We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
I am reaching out in relation to the group function:https://cloud.google.com/chronicle/docs/detection/yara-l-2...
Hello Team,Today we faced an issue, where an alert for Impossible Travel Sucessfull was triggered where the co...
Hi everyone, Yesterday I noticed that there could be a problem with our SIEM. I'll give you an example:In cura...
Hi everyone. Recently I'm writing some detection rules in YARA-L for my company. I have a rule that simply mat...
I'm trying to get a first_seen_time for MAC address assets in a rule, but finding that a majority of the deriv...
I am reaching out in relation to:https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Google-SecOps-U...
Hi #community,Is there any option to throttle or prevent a rule with same criteria triggers for x period of ti...
Hello,I struggle with the outcome section for a rule i'm working on at the moment. I looked in the documentati...
I am reaching out in relation to the following metrics post:https://www.googlecloudcommunity.com/gc/Community-...
Hi guys,I am creating a yara rule to find the lateral movement of the users. But i am stuck at assigning risk ...
Hi!I want to create a rule that contemplates different clients($udm.metadata.ingestion_labels["customer"]) and...
We have a list of ~500k CIDRs previously used as a lookup table in Splunk that we would like to replicate as a...
Hi, My reading suggests otherwise but wanted to ask on here whether anyone had successfully managed to create ...
Hi everyone,I'm currently working on setting up some security monitoring for my Google App Engine-hosted websi...
Hey Folks, I ran into a situation today where I wanted to delete a reference list but couldn't figure it out. ...
HiI need to migrate the below Splunk alert to Chronicle , can some one assist how this can be converted in YAR...
Hi,i have wrotten a new Rule, but it shows always 2 or more Events/Alerts. I want to see only one Event at a s...
Hello!I am trying to understand the statedump of a for loop.Raw log in JSON: { "data":{ "businessPhones":[ "(1...
Hi, Does anyone have a sample rule example for detecting WMIC Suspicious Scheduled Tasks and WMIC File Downloa...
How many of us will be at Google Next? I will be, and one of the items that I would like us to do as a communi...
Hi I would like to know if i can user the last seen metric of a user in a YARA rule , if yes while i am using ...
Hi Team,Can anyone provide an insight on how can we create an alert if a log source (Let's assume a principal....
In Chronicle, UDM stands for Unified Data Model.But in some UDM fields, like the following, there is an "idm":...
Hello,Can I create a rule that will alert me every time a new user is created in gcp? how?Thank you.
Is there anyway of querying via a UDM search to find alerts that have triggered?Thanks
Hello,I am looking at the following preview documentation:https://cloud.google.com/chronicle/docs/preview/sear...
Hi All,Please help us, how to write the use cases for Network devices in SIEM.Please share with me if have any...
Hello Experts, Can someone please provide some sample rules to detect SharpH0und, Cred Dumping?Is this one of ...
Hello Experts, Can someone please provide some sample rules to detect WebShell detections?In Essense are tryin...
Hi all, I am having an issue with the error message in the title field and some help would be really appreciat...