Does Chronicle have the ability to forward data to other SIEM platforms? Such as Splunk, IBM QRadar.
Solved
chronicle forward data to other SIEM
+1Best answer by mkrovatkina
Chronicle is not great at data export. You can export raw logs Data export API with https://cloud.google.com/chronicle/docs/preview/data-export-api/data-export-api.
They will go for a log_type to a cloud bucket.
You could also export UDM events with the Search API, but it has a page size limit, so may be less practical for high volume data
https://cloud.google.com/chronicle/docs/reference/search-api
+2- Bronze 2
- Answer
Chronicle is not great at data export. You can export raw logs Data export API with https://cloud.google.com/chronicle/docs/preview/data-export-api/data-export-api.
They will go for a log_type to a cloud bucket.
You could also export UDM events with the Search API, but it has a page size limit, so may be less practical for high volume data
https://cloud.google.com/chronicle/docs/reference/search-api
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.