This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
What does this different color (Green, Grey, Red, violet etc..) coding
says for an Event? Are there any more ?@jstoner Is there any kb that
covers this topic? I tried finding but no luck.
Instead of "_labels.value" try "_labels.value.string_value". Instead of
"event.idm.read_only_udm.target.resource.attribute.labels" try
"event.idm.read_only_udm.additional.fields".
Well the best approach is to set up the Cloud Monitoring Notification.If
you have SOAR, you may try creating some custom job. Else... You may try
the sample code of this Dashboard and try tuning it as per your
thresold.
Mostly parsed logs will have ip details under UDM
observer/intermediary/principal.hostname.If your requirement is to have
name identifier tagged to each event as well , e.g. ASA_DMZ. Then you
can achieve it through custom parsing. Please note that Ch...
array_function => "split_columns"// this is used to split nested arrays
into column. e.g. if your src.ip field is an array and having multiple
ips. It will split into columns that you'll be able to access it like
src.ip.0, src.ip.1 ... src.ip.nBelow ...
