Attending RSAC 2024? Join us at the upcoming Google Security Operations workshop, where we'll do a deep dive i...
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
We are looking to provide an MSSP type of service and build an XDR service, currently looking to explore how d...
Hello,I struggle with the outcome section for a rule i'm working on at the moment. I looked in the documentati...
I have a situation where I need to advise some clients and users that the default `Unix System` parser will pa...
Hi All,I am very much looking forward to learning more about parsers, but we do not understand how to develop ...
Hi,I want to ingest 2 different types of logs from GCP to Chronicle SIEM.1) executed commands on GCP projects ...
In the event a forwarder crashed, let's say 24-48 hours of downtime.How can we recover the events that were me...
Hey all,I am trying to connect our Chrome browser with Chronicle using the native workspace connector and Chro...
We are getting below error while accessing Chronicle console. Any idea why this error is coming ?SSO login was...
Hello,I'm setting up asset enrichment through the ENTITY_CONTEXT. I have configured time interval as below:By ...
Hi Community,Did anyone try to ingest a completely custom log data to Chronicle SIEM?I mean log data which doe...
Hi guys,I am creating a yara rule to find the lateral movement of the users. But i am stuck at assigning risk ...
Hi!I want to create a rule that contemplates different clients($udm.metadata.ingestion_labels["customer"]) and...
Good afternoon! I want to ingest Azure Activity Logs into our Chronicle instance. For that, I have found the f...
Hi!I am configuring a feed on Chronicle SIEM to obtain Azure Activity Logs following this guide: Ingest Azure ...
We have a list of ~500k CIDRs previously used as a lookup table in Splunk that we would like to replicate as a...
Are you installing Chronicle forwarder and get the following error when setting up the forwarder when trying t...
Hi, My reading suggests otherwise but wanted to ask on here whether anyone had successfully managed to create ...
Hi All,Is there any way that we can find the duplicate events ingested into chronicle. If yes, could you pleas...
How are others ingesting Gmail logs into Chronicle?We've been sending them directly to BQ and querying them th...
Hi everyone,I'm currently working on setting up some security monitoring for my Google App Engine-hosted websi...
Hey Folks, I ran into a situation today where I wanted to delete a reference list but couldn't figure it out. ...
How to send a chronicle siem alert to chronicle soar? So basically we would need to send a chronicle siem aler...
HiI need to migrate the below Splunk alert to Chronicle , can some one assist how this can be converted in YAR...
Hi All I have been working to create an approach for customers migration from existing SPLUNK SIEM (on prem) t...
Hi,i have wrotten a new Rule, but it shows always 2 or more Events/Alerts. I want to see only one Event at a s...
In Chronicle If I didn't log from a particular source within a timeframe of 30 minutes, will we be able to cre...
Hello everyone,I am having a quite hard time trying to parse a MalwareByte logs in CEF + KV format, since the ...
In a predefined parser, 2 different raw fields are parsed to same UDM field:"var_target.resource.resource_subt...