+3Hello,
I recently came across past events that are conducted by google cloud security,
Title : Bangalore: Chronicle SIEM + SOAR Partner Technical Training
is there any recordings available for these sessions ? or when will it happen again in India ? or any virtual trainings available ?
can someone suggest me some good learning resources for Secops other than cloudboost and the official documentation ?
thanks for your help.
+16Hey @leodas, thanks for your post. Great question. I can check into that for you and get back to you. As for some training sessions. I would suggest checking out John Stoner's short videos and articles. They cover specific features use cases. Also, there were some Security Spotlight series that were recorded back in March this year. Search for "Security Spotlight" and you'll see 3 option pop up.
What type of learning courses are you particularly interested in and what use cases or outcomes are you trying to achieve?
Thanks!
+3Hey @leodas, thanks for your post. Great question. I can check into that for you and get back to you. As for some training sessions. I would suggest checking out John Stoner's short videos and articles. They cover specific features use cases. Also, there were some Security Spotlight series that were recorded back in March this year. Search for "Security Spotlight" and you'll see 3 option pop up.
What type of learning courses are you particularly interested in and what use cases or outcomes are you trying to achieve?
Thanks!
Hi @matthewnichols & @kentphelps
Thanks for your suggestions and the links i will for sure go through the videos.
To Answer your question, i would like to explore all the options in Google secops. I have gone through the official documentations and the videos in cloudboost. but with that i am able to achieve a basic thing for example:
1. I tried to build a siem dashboard --> i was able to get the total list of rules that are available in our environment, but if i would like to create a graph for the alerts that are triggered based on mitre tactics i am struck how to do that.
2. In the SIEM Search, i would like to build some complex queries to filter the logs, instead of just udm = "value" to filter the logs --> i would request a tutorial on it. especially training on building YARA-L Rule [P.S : I know basics of it like, meta, events,match,outcome and how to build a rule].. but, i see in John Stoner's video that, we will be able to pass a variable as a value --> $process.metadata.event_type = $event_type .. what is this ? what are the different variables that we can use ? how entities are mapped based on this rule ? what is array_distinct ? what is count distinct and my questions goes on..
So if we have a general training session with agenda mentioned this event : Bangalore: Chronicle SIEM + SOAR Partner Technical Training we would be more familiar with the tool and use it efficiently...
Thank you.
+16Hi @matthewnichols & @kentphelps
Thanks for your suggestions and the links i will for sure go through the videos.
To Answer your question, i would like to explore all the options in Google secops. I have gone through the official documentations and the videos in cloudboost. but with that i am able to achieve a basic thing for example:
1. I tried to build a siem dashboard --> i was able to get the total list of rules that are available in our environment, but if i would like to create a graph for the alerts that are triggered based on mitre tactics i am struck how to do that.
2. In the SIEM Search, i would like to build some complex queries to filter the logs, instead of just udm = "value" to filter the logs --> i would request a tutorial on it. especially training on building YARA-L Rule [P.S : I know basics of it like, meta, events,match,outcome and how to build a rule].. but, i see in John Stoner's video that, we will be able to pass a variable as a value --> $process.metadata.event_type = $event_type .. what is this ? what are the different variables that we can use ? how entities are mapped based on this rule ? what is array_distinct ? what is count distinct and my questions goes on..
So if we have a general training session with agenda mentioned this event : Bangalore: Chronicle SIEM + SOAR Partner Technical Training we would be more familiar with the tool and use it efficiently...
Thank you.
Hi @leodas Thanks for some context.
For #2... I do know that if you just search the community based on your categories some solutions pop up from other customers posts. For example, not sure if this one is helpful but check out the post and solution on Display outcome variables from yara-L rules on alert view.
There also might be a User Groups available in your area. We are currently building out this program so if there isn't one in your area now, there should be one within the next few months.
I'll keep you posted on any online training events we have in the future and appreciate all your feedback.
+3Hi @leodas Thanks for some context.
For #2... I do know that if you just search the community based on your categories some solutions pop up from other customers posts. For example, not sure if this one is helpful but check out the post and solution on Display outcome variables from yara-L rules on alert view.
There also might be a User Groups available in your area. We are currently building out this program so if there isn't one in your area now, there should be one within the next few months.
I'll keep you posted on any online training events we have in the future and appreciate all your feedback.
Hi @matthewnichols ,
Thanks for your reply. eagerly waiting for the online training events 😎
Can you please let us know how to find the user groups ? is there any discord/Slack or anyother platforms? will you be able to provide me with links to the platform ?
Kind Regards,
+16Hi @matthewnichols ,
Thanks for your reply. eagerly waiting for the online training events 😎
Can you please let us know how to find the user groups ? is there any discord/Slack or anyother platforms? will you be able to provide me with links to the platform ?
Kind Regards,
Will do. For User Groups, just go to the nav bar and scroll over till you see User Groups then find one in your area. Hope that helps. Cheers!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
