Community,
How do I bring "Audit Logs" from "ManageEngine Endpoint Central" to SecOps ?
Endpoint Central is a supported log type, I don't find an documentation to integrate, please post if there are any docs.
Bring Audit logs to Chronicle
+4Vishnu
Google Security Operations SIEM does not provide a default parser for these log types. You can ingest them with the API or a Forwarder (raw events); however, you will have to create a custom parser to normalize these logs (UDM format). These links should get you started, feel free to contact support for questions regarding custom parsers.
Support without a Default Parser: https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers#without-default-parser
Custom Parser Documentation: https://cloud.google.com/chronicle/docs/event-processing/manage-parser-updates
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.