We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Hi Team,I am looking to get an alert if I miss a log from an endpoint from a server. Since the ingestion API m...
Hello everyone,We activated most of the curated detection rules that are available within SecOps SIEM (about 1...
I have a rule with a match window of 4 hours and have the frequency of the rule set to 1 hour. I expect the ru...
Hello,I'm setting up asset enrichment through the ENTITY_CONTEXT. I have configured time interval as below:By ...
Do you have any documentation on the integration of Workday with CSIEM? I understand this typically involves a...
Just a question we are ingesting MISP logs through ingestion api we have the fields parsing now and we can sea...
Hello All,I'm trying to push some logs via Kafka to Chronicle SIEM. Kafka server has been set up and logs are ...
Hi,Does anyone have any experience with creating a YARA-L rule that looks for a particular event such as a vul...
Hi Team,We are unable to see Windows on Docker forwarder logs in Chronicle SIEM.Is there any documenation to f...
I am trying to create a view to have time difference between and value. And to then set an alert, dashboard et...
Hi,Has anyone got any experience with creating a YARA-L rule that detects when a log source drops ingesting? I...
Hello Team or esteemed members,Do we have any recommended best practices from Google or your own recommendatio...
Hello everyone, my windows servers are sending DNS debug logs and NPS debug logs from the corresponding files,...
Is there a way to run a SIEM search on rules so I can report out rules by name, status, last updated, updated ...
Dear Community,Did anyone manage to successfully transform or parse Windows Event Logs (System, Security) that...
Dear All,Could anyone please give a documentation for how to use "BindPlane OpenTelemetry collector" for syslo...
Hi everyone,I've been struggling to find a way to collect Crowdstrike Identity Protection logs in Google Chron...
Hi Team,Could someone please clarify the exact meaning of the "Parsing error" and "Validation error" in the Da...
Dear All,Could anyone please give me the script for ingestion UDM events directly to Chronicle via an Ingestio...
How we can integrate Google Threat Intelligence GTI to SIEM specially to Microsoft Sentinel or Splunk
Hi!I want to generate a rule that looks for the value of 'target.ip' field in a reference list.I have 3 refere...
Hey AllIn the workspace user parser my users get the same email added to the entity.user.email_addresses field...
Hi everyone, I need to migrate a SPL rule to Chronicle, can someone assit how this can be converted to YARA-L?...
Is there any documentation available that outlines the differences between audit logs and user activity logs? ...
How do i resolve thia error? Who do I need to reach out to? { "error": { "code": 403, "message": "Malachite In...
I've tried found solutions on google but none fixed my issue.Have you already faced this prolem ?You help woul...
Why we are getting the output in the below format when we validate the sample log with parser using cbn-tool/c...
Does anyone have or know a tool to generate custom parsers for logs
Hey Team,I'm looking for a way to parse raw logs outside of Chronicle to UDM, does something like that exist? ...