This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Hi all, I'm in process of ingesting Office 365 feed into chronicle SIEM.
I would like to know if there is guidance on how to configure apps on
Azure side. Chronicle doc page forward people on Microsoft doc, Office
365 Management APIs , Microsoft expl...
Hi, I would like to know to if there is way to append a reference list
without getting the content of the list before? I look at
https://cloud.google.com/chronicle/docs/reference/reference-lists-api#updatereferencelist
and the UpdateReferenceList see...
Hi, I would like to know how other security team use the IOC matches
alerts. Where I work, we are using the IOC matches without other IOC
feed than the default feed(US DHS AIS, ESET threat intel and Open Source
Intel). Team members are complaining ab...
Hi all, I'm working on tuning that yaral rules
gcp_cloudaudit/gcp_dns_modification.yaral from the github repo. When I
look at detection vs rules languages, the udm fields
target.user.email_addresses isn't present in our procedural filtering.
the udm ...
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsersSupported
log types with a default parserSupported log types without a default
parser
Hi Roberto, I understand that zscaler is cloud appliance. However,
Zscaler offer 2 way to sending log to SIEM: VM-based NSS and Cloud NSS
(source). There is several way to configure the feeds in chronicle.
Right now, third party api is not a way for ...