This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
What is with the pop out side bar? Can we go back? I was away on
vacation and haven't been out here for awhile, but was there a community
discussion on this?
As it seems that SOAR training is now on Skills Boost, do we need to
retake all of them to get the badges even if we passed them all on
https://learn.chronicle.security Just curious
@Lokesh_Dachepal If you don't want to use a SIEM product, you can always
do Windows event forwarding to get all logs to a centralized place.
https://learn.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-i...
If you want to do custom lists, start buy making a list, the category is
important as you will be calling that. then for a playbook you could do
something like this based on your EDR product trigger, then check to see
if it is on the 'False Positives...
any json output or specific to Chronicle SIEM? are you using as part of
a condition in the flow [event.] = (whatever you need).
depends on the use case.
it all depends on how you are using the playbooks. We, as a MSSP, use
playbooks to weed out false positives/known issues and perform Tier1
actions before cases get to the the analysts for deeper analysis. If
deemed false positive/known issue, we put ...
