This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Needhelp with yara rule to find the users who are accessing the website which is hosted in AppEngine

Posted on 04-10-2024 05:16 AM
NikhilBattula
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi everyone,

I'm currently working on setting up some security monitoring for my Google App Engine-hosted website, and I'm looking to create a YARA rule in chronicle to detect users who are accessing the website. I'd like to monitor this activity for security and compliance purposes.

I tried various udm fields (target.) to find the users who accessing the website, But could'nt be able to find the correct UDM field.Could someone please provide guidance on how I can create an effective YARA rule to achieve this? Specifically, I'm looking to detect HTTPS/HTTP requests or any other relevant activity indicating user access to the website.

Any advice, examples, or resources would be greatly appreciated.

Thanks in advance!
Nikhil

1 3 826
Topic Labels
3 REPLIES 3
Top Solution Authors
View all