This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Clarification Required: Fireeye ETP & Snowflake

Posted on 08-01-2024 12:08 AM
Aravind3
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hello All,

I found the below documentation to integrate Fireeye ETP and Snowflake to Chronicle.

Fireeye/Trellix ETP: https://docs.cyderes.cloud/integrations/fireeye-etp/?h=trel
Snowflake: https://docs.cyderes.cloud/integrations/snowflake/?h=snowf

Could anyone please help in understanding these integrations?

Thanks in advance.

Aravind Sreekumar

Solved Solved
1 8 553
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
In response to Aravind3
Reply posted on --/--/---- --:-- AM

Hi @Aravind3 the configuration is specific to Cyderes, one of SecOps partners. I do not have many details about Cyderes method of sending their data, but most likely they use SecOps SIEM Ingestion API.

In theory, you may use our Ingestion API to send any log source as long as you know the corresponding Log Type, but the implementation must be done on the customer side. Some of our customers use GCP Cloud Functions to send the data with our Ingestion API, but you may have any implementation of your choice. You can find all the available log types in our documentation:

https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers

View solution in original post

Jump to Solution
0 Likes
8 REPLIES 8

Posted on --/--/---- --:-- AM
Aravind3
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Eg: On this documentation for Agari Phishing Defense: https://docs.cyderes.cloud/integrations/agari-phishing-defense/?h=agari#chronicle-data-types its mentioned "Please send the following to Cyderes via a secure channel when setup is completed:" could you please provide a clarification on this as well

Thank you in advance

 

Jump to Solution

Posted on --/--/---- --:-- AM
Aravind3
Bronze 4
Bronze 4
In response to Aravind3
Reply posted on --/--/---- --:-- AM

@jstoner , @dnehoda  @Rene_Figueroa @cmmartin_google 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
In response to Aravind3
Reply posted on --/--/---- --:-- AM

Hi @Aravind3 the configuration is specific to Cyderes, one of SecOps partners. I do not have many details about Cyderes method of sending their data, but most likely they use SecOps SIEM Ingestion API.

In theory, you may use our Ingestion API to send any log source as long as you know the corresponding Log Type, but the implementation must be done on the customer side. Some of our customers use GCP Cloud Functions to send the data with our Ingestion API, but you may have any implementation of your choice. You can find all the available log types in our documentation:

https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Aravind3
Bronze 4
Bronze 4
In response to Rene_Figueroa
Reply posted on --/--/---- --:-- AM

Hello @Rene_Figueroa, Is there a native method to take logs from Agari Phishing defense source and push it to Chronicle?

Jump to Solution

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
In response to Aravind3
Reply posted on --/--/---- --:-- AM

Hi @Aravind3 not at the moment.

Jump to Solution

Posted on --/--/---- --:-- AM
Aravind3
Bronze 4
Bronze 4
In response to Rene_Figueroa
Reply posted on --/--/---- --:-- AM

Hi @Rene_Figueroa ,

What about for Fireeye ETP do we have an native integration method other than a syslog integration for this source?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
In response to Aravind3
Reply posted on --/--/---- --:-- AM

Hi @Aravind3, just saw this now. We do not have an integration with Fireeye ETP. All of our 3rd Party API integrations can be found in the documentation below:

https://cloud.google.com/chronicle/docs/reference/feed-management-api

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Aravind3
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Thanks a bunch @Rene_Figueroa 

Jump to Solution
0 Likes
Top Solution Authors
View all