This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
This blog section is a place where community members can hear from Googlers, customers, and partners and get tips, advice, and information about topics across Google Cloud Security.
We conclude this mini-series with the integration of the Entra ID
application with Google Security Operations using the Feed Management
capability and cover tips for setup, troubleshooting and optional
settings for additional context.
Picking up where we left off last time, we look at the permissions
required in an Entra ID app that are required to monitor these log
sources in Google SecOps and how to configure the application.
Google SecOps provides organizations the ability to monitor on-premise
and cloud solutions, including Microsoft Entra ID and Office 365 to gain
greater visibility to threats. This post introduces the concepts of
feeds as well as the components of a Microsoft Entra ID app that are
required to set up monitoring of this data.
Building on our previous post, take statistical search a step further in
Google SecOps with additional aggregation functions, mathematical
operators and if/then/else statements!
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on November 9th, 2023
and is focused on the Google SecOps integration with Looker for
dashboarding. This blog summarized the previous steps around building
dashboards and adds additional customizations and sharing to the
dashboard we built throughout this mini-series.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on October 11th, 2023
and is focused on the Google SecOps integration with Looker for
dashboarding. This blog add the ability to create custom fields.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on September 28th,
2023 and is focused on the Google SecOps integration with Looker for
dashboarding. This blog builds adds pivot functionality of Looker to
create a time chart.
In our final post of this mini-series, we examine group by and filtering
capabilities within metric functions to further refine data beyond a
single dimension and use network, endpoint and cloud authorization data
in multiple examples to illustrate it all coming together.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on September 14th,
2023 and is focused on the Google SecOps integration with Looker for
dashboarding. This blog builds on the previous and adds tabular
summaries.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on August 29th, 2023
and is intended for users getting started building dashboards using the
Google SecOps to Looker integration.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on December 20th,
2023 and introduces users to Google SecOps community rules repository.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on November 30th,
2024 and introduces Saved Searches within the UDM search interface.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on August 15th, 2023
and introduces global threat intelligence in the entity graph that can
be used for YARA-L rules; tor exit nodes and remote access tools.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on July 27th, 2023
and is a set of examples based on user questions.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on July 13th, 2023
and is a question and answer session based on user questions raised over
the past few months.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on June 22nd, 2023
and demonstrates how first and last seen can be used for rule building
in YARA-L.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on June 8th, 2023 and
introduces the concept of Grouped Fields within the UDM search
interface.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on April 20th, 2023
and introduces prevalence in Google SecOps and how it can be applied to
YARA-L rules for domains, ip addresses and file hashes.
As we continue with metrics and their functions, we move beyond network
metrics and use authentication events to illustrate use with additional
metric capabilities like first and last seen.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on April 13th, 2023
and continues to examine how to integrate your own threat intelligence
into Google SecOps and outputting additional context from your YARA-L
rule.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on March 29th, 2023
and demonstrates how 3rd party threat intelligence can be ingested into
Google SecOps and used in writing YARA-L rules.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on March 9th, 2023
and introduces how Safe Browsing can be used with Google SecOps to drive
greater awareness around suspicious binaries.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on February 23rd,
2023 and applies the concepts of contextual awareness to rule writing
using YARA-L.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on February 2nd, 2023
and introduces contextual awareness, the ability for assets and user
stores to automatically associate events and entities together and how
these entity values can be searched.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on January 9th, 2023
and introduces additional functions around dates and numeric values that
we have not covered in previous blogs.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on December 14th,
2022 and introduces the network function net.ip_in_range_cidr for use in
YARA-L rules to focus our rules on specific CIDR netblocks and then
applies this to CIDR reference lists.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on December 1st, 2022
and builds on our base64 and regular expression functions by adding
reference lists to our rule.
The “New to Chronicle” blog found on chronicle.security has moved to the
Community Blog. This blog was originally published on November 16th,
2022 and introduces the UDM search interface.
Building on our introduction of metrics and their functions, we look at
various aggregation options and apply these to a sample detection rule
to identify outlier network traffic.