Attending RSAC 2024? Join us at the upcoming Google Security Operations workshop, where we'll do a deep dive i...
We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
I am reaching out in relation to:https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Google-SecOps-U...
Hi #community,Is there any option to throttle or prevent a rule with same criteria triggers for x period of ti...
Hello,I struggle with the outcome section for a rule i'm working on at the moment. I looked in the documentati...
I am reaching out in relation to the following metrics post:https://www.googlecloudcommunity.com/gc/Community-...
Hi guys,I am creating a yara rule to find the lateral movement of the users. But i am stuck at assigning risk ...
Hi!I want to create a rule that contemplates different clients($udm.metadata.ingestion_labels["customer"]) and...
We have a list of ~500k CIDRs previously used as a lookup table in Splunk that we would like to replicate as a...
Hi, My reading suggests otherwise but wanted to ask on here whether anyone had successfully managed to create ...
Hi everyone,I'm currently working on setting up some security monitoring for my Google App Engine-hosted websi...
Hey Folks, I ran into a situation today where I wanted to delete a reference list but couldn't figure it out. ...
HiI need to migrate the below Splunk alert to Chronicle , can some one assist how this can be converted in YAR...
Hi,i have wrotten a new Rule, but it shows always 2 or more Events/Alerts. I want to see only one Event at a s...
Hello!I am trying to understand the statedump of a for loop.Raw log in JSON: { "data":{ "businessPhones":[ "(1...
Hi, Does anyone have a sample rule example for detecting WMIC Suspicious Scheduled Tasks and WMIC File Downloa...
How many of us will be at Google Next? I will be, and one of the items that I would like us to do as a communi...
Hi I would like to know if i can user the last seen metric of a user in a YARA rule , if yes while i am using ...
Hi Team,Can anyone provide an insight on how can we create an alert if a log source (Let's assume a principal....
In Chronicle, UDM stands for Unified Data Model.But in some UDM fields, like the following, there is an "idm":...
Hello,Can I create a rule that will alert me every time a new user is created in gcp? how?Thank you.
Is there anyway of querying via a UDM search to find alerts that have triggered?Thanks
Hello,I am looking at the following preview documentation:https://cloud.google.com/chronicle/docs/preview/sear...
Hi All,Please help us, how to write the use cases for Network devices in SIEM.Please share with me if have any...
Hello Experts, Can someone please provide some sample rules to detect SharpH0und, Cred Dumping?Is this one of ...
Hello Experts, Can someone please provide some sample rules to detect WebShell detections?In Essense are tryin...
Hi all, I am having an issue with the error message in the title field and some help would be really appreciat...
Can someone please provide some guidance on how to go about writing a YARA-L rule for to detect this?- Randomi...
I am looking at the following blog:https://chronicle.security/blog/posts/new-to-chronicle-a-new-view-for-searc...
I need to create a rule that will trigger an alert every time a new bucket is created in GCP.I tried to do thi...
@Marie_Chudolij YouTube video 2-27-24 - Chronicle SOAR to the Rescue: Orchestrate SIEM Reference List Updates ...
Empowering Detection Engineering with Chronicle SIEM and Mandiant Security Validation Introduction Detection e...