+8Hello All,
I found the below documentation to integrate Fireeye ETP and Snowflake to Chronicle.
Fireeye/Trellix ETP: https://docs.cyderes.cloud/integrations/fireeye-etp/?h=trel
Snowflake: https://docs.cyderes.cloud/integrations/snowflake/?h=snowf
Could anyone please help in understanding these integrations?
Thanks in advance.
Aravind Sreekumar
Best answer by Rene_Figueroa
Hi @Aravind3 the configuration is specific to Cyderes, one of SecOps partners. I do not have many details about Cyderes method of sending their data, but most likely they use SecOps SIEM Ingestion API.
In theory, you may use our Ingestion API to send any log source as long as you know the corresponding Log Type, but the implementation must be done on the customer side. Some of our customers use GCP Cloud Functions to send the data with our Ingestion API, but you may have any implementation of your choice. You can find all the available log types in our documentation:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
+8Eg: On this documentation for Agari Phishing Defense: https://docs.cyderes.cloud/integrations/agari-phishing-defense/?h=agari#chronicle-data-types its mentioned "Please send the following to Cyderes via a secure channel when setup is completed:" could you please provide a clarification on this as well
Thank you in advance
+8Eg: On this documentation for Agari Phishing Defense: https://docs.cyderes.cloud/integrations/agari-phishing-defense/?h=agari#chronicle-data-types its mentioned "Please send the following to Cyderes via a secure channel when setup is completed:" could you please provide a clarification on this as well
Thank you in advance
+10Hi @Aravind3 the configuration is specific to Cyderes, one of SecOps partners. I do not have many details about Cyderes method of sending their data, but most likely they use SecOps SIEM Ingestion API.
In theory, you may use our Ingestion API to send any log source as long as you know the corresponding Log Type, but the implementation must be done on the customer side. Some of our customers use GCP Cloud Functions to send the data with our Ingestion API, but you may have any implementation of your choice. You can find all the available log types in our documentation:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
+8Hi @Aravind3 the configuration is specific to Cyderes, one of SecOps partners. I do not have many details about Cyderes method of sending their data, but most likely they use SecOps SIEM Ingestion API.
In theory, you may use our Ingestion API to send any log source as long as you know the corresponding Log Type, but the implementation must be done on the customer side. Some of our customers use GCP Cloud Functions to send the data with our Ingestion API, but you may have any implementation of your choice. You can find all the available log types in our documentation:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
Hello @Rene_Figueroa, Is there a native method to take logs from Agari Phishing defense source and push it to Chronicle?
+10Hello @Rene_Figueroa, Is there a native method to take logs from Agari Phishing defense source and push it to Chronicle?
Hi @Aravind3 not at the moment.
+8Hi @Aravind3 not at the moment.
Hi @Rene_Figueroa ,
What about for Fireeye ETP do we have an native integration method other than a syslog integration for this source?
+10Hi @Rene_Figueroa ,
What about for Fireeye ETP do we have an native integration method other than a syslog integration for this source?
Hi @Aravind3, just saw this now. We do not have an integration with Fireeye ETP. All of our 3rd Party API integrations can be found in the documentation below:
https://cloud.google.com/chronicle/docs/reference/feed-management-api
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
