This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

chronicle forward data to other SIEM

Posted on 08-22-2023 12:57 AM
pwckimmy
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Does Chronicle have the ability to forward data to other SIEM platforms? Such as Splunk, IBM QRadar.

Solved Solved
1 1 582
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mkrovatkina
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Chronicle is not great at data export. You can export raw logs Data export API with https://cloud.google.com/chronicle/docs/preview/data-export-api/data-export-api.

They will go for a log_type to a cloud bucket.


You could also export UDM events with the Search API, but it has a page size limit, so may be less practical for high volume data

https://cloud.google.com/chronicle/docs/reference/search-api

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
mkrovatkina
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Chronicle is not great at data export. You can export raw logs Data export API with https://cloud.google.com/chronicle/docs/preview/data-export-api/data-export-api.

They will go for a log_type to a cloud bucket.


You could also export UDM events with the Search API, but it has a page size limit, so may be less practical for high volume data

https://cloud.google.com/chronicle/docs/reference/search-api

Jump to Solution
0 Likes
Top Solution Authors
View all