Solved: Google SecOps/Chronicle Parser Development - Learn...

SilasRamsbottom · 08-06-2024 01:06 AM

Hi Everyone,

I am just starting with Google SecOps/Chronicle and find creating custom/new parsers interesting. I was wondering if there is a course or clear documentation on how to get started with writing parsers and how to create an efficient one.

dnehoda

Hi Silas.

Here’s some content related to syntax

https://cloud.google.com/chronicle/docs/reference/parser-syntax

There’s also a great piece here by Chris from our org.

https://medium.com/@thatsiemguy/understanding-chronicle-parsers-with-visualization-4ff79f674323

View solution in original post

dnehoda

Hi Silas.

Here’s some content related to syntax

https://cloud.google.com/chronicle/docs/reference/parser-syntax

There’s also a great piece here by Chris from our org.

https://medium.com/@thatsiemguy/understanding-chronicle-parsers-with-visualization-4ff79f674323

matthewnichols

Thanks @dnehoda for providing some resources. @SilasRamsbottom Wanted to follow up to see if the information we provided helped answer your questions. If not, how else can we help you. Thanks!

SilasRamsbottom

Hi @matthewnichols ,
Thank you.
It did help a lot. I have marked @dnehoda answer as solution as well.
The only challenge I’m facing now is the ability to practice it hands-on. Is there a community version available for practicing parser editing? I’ve already used up the initial $300 Google Cloud trial for another purpose 😇.

matthewnichols

Thanks @SilasRamsbottom, there is not a community version available.

SilasRamsbottom

Hi @matthewnichols ,
Thank you

Check out the new Professional Security Operations Engineer certification beta!

Google SecOps/Chronicle Parser Development - Learning Material