Attending RSAC 2024? Join us at the upcoming Google Security Operations workshop, where we'll do a deep dive i...
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Hi guys,I am creating a yara rule to find the lateral movement of the users. But i am stuck at assigning risk ...
Hey Folks, I ran into a situation today where I wanted to delete a reference list but couldn't figure it out. ...
Hello,I want to use chronicle SIEM to monitor cloud storage, so I can be alert in things like:High volume of d...
Hello,I am unable to view the statedump of my parser code.Raw log is as follows: "resource": { "type": "k8s_co...
Hi Everyone,I've set up the MISP Ingestion Integration but I'm having no luck getting events from MISP. Every ...
Empowering Detection Engineering with Chronicle SIEM and Mandiant Security Validation Introduction Detection e...
Hi Everyone,I'd appreciate any help on this:I'm ingesting a TI feed from Anomali into the SIEM. The IOCs from ...
We have a webinar, Living on the Edge: Investigating Ivanti Connect Secure VPN Zero-Day Exploits coming up thi...
Hello,thanks to @cmmartin_google I came across the idea to import Misp data into Chronicle. For several reason...
I am trying to wrap my head around outcomes section in YARA-L. Apart from the documentation, I am also looking...
The following doc makes reference to the term "predicate".https://cloud.google.com/chronicle/docs/detection/ya...
Hi, I would like to know how other security team use the IOC matches alerts. Where I work, we are using the IO...
Hi Everyone,I've set up a Cloud Function to ingest MISP feeds into my Chronicle SIEM instance. I'm getting som...
Hi,I'm looking to create a parser extension for the default GCP Loadbalancer one, since it currently doesn't p...
Hi,I want to export alerts from Chronicle to TheHive. How can I realize that. I made search for REST API but I...
Hi,My firm has Chronicle und VT Lizenz. How can I use VirusTotal Relationships (vt) in YARA Rule?ThanksSerbay
Recently I reviewed an article covering an attack path that an actor took in a Google Workspace/GCP environmen...
Does anyone have a dashboard to share? I have a few, but I'd like to see some different perspectives.