Build with Google Cloud Security MCP Servers
Google Cloud Security announced open source Model Context Protocol (MCP) servers for Google SecOps (SIEM and S...
SecOps SIEM
Have SIEM questions? Connect with other Google Cloud Security experts to discuss best practices, troubleshooting, and the latest updates on Google Cloud's SIEM solutions.
Forum Posts
SecOps API Wrapper SDK for Python
Announcing the release of a simple SecOps API Wrapper SDK: https://pypi.org/project/secops/ now using the SecO...
Community-driven detection content for Google SecOps. Calling all defensive practitioners!
A few members of the Google Cloud Security Community have expressed interest in sharing detection content with...
AWS Cloud trail logs ingestion
Hi I have recently onboarded AWS cloud trail logs via S3 mechanism , however due to some issues we were asked ...
FineTuning of Possible Outbreak Rule
Hi All,I want you guys to review the below rule:Rule Name: Possible Outbreak Excessive connectionsrule possibl...
Mapping Palo Syslog to UDM
I have a tool that receives Palo Alto firewall syslog (formatted in RFC 5424) and then maps the syslog to Chro...
Request Clarification: Palo Alto source integration
Hello Everyone,While integrating Palo Alto with Chronicle, I found a document from Palo Alto which states that...
Reference List in chronicle custom dashboard
Hi team,Please tell me if i can use reference list in chronicle custom dashboard? It's quite urgent. would app...
ingest logs that are not supported
Hi Experts,Are we able to ingest logs that are not indicated in the log type?https://cloud.google.com/chronicl...
Red Hat Openshift integration
Hi How can we integrate Red Hat OpenShift with Google Chronicle
Mapping Individual Users in GCP IAM
Hello everyone,One of our customers is encountering the following error message when accessing SecOps SIEM.We ...
Chronicle forward alerts to QRadar
Hello,Can I forward all alerts from Chronicle to my on-premises SIEM QRadar?Thank you
No return contact from sales
@travisn Hello, Like others have written here, I too have contacted sales numerous times via the online chat f...
Support for top-level array JSON structured messages?
Hello,We have a product that ships log messages to a file in a top level nested JSON array - example:[{"test":...
How to update Chronicle SIEM alerts with API?
Hi Gurus,I am new to Chronicle SIEM, I can get alerts with ListDetections APIs(https://cloud.google.com/chroni...
Rule Conditions
Some context here: I'm writing a detection rule to monitor the network connections and check if any of them ma...
Generic Question
Hi I am not sure if i am putting my question correctly here , Is it necessary to learn Chronicle Ingestion API...
Rule Creation
I'd like to create a rule from a dashboard tile. Is that possible? Could you provide me with more information ...
-Google Chronicle- Integration
Hey, when configuring the Google Chronicle Integration, the system requires a "User's Service Account". Please...
Detection rule won't match IOC domains uploaded to Entity Graph
Hey there,I'm posting this hoping to find answers (and possibily a solution): In the last weeks I've been tryi...
Metrics usage in Yara L
Hi TeamI am trying to replicate an alert that was built in Splunk .1) Use case is to check an anomaly in the S...
Oracle cloud with chronicle
Hi Can someone suggest how i can integrate oracle cloud with google chronicle?
Virustotal on SIEM
Hi I would like to ask if its possible to use our VT enterprise api on siem, we want to use it for threat hunt...
IOC Hunt Using Chronicle Detection
Good morning--Over the years one of the concerns that our security team has had is around the use of "EDR bypa...
help with Query
Hi Has anyone experience this issue this field when copied or exported will show as security_result.action The...
Time Chart: Requests per minute of Top 10 IPs
Hi all,I'm coming over from Splunk where this type of query would be pretty trivial, but I'm struggling to mak...
Cisco NDR with chronicle
HiCan someone suggest how i can integrate cisco NDR with chronicle?
Deleting ingested data
Hi Is it possible to delete data that is ingested to google chronicle. If i have accidentally onboarded PII da...
SecOps Forwarder failing gs://chronicle-distribution
Hello everybody,We have an urgent problem with a SecOps Forwarder instance from one of our customers.The error...
Cumulative
Is there any other way to manually compute the cumulative year, similar to how the running total works in the ...
Detection and Intelligence Updates | FortiManager Zero-Day Exploitation
Check out the latest blog on the FortiManager exploitation. This high risk vulnerability has confirmed exploit...
Yara-L search first login
Hi eveyone, I want to create a search to give me the time of the first login, why the query bellows give-me an...
SIEM Dashboard in Google Secops
Hi I like to have a panel that shows all my ingested log sources and its last ingested time . i do see a panel...
