This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Check out the new Professional Security Operations Engineer certification beta!
Log in to ask a question

Ingest custom IOCs from Playbook enriched entities

Posted 3 weeks ago
andysilk
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi there,

I would like to monitor certain entities that have been enriched by SOAR playbooks (e.g. reputation service) via the IOC Matches pane in Google SecOps, so that I can track where these IOCs are seen in the organisation in the future.

Is it possible to ingest custom entities in this way, perhaps by outputting from an alert playbook to a data table which is then used as the IOC source?

If the above is the wrong approach, how might I use SecOps to monitor custom entities that I believe are worthwhile monitoring but which are not associated with a threat intel feed?

Thanks

0 1 101
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ylandovskyy
Staff
Reply posted on --/--/---- --:-- AM

@andysilk ,

Not an expert in the IOC Management/Ingestion, so can't really confirm/deny the idea, but I just wanted to share that my team is working on Data Tables actions for Google Chronicle integration. Planned to be delivered in early Q3.