Google Security Operations, Q2, 2024 Feature Roundup
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
This article explains how to bulk close alerts with the Google Security Operations API. It provides step-by-step instructions and Python client code for closing a list of alerts triggered by a given detection rule.
We conclude this mini-series with the integration of the Entra ID application with Google Security Operations using the Feed Management capability and cover tips for setup, troubleshooting and optional settings for additional context.
Picking up where we left off last time, we look at the permissions required in an Entra ID app that are required to monitor these log sources in Google SecOps and how to configure the application.
Google SecOps provides organizations the ability to monitor on-premise and cloud solutions, including Microsoft Entra ID and Office 365 to gain greater visibility to threats. This post introduces the concepts of feeds as well as the components of a Microsoft Entra ID app that are required to set up monitoring of this data.
New Google SecOps instance with no data? Use the APIs to create your first Reference List, Detection Rule, and a USER_LOGIN UDM Event that triggers the Rule.
In part two of this blog series, David French walks through an example of operationalizing threat intelligence to create an actionable detection for GitHub Enterprise. He also explains the concept of tuning detections to improve their precision and demonstrates how to do this in Google SecOps.
For many organizations, GitHub houses critical intellectual property and is a prime target for attackers seeking to steal valuable source code, disrupt software development operations, or carry out supply chain attacks. In this blog series, David French demonstrates how to monitor your GitHub Enterprise environment for suspicious activity with Google SecOps.
Building on our previous post, take statistical search a step further in Google SecOps with additional aggregation functions, mathematical operators and if/then/else statements!
Learn how Google SecOps adds new capabilities to generate statistical searches that can help power investigations and hunts!
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
In this blog, we will continue to extend our visibility. We will discover how we're developing custom integrations within Google SecOps platform for CRXcavator and Spin.AI to assess browser extensions.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on November 9th, 2023 and is focused on the Google SecOps integration with Looker for dashboarding. This blog summarized the previous steps around building dashboards and adds additional customizations and sharing to the dashboard we built throughout this mini-series.
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on October 11th, 2023 and is focused on the Google SecOps integration with Looker for dashboarding. This blog add the ability to create custom fields.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on September 28th, 2023 and is focused on the Google SecOps integration with Looker for dashboarding. This blog builds adds pivot functionality of Looker to create a time chart.
In our final post of this mini-series, we examine group by and filtering capabilities within metric functions to further refine data beyond a single dimension and use network, endpoint and cloud authorization data in multiple examples to illustrate it all coming together.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on September 14th, 2023 and is focused on the Google SecOps integration with Looker for dashboarding. This blog builds on the previous and adds tabular summaries.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on August 29th, 2023 and is intended for users getting started building dashboards using the Google SecOps to Looker integration.
Greetings, security enthusiasts! It is with great excitement that we are announcing Marie Chudolij, your new weekly contributor to the Security Forums in the Community. Together, we will embark on a journey of exploration, sharing insights, and staying ahead of the curve in cloud security.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on December 20th, 2023 and introduces users to Google SecOps community rules repository.
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on November 30th, 2024 and introduces Saved Searches within the UDM search interface.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on August 15th, 2023 and introduces global threat intelligence in the entity graph that can be used for YARA-L rules; tor exit nodes and remote access tools.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on July 27th, 2023 and is a set of examples based on user questions.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on July 13th, 2023 and is a question and answer session based on user questions raised over the past few months.
Level up your Detection Engineering capabilities by implementing a modern workflow that uses free tools to automate the management of detection rules in Chronicle.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on June 22nd, 2023 and demonstrates how first and last seen can be used for rule building in YARA-L.
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on June 8th, 2023 and introduces the concept of Grouped Fields within the UDM search interface.