Getting to Know Google SecOps: Calculating Difference By Time Unit
Today we're going to use a time function to calculate the difference between two time values with a focus on t...
Google Security Operations
Learn about Google Security Operations best practices and bring your security operations center to the next level. Share and discuss with Googlers and security practioners in the Google Security Operations Forums.
Knowledge Base Articles
Getting to Know Google SecOps: Truncate Timestamp By Time Unit
Today we are going to use a time function that can round a time value down to a specific time unit. This funct...
Getting to Know Google SecOps: Extracting Domains & Hostnames
Today we are going to look at two string functions that will extract hostnames and domains from longer strings...
Getting to Know Google SecOps: Time Functions: Converting a Time in a String to a Time Value
Sometimes we get a time in a string field and we want to perform time operations on it or compare it to anothe...
Getting to Know Google SecOps: Time Functions: Formatting a Timestamp The Way You Want It
Working with and viewing timestamps can be a drag, particularly if you want to work with something other than ...
Getting to Know Google SecOps: String Functions: Working with a Substring
Searching and extracting a portion of a string can be handled with a regular expression but there are other me...
Getting to Know Google SecOps: String Functions: strings.contains & strings.starts_with
If you need to examine a string and find a pattern in it for your searches or rules, we've got you covered. Pe...
Getting to Know Google SecOps: String Function: String Lengths
We've talked about counting substrings previously but suppose we want to count the number of characters in a s...
Getting to Know Google SecOps: String Function: Counting Substrings
Sometimes we find that we have values in our fields that we just want to count. For instance, perhaps we have ...
Getting to Know Google SecOps: Statistical Functions: Standard Deviation & Variance
We've got more statistical functions for you today! Let's take a look at the functions window.variance and win...
Getting to Know Google SecOps: Statistical Functions: Median
Today, we're going to cover another statistical function, window.median, that can be used in search and rules ...
Getting to Know Google SecOps: Statistical Functions: Mean(Avg) and Mode
Today, we are going to start going into statistical functions that can be used in search and rules with Google...
Getting to Know Google SecOps: Statistical Search: More Than a Count
This post builds on what we previously learned about statistical searches and adds additional aggregation func...
Getting to Know Google SecOps: Getting Started with Statistical Search
This post introduces the statistical search capability and provides an introduction to gain a greater understa...
Getting to Know Google SecOps: Regular Expression Function: re.replace
This post will introduce the function re.replace which provides a method to replace a portion of a value with ...
Getting to Know Google SecOps: String Function: strings.base64_decode
Today we are going to introduce a string function that takes base64 data and decodes it in search and YARA-L r...
Getting to Know Google SecOps: Regular Expression Function: re.capture
Today we will go deeper into using regular expressions in rules with the introduction of the function re.captu...
Getting to Know Google SecOps: Regular Expression Function: re.regex
While we have talked about using regular expressions in rules previously, today we will introduce the re.regex...
A look at the Recommendations widget in depth
This document shows how Google SecOps makes the calculations to determine which cases the Recommendations widg...
Getting to Know Google SecOps Strings Function: Upper/Lower Case
Let's look at two complementary functions that allow us to quickly and easily convert the case of a value. Thi...
Getting to Know Google SecOps: Regex Reference Lists
Today we are going to review the third type of reference list that we can use in our YARA-L rules in Google Se...
Getting to Know Google SecOps: CIDR Reference Lists
Let's look at how we can use another type of reference list in our YARA-L rules in Google SecOps. This one is ...
Getting to Know Google SecOps: Reference List
Let's look at how we can use reference lists in our YARA-L rules in Google SecOps. Reference lists provide a s...
Getting to Know Google SecOps: Functions: Network
Let's look at how we can use the CIDR network function or as it is called in YARA-L, net.ip_in_range_cidr, for...
Getting to Know Google SecOps: Functions - strings.coalesce
Let's look at how we can use the string function coalesce or as it is called in YARA-L strings.coalesce, for u...
Getting to Know Google SecOps: Functions - strings.concat
Let's look at how we can use the string function concatenation or as it is called in YARA-L strings.concat, fo...
Getting to Know Google SecOps: Outcomes - Risk Score, Conditional Logic and Mathematical Operators
We are covering a lot of ground today, as we take a look at risk score, conditional logic and mathematical ope...
Getting to Know Google SecOps: Outcomes in a Multi Event Rule - Max, Min, Sum
Today, we are going to cover the aggregation functions of min, max and sum and how they can be added to the ou...
Getting to Know Google SecOps SIEM: Outcomes in Multi Event Rules: Arrays
Today, we are going to cover two aggregation functions that are often used with strings in the outcome section...
Getting to Know Google SecOps: Outcomes in a Multi Event Rule - Counts
Today, we are going to introduce the ability to generate counts within the outcome section of a YARA-L rule in...
