Community & Learning workshop - RSAC 2024
Attending RSAC 2024? Join us at the upcoming Google Security Operations workshop, where we'll do a deep dive i...
SIEM Forum
Find answers to your questions from passionate experts in the community, share industry updates, and engage in discussion.
Forum Posts
New Google Cloud Security Customer Success Services Available!
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
What is the process we should be following to ensure we don’t get duplicate events?
Hi all, what is the process we should be following to ensure we don’t get duplicate events? I found one refere...
IOC matching with YARA-L rule
Hi!I wrote a YARA-L rule for IOC matching where i need to check if the confidence level of the IOC is above 75...
Looking for an API to monitor EPS events ingested, parsed in UDM etc
Hi i'm searching for an API to monitor EPS for number of events ingested, parsed in UDM etc, Is there anything...
Got this error when writing a YARA-L detection rule in the Chronicle editor
Hi all, I was writing a YARA-L detection rule in the Chronicle editor and I need to match the string "C:\Progr...
is there a way to send logs to chronicle via intranet traffic instead of going over the internet?
Hi all, can we send logs to chronicle via intranet traffic instead of going over the internet?
Question about ingesting from GCS buckets using feeds management UI
I have a question: When Ingesting from GCS buckets using feeds management UI, it mentions that chronicle doesn...
How to simply inject syslog without any parser?
Hi there! Is there a way to simply inject syslog without any parser (because there is none available for the p...
Dashboard for time between logging and detections firing
Does anyone have any advice on how you could create a dashboard to see the average amount of time between the ...
Is it possible to use Arrays.contains with two variables in Yara-L?
In the documentation it seems that the arrays.contains function can be used like the following, arrays.contain...
Detect off additional fields in Yara-L
Is it possible to make a Yara-L rule that is detecting off of a specific field in the additional section?I hav...
Rules and how they works
Does anyone know if Google have a list of Rules which are available in Chronicle Security and are base on whic...
Sharing log parsers with people on this community
What’s been your experience sharing log parsers with people on this community? Has it been beneficial? Risky? ...
See if a UDM field contains a substring of another UDM field
Is there any way in Yara-L to check if a UDM field contains a substring of another UDM field? The following ex...
creating customers in chronicle siem
Hi Team, Looking for guidance creating customers in chronicle siem using the api. Can't seem to get it working...
Enterprise insights feature
Hi All, I was wondering if the Demo has the 'Enterprise insights' feature
Dashboard for time between logging and detections
Does anyone have any advice on how you could create a dashboard to see the average amount of time between the ...
Windows event forwarding
@Lokesh_Dachepal If you don't want to use a SIEM product, you can always do Windows event forwarding to get al...
Supported Data Sources
Can someone help me understand the different supported data sources for Chronicle?Thanks in advance.
Non-English characters in logs not rendering in Chronicle?
Windows Event logs from servers configured in a language using non-English character set are not rendering in ...
