We are excited to announce the availability of Google Cloud Security Customer Success subscriptions. Optimize ...
HiWithin the Kubernetes Node parser, I am trying to split the textPayload into separate fields. The textPayloa...
Hello Team,Can you please help me with parsing the CSV log? While there are no errors during parsing, I am onl...
Hello everybody!A client requested to inject "Sharepoint" into their SIEM instance so, as usual, the first thi...
In a predefined parser, 2 different raw fields are parsed to same UDM field:"var_target.resource.resource_subt...
Hi,I have been struggling to find the right approach to ingest 1password audit events into Chronicle SIEM. Upo...
Hello Team, we are trying to parse fields from json log format, but there are nested fields Within the "Messag...
Hi Team, While parsing UDM Entity and UDM Event for under the same parser, I got following error. generic::inv...
Hi Community,Did anyone try to ingest a completely custom log data to Chronicle SIEM?I mean log data which doe...
Dear Community,Did anyone manage to successfully transform or parse Windows Event Logs (System, Security) that...
what is the correct log type OR ingestion label to use in the chronicle forwarder configuration for the follow...
Hi,Would like to ask for your help on how can I parse this nested json in a udm{"type": "POTENTIAL_RISKY_ACTIV...
I am writing parser extension and want to update security_result.description field.if [@computed][message] != ...
I have a situation where I need to advise some clients and users that the default `Unix System` parser will pa...
Hi All,I am very much looking forward to learning more about parsers, but we do not understand how to develop ...
Hello,I'm setting up asset enrichment through the ENTITY_CONTEXT. I have configured time interval as below:By ...
Hello everyone,I am having a quite hard time trying to parse a MalwareByte logs in CEF + KV format, since the ...
I have an existing parser that is working fine, but doesn't contain UDM mappings for a few RAW fields. This is...
In the following doc:https://cloud.google.com/chronicle/docs/reference/udm-field-listit says:> When writing co...
Hello,I need to develop some code to that will export the characteristics of servers and various network eleme...
Hello!I am trying to understand the statedump of a for loop.Raw log in JSON: { "data":{ "businessPhones":[ "(1...
Hi I'm trying to append a new label into the "event.idm.read_only_udm.target.resource.attribute.labels" field ...
Hello Team,Not able to parser the required fields from the oracle database audit logs.Sample log - [".*DATABAS...
I have multiple firewalls (same log type) sending logs to a single collector and I need to identify them by th...
Hi Team,We are using Wazuh agent in some of our endpoint and using Chronicle forwarder to ingest those logs in...
I have tested a date filter that imports the metadata.event_timestamp correctly when used in a custom parser. ...
I am trying to pull data by using the CSV Custom IOC feed from a GCP storage bucket. Looking at the Parser I s...
What is the issue with below extension code: filter { json { source => "message" array_function => "split_colu...
Hello everyone,I am in the process of finalizing a parser, trying to debug the validation errors I recive when...
We are currently trying to get our feet wet in managing our own parsers in Chronicle. We have started with Vir...