This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Hi guys,here I come with another annoying problem within playbook
development in Chronicle SOAR..Yesterday I needed to execute a UDM query
into Chronicle SIEM from one of our playbooks. First try it worked very
well, the query found some results and ...
Hello, community, Today I'm facing something weird and can't figure out
how this is possible...I've implemented a custom detection rule on my
Chronicle SIEM instance that detects when a particular user deletes more
than 20 files over 10 seconds. To t...
Hi community. Yesterday I noticed something weird working on Chronicle
SIEM. We received an alert coming from a custom rule of ours; Clicking
on the user that triggered this rule, should show up the timeline with
all events related to that user as yo...
Hi all, I'm using QRadar connector to ingest offenses in Chronicle SOAR
passing through a remote agent. The customer is complaining about the
amount of requests coming from the agent to QRadar. Is there a way to
limit this traffic? Is there any kind ...
Hi all,I would like to configure the EmailV2 Connector to retrieve mails
from my outlook mailbox. I've used the outlook imap sever
imap-mail.outlook.com on port 993 but I get the error "Cannot login to
IMAP serve with the given creds, error: b'LOGIN ...
HI @mokatsu the problem comes when I implement detection rules SIEM side
like the one I described above. If I have a rule that is meant to match
when a user deletes a large number of files above a threshold I would
expect an alert for each file delet...
Hi @mokatsu this is exactly what happens, for every entity that comes as
an array of values a new event will be created to cover all possible
combinations of the elements of these arrays...This is so annoying.. any
suggestions on how to solve this?
Hi @mokatsu thanks for your response. Based on your suggestions I've
checked the events and found that the user has multiple fields
containing email addresses that are used to create user entities in
fact, in the graph I can find as many user entitie...