How to enable Chronicle Features Dashboard

aravind_s12321 · 01-02-2024 09:14 PM

Hello All,

Could anyone please let me know how can we enable the dashboard in the below link?
https://github.com/goog-cmmartin/thatsiemguy/blob/main/release_notes_to_udm/dashboard/chronicle_rele...

I tried running the below code but doesn't seems to be pushing logs with the changes to be made in the python code. Please find the below code.

https://github.com/goog-cmmartin/thatsiemguy/blob/main/release_notes_to_udm/cloud_function/main.py

deeshu

Did you define the secrets like CHRONICLE_CUSTOMER_ID, SERVICE_ACCOUNT_FILE etc in the python file? What's the error you are getting?

aravind_s12321

except the GCP project i've given everything there is no error it is running but i can't see logs getting pushed. Is it nesecary to give GCP project?

cmmartin_google

You can test if the Cloud Function is sending logs by checking the logs on the Cloud Function itself, or else you could try a RLS, or UDM Search, e.g.,

metadata.product_name = "Chronicle SIEM Release Notes"

The other thing is as release notes aren't pushed that often, for testing you can change the env VALID_EVENTS_RANGE value to a larger interval, i.e., make sure its larger enough to capture a latest release note.

aravind_s12321

Ive tried fetching details from last 3 months. But no logs are getting saved. Please find the below snip.

And what would be the log type?

Webinar May 14th: Gemini's generative AI within Google SecOpsWebinar May 29th: Log Ingestion: Bindplane + Google SecOps

How to enable Chronicle Features Dashboard

Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps