen activity or just rules in Dev?For ...
Open Source Chronicle Rules
Hey everyone,I've been writing Yara-L rules for a while now and I wanted to share some of mine here for people...
Is this type of SIEM needs agents to be installed on the client host?
I will like to know, if this type of SIEM needs agents to be installed on the client host?
Open sourced our Chronicle detection rules
Hey all, I open sourced our Chronicle detection rules (and a few helpers) on GitHub a couple of weeks back. I'...
UDM parsing outside of Chronicle
Hey Team,I'm looking for a way to parse raw logs outside of Chronicle to UDM, does something like that exist? ...
What is the process we should be following to ensure we don’t get duplicate events?
Hi all, what is the process we should be following to ensure we don’t get duplicate events? I found one refere...
IOC matching with YARA-L rule
Hi!I wrote a YARA-L rule for IOC matching where i need to check if the confidence level of the IOC is above 75...
Looking for an API to monitor EPS events ingested, parsed in UDM etc
Hi i'm searching for an API to monitor EPS for number of events ingested, parsed in UDM etc, Is there anything...
Got this error when writing a YARA-L detection rule in the Chronicle editor
Hi all, I was writing a YARA-L detection rule in the Chronicle editor and I need to match the string "C:\Progr...
is there a way to send logs to chronicle via intranet traffic instead of going over the internet?
Hi all, can we send logs to chronicle via intranet traffic instead of going over the internet?
Question about ingesting from GCS buckets using feeds management UI
I have a question: When Ingesting from GCS buckets using feeds management UI, it mentions that chronicle doesn...
How to simply inject syslog without any parser?
Hi there! Is there a way to simply inject syslog without any parser (because there is none available for the p...
Dashboard for time between logging and detections firing
Does anyone have any advice on how you could create a dashboard to see the average amount of time between the ...
Is it possible to use Arrays.contains with two variables in Yara-L?
In the documentation it seems that the arrays.contains function can be used like the following, arrays.contain...
Rules and how they works
Does anyone know if Google have a list of Rules which are available in Chronicle Security and are base on whic...
Sharing log parsers with people on this community
What’s been your experience sharing log parsers with people on this community? Has it been beneficial? Risky? ...
creating customers in chronicle siem
Hi Team, Looking for guidance creating customers in chronicle siem using the api. Can't seem to get it working...
Enterprise insights feature
Hi All, I was wondering if the Demo has the 'Enterprise insights' feature
Windows event forwarding
@Lokesh_Dachepal If you don't want to use a SIEM product, you can always do Windows event forwarding to get al...