This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Hello!I would like to know if someone has sent to Chronicle the Aruba
Central logs.If so, how was it done and what kind of info does it
collect (audit logs, security logs, all...). Thanks in advance.Mireia.
Good afternoon! I want to ingest Azure Activity Logs into our Chronicle
instance. For that, I have found the following guide: Ingest Azure
Activity Logs | Chronicle | Google CloudThis guide explains how to
obtain those logs but using 'shared key'. It...
Hi!I am configuring a feed on Chronicle SIEM to obtain Azure Activity
Logs following this guide: Ingest Azure Activity Logs | Chronicle |
Google CloudAs I am doing it using 'shared key', I would like to
restrict the access to that Blob (in Azure) so ...
Hi!I want to create a rule that contemplates different
clients($udm.metadata.ingestion_labels["customer"]) and in each of them
generates alerts for different users($udm.target.user.email_addresses).I
have seen that in the dashboards and visualization...
I finally solved the problem by configuring the rule in this way: rule
rule_prueba { meta: author = "mireia" description = "deteccion en
entornos distintos" severity = "Low" events:
//$udm.metadata.ingestion_labels["customer"] = $who (
$udm.metadata....
Hi @Rene_Figueroa !First of all, I have created the token this way:I
have set the start date one day earlier just in case.Then, I have
configured the feed like this:And I get the following error:I have also
tried configuring the feed with the full SA...