Cumulative
Is there any other way to manually compute the cumulative year, similar to how the running total works in the ...
SIEM Forum
Find answers to your questions from passionate experts in the community, share industry updates, and engage in discussion.
Forum Posts
Yara L help
I am trying to build the below YARA L rule and i am seeing the same IP triggering after every couple of hours ...
Detection and Intelligence Updates | FortiManager Zero-Day Exploitation
Check out the latest blog on the FortiManager exploitation. This high risk vulnerability has confirmed exploit...
Checkpoint harmony integration to google chronicle
Hi experts,I have doubt on how to ingest logs for checkpoint harmony to google chronicle, as I couldn't find a...
Yara-L search first login
Hi eveyone, I want to create a search to give me the time of the first login, why the query bellows give-me an...
Reference List in chronicle custom dashboard
Hi team,Please tell me if i can use reference list in chronicle custom dashboard? It's quite urgent. would app...
SIEM Dashboard in Google Secops
Hi I like to have a panel that shows all my ingested log sources and its last ingested time . i do see a panel...
Mitre map dashboard
Hi Has anyone created a dashboard that highlights the mitre mapped tactics and techniques mapped use cases in ...
Mandiant integration with chronicle
HiCan some one give me the integration steps for Mandiant with Chronicle SIEM .
Generic question
Hi TeamRecently i came across a scenario where in i am trying to recreate an yara l alert that my colleague cr...
Forwarder Troubleshooting
Hi everyone,Nice to join this community. This is my 1st post, as our SecOps platform was just provisioned a fe...
YARA Help To identify the total low volume dip or increase
Hi all,I'm looking for a way to calculate the total log volume for the last 7 days and compare it with the pre...
Alternative of negative lookahead
srcip=(?!(10[.]|172[.](?:1[6-9]|2[0-9]|3[0-1])[.]|192[.]168[.]))Negative lookahead (?!) is not supported by re...
stats command not returning results
HiI am trying to run a stats command to know the name of alerts triggered under product name ""Office 365 Secu...
Ingesting audit logs from Gitlab
Hey, please, I'd like to ingest audit gitlab logs into Chronicle. There is already some documentation [1]. Whe...
How can we integrate the following Microsoft Defender with Chronicle SIEM ?
Hi TeamCan someone help me how i can integrate the below Microsoft Defender products with chronicle SIEM ?Micr...
custom dashboard chronicle condition check
Dear Everyone,Please let me know if below scenario is achievable in chronicle SIEM custom dashboard.if user be...
Parse timestamp out of CEF event
Hello everyone,I'm triying to parse the timestamp out of a CEF event.For example, we have the following Raw Ev...
Red Hat Openshift integration
Hi How can we integrate Red Hat OpenShift with Google Chronicle
Dashboard to show log consumption per project
Hey, is there a way to know what is the current log consumption per project? This post shows per type [1] but ...
Convert log to be JSON-like
I'm trying to test a format to format a log that should arrive as JSON but has some special characters and isn...
Yara doubt
Hi I am thinking of building a query in which i am going to use file.hash or process.hash to be compared with ...
Problems with the time of my logs Google Chronicle SIEM
I have problems with my logs since they are ingesting in the SIEM with a schedule that is not appropriate, the...
Problem with delimiter usage in webhook feed for SecOps
I've set up a webhook feed collection in SecOps. The logs are being indexed in json object blocks:{content 1}....
Comparison with reference list and threat feed
Hi All I am trying to write a YARA L query where in from my logs (process hash values and file hash values) ne...
Parse the value without converting into string
Hello All,I want to parse the below mentioned log value in integer format only, but when i map it to additiona...
Connector health monitorin
HiIs there a solution to keep an active tracking of connector health. So that we know whenever a connector is ...
Yara rule
HiIf we have by any reason have duplicate logs for example a log source like 0365 (emails) , while building a ...
Preview Dashboard
Is there anyway to have 2 y-axis in native dashboard chart line graph? Just want to confirm if it’s applicable...
