This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Is there an API endpoint to create an alert in Chronicle ?

Posted on 10-11-2024 02:08 AM
Zorghost
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Good day,

Is there an API endpoint that can be leveraged to manually create alerts using a cloud function for example in google secops siem ?

Thank you in advance !

0 1 166
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
cmmartin_google
Staff
Reply posted on --/--/---- --:-- AM

To create a (Detection) Alert in Google SecOps SIEM would require a YARA-L Detection Rule (set to Alerting) is triggered.  From a Cloud Function you can via the legacy Ingestion API, or newer Chronicle API (importLogs) to send in matching raw logs or structured UDM Events to trigger a YARA-L Detection Alert.

0 Likes
Top Solution Authors
View all