About jstoner

jstoner

I’d like to take a look at a new type of rule that detection engineers and threat hunters can take advantage of within Google Security Operations (SecOps). This type of rule is called a composite rule and provides users greater flexibility to build o...

jstoner

In a previous blog, we covered how to use a cast function to convert string or integer data types to boolean. Today, we are going to look at another cast function. This one converts a string value to a numeric float and appropriately is called cast.a...

jstoner · 03-27-2025

We are going to take a little break from dashboards this week, though this blog will provide an example chart at the end. In the meantime, we are going to take a look at another function that can help convert data from one type to another. In case yo...

jstoner · 03-13-2025

During the course of this blog series, we’ve mentioned the importance of time again and again. This shouldn’t come as a surprise because nearly everything we do in security operations revolves around events with timestamps associated with them. The f...

jstoner · 02-26-2025

In our past few blogs, we’ve looked at creating a new dashboard in Google Security Operations (SecOps), adding visualizations from search and building a time chart for detections. Today, we are going to apply filters to our dashboard. We are going to...

jstoner

Alright, it took a little longer but the import/export capabilities for native dashboards should not be something you can see in your systems. I tested on our outward facing tenant today and it is there. You can export from within the edit mode of a ...

jstoner

It will be a few days before you see it populating within tenants, so please be patient. More content will be posted on how to leverage it further.

jstoner

Here is an example using IP and port not hostname and IP but the general concept is the same. Data tables provide both column matching and row matching. Column matching uses IN (like a reference table) but it just cares if it is in the list, not if t...

jstoner

We have asked for this as it will be super useful for other use cases beyond dashboards. It is in the backlog but totally agree that something like a field list would be much easier to consume.

jstoner

There are a couple of things that immediately jump out that hopefully will help get you going. The first is that while you can have multiple match variables within the match section the time aggregation is going to be the same for all of them. Keep i...

My Stats

Lucas's Bio

Badges jstoner Earned

Recent Activity

New to Google SecOps: Composite Rule Fundamentals

New to Google SecOps: Cast-ing a Wider Net: It’s a Float!

New to Google SecOps: Cast-ing a Wider Net: True or False?

New To Google SecOps: It’s All Relative (in Dashboards)

New To Google SecOps: Filtering Dashboards

Re: Regarding exporting/ sharing of Secops Dashboards outside of the organization

Re: Rule chaining

Re: Data table for Yara-L

Re: Rule detection search

Re: YARA detection rule assist