About nahatx

nahatx · 12-03-2024

Hi, does anyone have the greediest set of permissions that could be granted to a custom GCP IAM role in tandem to Chronicle API Restricted Data Access without violating data RBAC?As a partial example, looking at Chris Martin's Data RBAC blog here, he...

nahatx · 05-10-2024

I'm trying to get a first_seen_time for MAC address assets in a rule, but finding that a majority of the derived_context asset entities have entity.asset.first_seen_time set as 1 second after epoch. Motivation being to create a rule similar to the on...

nahatx

Awesome! Thank you @mikewilusz.Which service account key does the integration require?

nahatx

Super cool! @David-French , are there plans to add SOAR Actions to search/update Data Tables as well? Assuming so, do you have any roadmap estimate?

nahatx · 02-12-2025

The Key UDM fields for parsers documentation will have a lot of the go to mappings. It's not specifically for Applied Threat Intel (ATI), but they use a lot of the same fields as what's marked for aliasing.I believe relevant grouped fields will also ...

nahatx · 02-10-2025

Useful link for anyone wondering what's actually new here.Enterprise Plus customers get access to a special BindPlane Enterprise (Google Edition) license. This new license is nearly the BindPlane Enterprise license, however has no ingestion cost like...

nahatx · 02-07-2025

The certificate is something that you need to generate yourself and store on the server hosting the Chronicle Forwarder or BindPlane Agent.Depending on the log source application, you may be able to self-sign the certificate. If self-signing, then si...

My Stats

Rlopez2005's Bio

Badges nahatx Earned

Recent Activity

Feature RBAC for Data RBAC restricted Admins

Unable to find MAC addresses' entity.asset.first_seen_time

Re: Getting Started with Data Tables in Google Security Operations

Re: Getting Started with Data Tables in Google Security Operations

Re: Google SecOps - UDM Fields Required for Applied Threat Intelligence

Re: New Google SecOps Feature Announcement: Data Pipeline Management

Re: Integrating Log Source with TLS – Looking for SecOps Forwarder Certificate