This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Rule chaining

Posted on 03-20-2025 08:54 AM
mccrilb
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

https://cloud.google.com/chronicle/docs/detection/rule-chaining?hl=en#single_event_detection_rules

Has anyone worked with this function? I did open a ticket, when I create the consumer rule I am seeing this error

parsing: error with token: "detection"
detection source is not supported

 

Solved Solved
1 10 467
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
suzhuang
Staff
Reply posted on --/--/---- --:-- AM

Rule chaining (now named as Composite Detections) is only available in private preview, it will soon be available in public preview next month.

View solution in original post

Jump to Solution
10 REPLIES 10

Posted on --/--/---- --:-- AM
suzhuang
Staff
Reply posted on --/--/---- --:-- AM

Rule chaining (now named as Composite Detections) is only available in private preview, it will soon be available in public preview next month.

Jump to Solution

Posted on --/--/---- --:-- AM
mccrilb
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

thank you! 

Jump to Solution

Posted on --/--/---- --:-- AM
David-Wang
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi @suzhuang ,

Is 'rule chaining' available now?

Or is there a specific release date planned?

Cause I faced the same error too.

Thanks!

Jump to Solution

Posted on --/--/---- --:-- AM
chad-imp
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I am also interested in rule chaining and expected date for GA. Thanks all! 

Jump to Solution

Posted on --/--/---- --:-- AM
suzhuang
Staff
Reply posted on --/--/---- --:-- AM

Hi everyone, Composite Detections public preview (formally known as rule chaining) will be available in a few days, I will post an update here once the public preview is ready in the next few days. I would love to hear from everyone on what your use cases are to see if we can better assist you.

Jump to Solution

Posted on --/--/---- --:-- AM
mccrilb
Silver 1
Silver 1
In response to suzhuang
Reply posted on --/--/---- --:-- AM

One use case that we have has to do with discovery. We have host discovery and AD discovery rules. Alone, they are noisy. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
mccrilb
Silver 1
Silver 1
In response to suzhuang
Reply posted on --/--/---- --:-- AM

Any update on this?

Jump to Solution

Posted on --/--/---- --:-- AM
kentphelps
Staff
Reply posted on --/--/---- --:-- AM

Composite Detections has just been released for Public Preview

https://cloud.google.com/chronicle/docs/detection/composite-detections

Jump to Solution

Posted on --/--/---- --:-- AM
jstoner
Staff
Reply posted on --/--/---- --:-- AM

It will be a few days before you see it populating within tenants, so please be patient. More content will be posted on how to leverage it further.

Jump to Solution

Posted on --/--/---- --:-- AM
chad-imp
Bronze 5
Bronze 5
In response to jstoner
Reply posted on --/--/---- --:-- AM

Can't wait! ๐ŸŒŸ

Jump to Solution
Top Solution Authors
View all