Community & Learning workshop - RSAC 2024
Attending RSAC 2024? Join us at the upcoming Google Security Operations workshop, where we'll do a deep dive i...
SIEM Forum
Find answers to your questions from passionate experts in the community, share industry updates, and engage in discussion.
Forum Posts
New Google Cloud Security Customer Success Services Available!
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
Has anyone got successful with 1password logs ingestion in Chronicle SIEM?
Hi,I have been struggling to find the right approach to ingest 1password audit events into Chronicle SIEM. Upo...
Inject Aruba Central logs into SIEM
Hello!I would like to know if someone has sent to Chronicle the Aruba Central logs.If so, how was it done and ...
Got an error as - "udm and entity are both non-nil"
Hi Team, While parsing UDM Entity and UDM Event for under the same parser, I got following error. generic::inv...
Stats in search not working
Recently trying stats in search (Preview) but it seems not working on our end. Tried the sample in documentati...
How to update Chronicle SIEM alerts with API?
Hi Gurus,I am new to Chronicle SIEM, I can get alerts with ListDetections APIs(https://cloud.google.com/chroni...
Office 365 apps configuration
Hi all, I'm in process of ingesting Office 365 feed into chronicle SIEM. I would like to know if there is guid...
Chronicle SIEM connecting with AWS Cloud Trail
How Chronicle SIEM connecting with AWS Cloud Trail via EventBridge Rule . can anyone explain this. or suggest ...
Trying to deploy a Chronicle instance
I am starting recently on Chronicle; I have created a new project and enabled a Chronicle API, but the next st...
Segregation of similar alerts into one in Google chronicle SIEM
Hi All,I just want to know is there any feasibility to merge similar alerts into one single alert that matches...
metrics - data is being bucketed on a daily basis across a window of 30 days.
I am reaching out in relation to:https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Google-SecOps-U...
reference list api questions
Hi, I would like to know to if there is way to append a reference list without getting the content of the list...
Integration of Oracle Cloud with Google Chronicle
We are in the process of integrating Oracle Cloud with Google Chronicle. Please share the possible methods for...
🚨 Google Security Ops Gets Even BETTER! Your Q4 Feature Update Recap! 🚨
Missed the original announcement? No worries, I've got you covered! Google Cloud dropped some seriously awesom...
Snare Windows Event Logs with WINEVTLOG default parser
Dear Community,Did anyone manage to successfully transform or parse Windows Event Logs (System, Security) that...
ingestion labels for cloudflare & zscaler internet access logs
what is the correct log type OR ingestion label to use in the chronicle forwarder configuration for the follow...
Issues with ingesting EKS audit logs (CloudWatch)
I've set up a AWS CloudWatch feed to ingest EKS audit logs from an S3 bucket. Initially it fetches one file wi...
Throttle Rule Alerts
Hi #community,Is there any option to throttle or prevent a rule with same criteria triggers for x period of ti...
Problem with outcome aggregation (array) for a multiple-event rule
Hello,I struggle with the outcome section for a rule i'm working on at the moment. I looked in the documentati...
Kubernetes textPayload Split
HiWithin the Kubernetes Node parser, I am trying to split the textPayload into separate fields. The textPayloa...
Aggregate functions in metrics
I am reaching out in relation to the following metrics post:https://www.googlecloudcommunity.com/gc/Community-...
Parse Nested Json
Hi,Would like to ask for your help on how can I parse this nested json in a udm{"type": "POTENTIAL_RISKY_ACTIV...
merge in parser extension overwrites the value instead of merging
I am writing parser extension and want to update security_result.description field.if [@computed][message] != ...
Azure AD SSO integration with Google Chronicle Secops
I am trying to integrate Azure AD SSO with Chronicle SIEM , The relevant team has provided the required keys t...
Feed management new features - Feed names and support for push logs
April 26, 2024 The feed management feature is now enhanced to include the following: Feed names: You can assig...
Chronicle Security Operations has been rebranded to Google Security Operations
April 25, 2024 Chronicle Security Operations (Chronicle SecOps) has been rebranded to Google Security Operatio...
Introducing Your New Weekly Contributor to the Security Forums
Are you hungry for more Google Security content? Craving a way to easily find those hidden gems of knowledge? ...
chronicle webhook feed
HI everyoneIs there any chance that the webhook feed will be restored?Roberto
How can chronicle SIEM be used for storing data of multiple tenants?
We are looking to provide an MSSP type of service and build an XDR service, currently looking to explore how d...
What events Does the `Unix system` parser actually parse?
I have a situation where I need to advise some clients and users that the default `Unix System` parser will pa...
