This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Sharing log parsers with people on this community

Posted on 01-13-2023 08:26 PM
Chris_B
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

What’s been your experience sharing log parsers with people on this community?
Has it been beneficial? Risky?
Is GitHub the most common way to share?

1 3 206
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
Cyrus_Robinson
New Member
Reply posted on --/--/---- --:-- AM

I don't know that I've specifically seen folks share log parsers, but I think that Github would probably be a good way to do so. I don't see why it'd be too risky so long as doing so does not conflict with your company's policy on information sharing.

0 Likes

Posted on --/--/---- --:-- AM
Mikail_Tun
New Member
Reply posted on --/--/---- --:-- AM

I've open sourced "helpers" to pull certain types of logs from 1Password and Slack and also detections/rules but not parsers because we rely on Google engineers to update/create parsers for us

0 Likes

Posted on --/--/---- --:-- AM
Pieter_Van
New Member
Reply posted on --/--/---- --:-- AM

I would definitely be a fan of open-sourcing custom parsers! The problem lies with the custom datatypes though. You need to request those via support. The way we look at it now is make the parser, run it for a few months and then ask chronicle to make it a default supported one.

0 Likes