Hello ,
I want to know if there is any possibility to view internal audit logs of chronicle ( login , modifications on parsers , rules modifications etc ... )
Thank you in advance
Page 1 / 1
SecOps/Chronicle stores its audit logs in Cloud Logging. Details available here: https://cloud.google.com/chronicle/docs/administration/audit-logging
-mike
SecOps/Chronicle stores its audit logs in Cloud Logging. Details available here: https://cloud.google.com/chronicle/docs/administration/audit-logging
-mike
Thanks for your reply
How i can forward them to chronicle ? i want to make rules based on audit logs
Thanks
Thanks for your reply
How i can forward them to chronicle ? i want to make rules based on audit logs
Thanks
If you use the native GCP log collection you'll get Chronicle API Admin audit logs automatically, e.g., rule creation, deletion.
To collect data access logs, e.g., users running a Search for X, you'll need an additional filter:
OR (log_id("cloudaudit.googleapis.com/data_access") AND protoPayload.serviceName = "chronicle.googleapis.com")
We have an example Blog series on this topic available here:
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.