This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Hi Everyone,I'd appreciate any help on this:I'm ingesting a TI feed from
Anomali into the SIEM. The IOCs from that feed show up in the Alerts &
IOCs - IOC Matches screen. Those raw logs won't parse because the raw
log has too many UDM events. How can...
Hi Everyone,I'm a little confused as to how to use separate environments
for multiple clients. Do we tag the environments at the log source, the
feeds etc., and can we link a namespace or label to an environment? Any
help would be appreciated. TIASam
Hi Everyone,I've set up a Cloud Function to ingest MISP feeds into my
Chronicle SIEM instance. I'm getting some failures uploading the events
which I'm assuming is due to the 1MB limit (the smaller feeds upload
without a problem). In this post:
https...
Hi Everyone,I've set up the MISP Ingestion Integration but I'm having no
luck getting events from MISP. Every time it downloads, there are 0
events. No errors, just no events.Has anyone done this successfully? I'm
pulling my hair out.Thank you Sam
Hi @ion_ Yes, I'm seeing the following:RuntimeError: Error occurred
while pushing logs to Chronicle. Status code 400. Reason: {'error':
{'code': 400, 'message': 'Request contains an invalid argument.',
'status': 'INVALID_ARGUMENT'}}
Thank you @cmmartin_google that was extremely helpful, it took a bit of
hacking but using your github link managed to get it working. Much
appreciated
