This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
You should be able to use the Ops Agent in GCE to collect these logs:
https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent/configuration#logging-receivers
The direct ingestion method that streams logs from Cloud Logging to
Chronicle c...
We are updating the documentation and parser for NIX_SYSTEM this
quarter. The documentation will include all of the field mappings and
event types that the parser supports. These are the logs that it
supports: /var/log/audit/audit.log /var/log/syslog...
If you have Workspace Enterprise, you can use the new direct Workspace
integration to get Gmail logs. For more details, see
https://cloud.google.com/chronicle/docs/ingestion/cloud/workspace-to-chronicle
@TPankaj If CrowdStrike FDR is sending Identity Protection events, then
Chronicle should be able to ingest them using the CS_EDR log type. In
case you run into any parser issues with it, please open a support case
and request that your tenant be swit...