This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Check out the new Professional Security Operations Engineer certification beta!
Log in to ask a question

chronicle rule

Posted on 10-07-2024 06:55 AM
Emmie-123
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi everyone,

can someone please help me write rule for below scenario?

if any logsource is not streaming to chronicle SIEM in last 24 hours, it should trigger an alert.

your assistance would be greatly appreciated.

Many Thanks

Emmie

0 4 282
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
malvarez
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hey Emmie,

Ingestion related alerting is done from the Google Cloud console using Cloud Monitoring. More info can be found here at Set up ingestion notification for health metrics.

 

 

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
In response to malvarez
Reply posted on --/--/---- --:-- AM

+1 to @malvarez comment. Rules create alerts on current ingested data. For ingestion data gaps, please use Cloud Metrics.

Posted on --/--/---- --:-- AM
Emmie-123
Bronze 3
Bronze 3
In response to Rene_Figueroa
Reply posted on --/--/---- --:-- AM

Thanks @Rene_Figueroa 

0 Likes

Posted on --/--/---- --:-- AM
Emmie-123
Bronze 3
Bronze 3
In response to malvarez
Reply posted on --/--/---- --:-- AM

Thanks @malvarez 

0 Likes
Top Solution Authors
View all