About mountaincode2

mountaincode2

I am reaching out in relation to the group function:https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-syntax#groupNow i understand what it says:> Group fields of a similar type into a placeholder variable.But i am unable to visualize it.Do...

mountaincode2

I am reaching out in relation to:https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Google-SecOps-Using-Metrics-in-YARA-L-Rules-Part-1/ba-p/726322I have a query regarding the time period. The post says:> In this metric, period:1d, window:3...

mountaincode2

I am reaching out in relation to the following metrics post:https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Google-SecOps-Using-Metrics-in-YARA-L-Rules-Part-2/ba-p/726336I am a little confused here. In all the 4 parts in this series, wh...

mountaincode2 · 03-21-2024

Hello,I am unable to view the statedump of my parser code.Raw log is as follows: "resource": { "type": "k8s_container", "labels": { "container_name": "abc", "namespace_name": "default", "location": "us-central", "project_id": "xyz", "cluster_name": "...

mountaincode2 · 03-15-2024

Hello,I am looking at the following preview documentation:https://cloud.google.com/chronicle/docs/preview/search/raw-log-search-in-investigateUsing UDM Search, one can only search for UDM events and not UDM entities. The documentation says:>After you...

mountaincode2

ah okay.> In search, we have the concept of grouped fields. When we search for IP = 1.1.1.1 for example, we end up searching a number of different IP fields including principal, target, observer, etc... This group function would be similar to that ex...

mountaincode2

ah okay, @jstoner. i think i am closer to an understanding now.So here are the takeaways:data is being bucketed on a daily basis across a window of 30 days.The metric period of 1 day and window of 30 days means that a metric, in the example in the bl...

mountaincode2

Thanks @jstoner .So would i be right in understanding the window is calculated as follows, if the query ran on May 06, 2024:May 06 - 30April 05- 30March 03 - 30Feb 02However, i have a sense that my understanding might be wrong as the detections outpu...

mountaincode2

This is very helpful. Thank you!

mountaincode2

@jstoneri am missing something and certainly unable to connect the dots.Why do we need a "window" property. And how far back in time then would the data be calculated for?For example, in my head, it can then keep going back for perpetuity:May 05 - 30...

Google Cloud Community

My Stats

intel's Bio

Badges mountaincode2 Earned

Recent Activity

What is the utility of a group function in YARA-L?

metrics - data is being bucketed on a daily basis across a window of 30 days.

Aggregate functions in metrics

Unable to view the statedump of my parser code.

Is raw log search and entity search the same?

Re: What is the utility of a group function in YARA-L?

Re: metrics - data is being bucketed on a daily basis across a window of 30 days.

Re: metrics - data is being bucketed on a daily basis across a window of 30 days.

Re: Aggregate functions in metrics

Re: metrics - data is being bucketed on a daily basis across a window of 30 days.