Hi,
My use case is to create some alerting mechanism for events where playbooks in chronicle get edited/deleted.
I tried to set this up using GCPs alerting feature by applying conditions on chronicle's audit logs, but it looks these logs for playbooks are not available. Does anyone know what a solution might be for this use case.
Chronicle playbook audit alerts
+13Hi @duttyatharth. For this use case, have you tried exploring the API documentation for SecOps and seeing if there was a combination of available calls that you could use to craft this solution? For example, you might be able to get that playbook metadata then run various comparisons or other analysis on it using the API.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.