Getting to Know Google SecOps: Introducing Outcomes in a Single Event Rule
Today, we are going to introduce the outcome section of a YARA-L rule and demonstrate how we can additional co...
Google Security Operations
Learn about Google Security Operations best practices and bring your security operations center to the next level. Share and discuss with Googlers and security practioners in the Google Security Operations Forums.
Knowledge Base Articles
Getting to Know Google SecOps: Building a Multi Event Rule - Sliding Windows
Today, we are going to build a multi event rule in SecOps SIEM, but this time we will use a sliding window ver...
Getting to Know Google SecOps: Building a Multi Event Rule - Multiple Joins and Counts in Conditions
In this post, we’re going to build a multi event rule in SecOps SIEM with a focus on joining multiple fields a...
Getting to Know Google SecOps: Building a Multi Event Rule - Ordering Events
In this post, we’re going to build a multi event rule in SecOps SIEM with a focus on ordering events to trigge...
Integrating Chrome Enterprise Management with Google SecOps
In this post, I demonstrate how to integrate Chrome Enterprise Management with Google SecOps to gain comprehen...
Getting to Know Google SecOps: Building a Multi Event Rule - Joining Events
In this post, we’re going to build a multi event rule in SecOps SIEM that can be used to join disparate events...
Getting to Know Google SecOps SIEM: Building a Single Event Rule - String Match
In this post, we’re going to build a single event rule in SecOps SIEM using string matching, which will serve ...
Getting to Know Google SecOps SIEM: YARA-L Rule Options
In this post, we’re going to get to know SecOps SIEM with a focus on the various options available in the rule...
Getting to Know Google SecOps SIEM: Rules Editor Navigation
In this post, we’re going to get to know SecOps SIEM with a focus on navigating the Rules Editor, which will s...
Getting to Know Google SecOps SIEM: Setting a threshold in conditions
In our previous post, we covered how SecOps SIEM can aggregate events into a single detection and alert within...
Getting to Know Google SecOps SIEM: Aggregating events in rules
In our previous post, we covered building a single event rule in SecOps SIEM using a regular expression. In th...
Getting to Know Google SecOps SIEM: Building a single event rule using a regular expression
In our previous post, we covered using event operators and modifiers that demonstrate the flexibility in build...
Getting to know Google SecOps SIEM: YARA-L operators and modifiers
In our previous post, we covered an introduction to SecOps SIEM with a focus on using variables in YARA-L to b...
Getting to know Google SecOps SIEM: YARA-L rule variables
In our previous post, we provided an introduction to SecOps SIEM with a focus on YARA-L basics and how detecti...
Getting to know Google SecOps SIEM: YARA-L basics
YARA-L is a language used to create rules for searching through your enterprise log data (hence the “L”) as it...
Using advanced analytics for the insights of tomorrow
Today, most SOC managers and CISOs are using metrics to track the security posture and measure their SOC’s per...
Guide | Quick OVA Deployment And Portal Login
Hello everyone, I’ve seen various questions around the slack channel about the OVA deployment, so I’m writing ...
Noise Reduction- Cyrus Robinson, community domain expert
Have you ever noticed trees that are marked with spray paint? Now, I’m no tree spray paint marking expert, but...
Jason Crosby External IP Enrichment v2 Block
Our judges were impressed by the clever use of Siemplify technology and the logic behind his block. Jason Cros...
Cyrus Robinson 24/7 block
After you implement Dor's enrichment block, we want to introduce you to Cyrus's 24/7 block, which won 2nd plac...
CyberSixgill Enrichment Block for SE
As promised, we are sending you the winning blocks from the Community Challenge. So, we’ll start with the 3rd ...
How to Use Output from a Block as Input for Another Block
Someone asked this in the Siemplify Community Slack, so I thought it might be helpful to document it here as w...
A Noise Reduction Strategy Example - Part 1
This will be broken up into multiple posts due to post length requirements. One of our SOC workstreams is to r...
A Noise Reduction Strategy Example - Part 2
Tier 1 Analysis PlaybookThe Tier 1 analyst uses enrichment and instruction to perform the initial analysis and...
Alert noise reduction
Security teams are no strangers to the overload of alerts. Be it via new SIEM rules, a preponderance of detect...
Introduction to the Siemplify Tools Power Up!
The Tools Power Up is a set of utility actions developed by Siemplify Professional Services for the Siemplify ...
How to use Template Engine to Render Complex Templates - Part 2
If you haven't read the "How to use Template Engine to Render Complex Templates - Part 1" post, start off ther...
How to use Template Engine to Render Complex Templates - Part 1
I have recently created Template Engine, an integration available to the Community which utilizes Jinja2 to re...
Siemplify Tools Community Integration
Hi Community, with the new capability released in the latest community edition which enables our community mem...
Managing large playbook libraries
In an ideal world, every analyst in your security operations center would always be able to investigate and re...
