Build with Google Cloud Security MCP Servers
Google Cloud Security announced open source Model Context Protocol (MCP) servers for Google SecOps (SIEM and S...
SecOps SIEM
Have SIEM questions? Connect with other Google Cloud Security experts to discuss best practices, troubleshooting, and the latest updates on Google Cloud's SIEM solutions.
Forum Posts
SecOps API Wrapper SDK for Python
Announcing the release of a simple SecOps API Wrapper SDK: https://pypi.org/project/secops/ now using the SecO...
Community-driven detection content for Google SecOps. Calling all defensive practitioners!
A few members of the Google Cloud Security Community have expressed interest in sharing detection content with...
SIEM - Feeds for GCP Artifact registry container-analysis-occurrences-v1 subscription not working
I have a GCP project where we have Artifact Registry with Container Analysis enabled.It publish events of the ...
Qradar to chronicle
Hello CommunityHas anyone made the switch from QRadar to Chronicle? What were the biggest challenges and benef...
Extract nested key value pairs json
I'm trying to extract ip and hostname from a nested json. There are multiple ips and hostnames depending on th...
AWS IAM Soar integration mdoule showing error
I was testing SOAR response module of AWS IAM with one of the aws account. Created a user in aws account and i...
Chronicle SIEM Rule - Match section
Hi,I tried to write a simple rule using match section.This is the rule - rule storage_bucket_creation_gcp {met...
Error with default parser for Fortinet logs
Some of my logs have a field that is mapped to a port number instead of the service (such as HTTP, HTTPS) in t...
Deploying Separate Chronicle Instances for Prod & dev
Hey folks!can anyone help me understand how can I deploy two chronicle instances(interfaces) for both prod & d...
TLS settings in secops forwarder collector
Hi,I need to add tls certificate to my collector, in secops forwarder, there should be tls server key path giv...
Counting the number of occurrences of a specific string
I'm trying to generate a search on the number of times a credential has been automatically rotated using our p...
Custom Parser for GCP Audit Logs
I'm trying to create a custom parser for events that contain the "callerIsGceClient": trueFor all events that ...
Parser for field extraction and concatenation
Hi, I have a nested json data from a log source. It has a URL field but it can't be directly mapped to "url_ba...
Case Merge
HiOur customer receive several cases and would like to prevent duplicates and merge cases for a better overvie...
Feature RBAC for Data RBAC restricted Admins
Hi, does anyone have the greediest set of permissions that could be granted to a custom GCP IAM role in tandem...
Fetching ASN data from MISP IOC
Hi @cmmartin_google , I read your blog relating to how to get MISP IOC to secops and for one of our client we ...
SIEM only Access
Hi,I need to create a users' group that would only be granted access to the SIEM parts of the SecOps instance ...
Converting Regular Airflow Logs to Structured JSON to write on Google Cloud Logging
I am trying to solve a problem, where I can generate and store regular Airflow log files on a GCP VM. I am usi...
Breaking out grouped data into distinct rows
I'm working on a search string that will eventually (hopefully) be used in API that will query our Tenable log...
Metadata.Event_Type mappings.
HiI need clarification on how the metadata.event_type (Enum Value) is mapped to product_event_type. I have obs...
Discrepancies in Data Ingestion health dashboard & SecOps Data.
Hi,We are encountering discrepancies between the data shown in the Data Ingestion Health Dashboard and the Sec...
Yara rule help
Hi Can someone tell me difference between logs received from Azure AD and office 365 azure AD logs , So if the...
Data RBAC in Google SecOps SIEM
Hello Everyone,I have implemented Data RBAC feature on my id, but im not able to use the IOC Matches tab. In t...
Issue with YARA L
Hi I am trying to build the below yara rule and it throws the following error message .Not sure where i am goi...
Google SecOps/Chronicle Parser Development - Learning Material
Hi Everyone,I am just starting with Google SecOps/Chronicle and find creating custom/new parsers interesting. ...
Best Practices for Configuring SIEM in Google Cloud
Hi everyone,I’m currently setting up a Google Chronicle SIEM system and would like advice on the following:1. ...
delay in case creation in Chronicle SOAR
Cases in Chronicle SOAR were created one hour after the alert was triggered in Sentinel, despite the connector...
Reference List multiple columns ?
Hi Can reference list have multiple columns ? Lets say i am trying to create a reference list that has 2 colum...
Why cant we create if an logsource is not reporting as an alert ?
Hi AllWe have done creating alerts using GCP with email notification .But still can some one tell me the reaso...
Facing an issue with YARA L rule
rule critical_ioc_detected_ip { meta: author = "Anurag Singh" description = "Rule to check for any traffic com...
SecOps Platform Theme became light
Hi,A couple of days ago, the theme of our SIEM/SOAR became light and in some screens (like Rules & Detections)...
SIEM search query on key:value
Hello, when searching for an event, how can I join the value of the key and its value? For example, I have the...
