Hi Everyone,
I am writing this post to request clarification on “NOZOMI_GUARDIAN” integration, we followed the below document from Nozomi, where it is directing us to add our service account in the Nozomi instance and log will start flowing to Google SecOps. The connection is successful but the logs are getting in to the log type “UDM” whereas we were expecting it to be in to “NOZOMI_GUARDIAN”.
I understand this integration is designed to send logs to the log type “UDM” because the title of the document says “Google Chronicle (Ingestion API - UDM)”. Can we change the log type to “NOZOMI_GUARDIAN”? if not, how to get the logs in to the log type “NOZOMI_GUARDIAN” ?
Nozomi Documentation: https://technicaldocs.nozominetworks.com/products/n2os/topics/administration/settings/data-integration/c_n2os_admin_settings_data-integration_google-chronicle-2.html
Thanks so much in advance.
Aravind Sreekumar
Clarification Request: NOZOMI_GUARDIAN getting in to Log type UDM
+8- Bronze 2
+2Hello, In this case Nozomi is controlling the ingestion by formatting and pushing the events in UDM format. I don’t see anything in their documentation that lets you apply/select the logtype as NOZOMI_GUARDIAN. Also you cannot change the log type post ingestion/normalization.
Per their documentation, you should be able to export the logs to external storage. You can explore this option to route the logs to any public cloud bucket and then ingest these via SecOps Feed management option and select the desired log type (NOZOMI_GUARDIAN).
https://technicaldocs.nozominetworks.com/products/n2os/topics/administration/settings/data-integration/c_n2os_admin_settings_data-integration_external-storage.html
However since the logs are already being ingested as UDM and being parsed, you should be fine the way Nozomi logs are being currently ingested and normalized.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.