This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

How to setup spur feeds in SecOps?

Posted on 11-15-2024 06:35 PM
zeekforit
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

Good day. Wanted to ask if you have any idea how we should setup spur feeds in SecOps ? Is it done through feeds? If it is, would you be able to suggest how we should configure it ? We are getting a compressed file from spur which is around 4gb and 12m of lines and struggling how we can make it work together with SecOps to be able to track connections from Anonymous IPs. Thank you.

0 1 237
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
David-French
Staff
Reply posted on --/--/---- --:-- AM

Hi @zeekforit,

I believe you should be able to create a feed in Google SecOps to ingest Spur data feeds from a location like a Google Cloud Storage bucket and choose the "Spur data feeds" log type when configuring the feed.

I don't have a Spur subscription myself, but I do have a sample data set that I obtained earlier this year. I just attempted the above using my sample data set and am seeing an "INTERNAL_ERROR" message though ๐Ÿค”

Can you attempt to create a new feed using your Spur data and let me know how it goes?

0 Likes
Top Solution Authors
View all