This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Bring Audit logs to Chronicle

Posted on 09-16-2024 12:26 AM
vishnu_manu
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Community,

How do I bring "Audit Logs" from "ManageEngine Endpoint Central" to SecOps ?

vishnu_manu_0-1726471728672.png

Endpoint Central is a supported log type, I don't find an documentation to integrate, please post if there are any docs. 

0 1 764
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ScottieJ
Staff
Reply posted on --/--/---- --:-- AM

Vishnu

Google Security Operations SIEM does not provide a default parser for these log types. You can ingest them with the API or a Forwarder (raw events); however, you will have to create a custom parser to normalize these logs (UDM format).  These links should get you started, feel free to contact support for questions regarding custom parsers.

Support without a Default Parser: https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers#without-defa...

Custom Parser Documentation: https://cloud.google.com/chronicle/docs/event-processing/manage-parser-updates

 

 

Top Solution Authors
View all