Welcome to the Google Cloud Security Community!

SalesForce Logs Integration to Google Chronicle

HI, we have salesforce shield licence and I am configuring event logs ingestion to google chronicle. My question is which events google chronicle will pull after configuration. Do we need to have event data streaming option enabled for each of the ev

241

1 minute ago

AnimSparrowBronze 2

Prompt / Instruction to analyst with dynamic input

Hello,Is there any options to show pending action to user with dynamic field inside?I know how to create IDE that will prompt user with plaintext, same as Flow > Instruction. But is there any option to prompt user with something dynamic? Even as a

101

25 minutes ago

RobDelRioNew Member

Secops-SOAR - Nesting placeholders

So it seems is not possible to nest placeholders in the expression builder right?I have several fields that come with comma separated values, pretty much like field1: “value1, value2, value3”.So I wanted to iterate over a list of items and do operati

411

1 hour ago

msugar_tNew Member

Issues using Data Export (Enhanced) API and secops export CLI: 403 PERMISSION_DENIED and 400 INVALID_ARGUMENT

Hi everyone,I want to export raw logs from our Google SecOps instance to a GCS bucket in the same region (northamerica-northeast2, Toronto) using the Data Export (Enhanced) API (directly with curl or the secops export CLI (https://github.com/google/s

1888

1 hour ago

Felipe_PintoNew Member

SecOps – Page Keeps Loading Indefinitely

After performing the Stage 2 migration of the SOAR environment, we started experiencing intermittent issues when accessing the SecOps (SIEM) web interface.At certain moments, specific pages fail to load and remain stuck in an infinite loading state (

130

2 hours ago

jstonerStaff

Community Blog

New to Google SecOps: Integrating Entra ID and Office 365 Using Feed Management (Part 2)

We’re back with part two of our Entra ID and Office 365 integration into Google SecOps blog. In our previous blog, we focused on creating an application in Entra ID and gathering key values that we will use to set up our feeds.While we created our ap

4794

4 hours ago

jstonerStaff

Community Blog

New to Google SecOps: Integrating Entra ID and Office 365 Using Feed Management (Part 3)

In our previous two blogs (Part 1 and Part 2), we discussed how to set up and configure an application in Entra ID and assign permissions to access Entra ID and Office 365 events. You might be thinking at this point, I’m here to work with Google SecO

7836

4 hours ago

ShaliniPereraBronze 1

Event Stats Dashboard for time > 92 days

Hi, I want to get a report using the dashboards for a time period exceeding 92 days that is currently permitted for stats dashboards. i cant do this using a UDM search result since the requirement i have is to only get the latest login which is not p

120

5 hours ago

Aravind3Bronze 3

Ingestion Delay alerting in Google SecOps

Hi Everyone,I’m writing to check whether it’s possible to monitor and alert on ingestion delays (i.e., lag between event time and ingestion time in logs/SecOps) for more than 1 hour using the Google Cloud Monitoring console. Thank you in advance.Arav

100

Roni11

Secops - Data table

Hi,I’m working on enriching AWS CloudTrail logs with Organization Unit (OU) information. Since CloudTrail logs (except for the “CreateAccount” event) do not natively include the OU, I’ve implemented the following workflow:I created a Data Table that

10

sagargondaliyaNew Member

SalesForce Logs Integration to Google Chronicle

HI, we have salesforce shield licence and I am configuring event logs ingestion to google chronicle. My question is which events google chronicle will pull after configuration. Do we need to have event data streaming option enabled for each of the ev

241

1 minute ago

AnimSparrowBronze 2

Prompt / Instruction to analyst with dynamic input

Hello,Is there any options to show pending action to user with dynamic field inside?I know how to create IDE that will prompt user with plaintext, same as Flow > Instruction. But is there any option to prompt user with something dynamic? Even as a

101

25 minutes ago

RobDelRioNew Member

Secops-SOAR - Nesting placeholders

So it seems is not possible to nest placeholders in the expression builder right?I have several fields that come with comma separated values, pretty much like field1: “value1, value2, value3”.So I wanted to iterate over a list of items and do operati

411

1 hour ago

Felipe_PintoNew Member

SecOps – Page Keeps Loading Indefinitely

After performing the Stage 2 migration of the SOAR environment, we started experiencing intermittent issues when accessing the SecOps (SIEM) web interface.At certain moments, specific pages fail to load and remain stuck in an infinite loading state (

130

2 hours ago

ShaliniPereraBronze 1

Event Stats Dashboard for time > 92 days

Hi, I want to get a report using the dashboards for a time period exceeding 92 days that is currently permitted for stats dashboards. i cant do this using a UDM search result since the requirement i have is to only get the latest login which is not p

120

5 hours ago

Aravind3Bronze 3

Ingestion Delay alerting in Google SecOps

Hi Everyone,I’m writing to check whether it’s possible to monitor and alert on ingestion delays (i.e., lag between event time and ingestion time in logs/SecOps) for more than 1 hour using the Google Cloud Monitoring console. Thank you in advance.Arav

100

Roni11

Secops - Data table

Hi,I’m working on enriching AWS CloudTrail logs with Organization Unit (OU) information. Since CloudTrail logs (except for the “CreateAccount” event) do not natively include the OU, I’ve implemented the following workflow:I created a Data Table that

10

TheSecOpsGuyBronze 5

Export - MITRE ATT&CK Matrix Dashboard

Hi Everyone ,Is there a way to export the MITRE ATT&CK matrix/dashboard so the export includes (1) rule names for both curated/built-in and custom rules, and (2) the mapped MITRE ATT&CK TTPs (tactic/technique IDs and names) for each rule. Loo

141

8 hours ago

DogangNew Member