Hello,
I am currently working on setting up a dashboard in Google SecOps (previously Chronicle) to monitor and track rule modifications. My objective is to create a dashboard that provides insights into the changes made to the rules, such as creation, updates, and deletions.
Please let me know if anyone has idea about it.
Thanks,
Suraj
Page 1 / 1
Hi Suraj,
Google SecOps has a rule dashboard where you can see all your created rules. See https://cloud.google.com/chronicle/docs/detection/view-all-rules
In this dashboard you will be able to see:
- Trend chart displays the rule with the greatest number of detections over the past 3 weeks.
- Displays a graph of the activity associated with the rules. Hovering over a bar in the chart displays the date and number of detections.
- Run frequency indicates the approximate frequency the rule will execute.
- Live Status (Enabled or Disabled).
- Rule severity as in the Rule metadata.
If you edit the rule you will be able to see the View Version. In this section you will see the different modifications done to the rule, timestamps and updates.
hi @skadav
Do you have GCP Cloudaudit logs being ingested into your instance? If so the following documentation will help -> https://cloud.google.com/chronicle/docs/administration/audit-logging
Kind Regards,
Ayman
hi @skadav
Do you have GCP Cloudaudit logs being ingested into your instance? If so the following documentation will help -> https://cloud.google.com/chronicle/docs/administration/audit-logging
Kind Regards,
Ayman
Yes, ingest GCP audit logs and then from there you can take a look at this - https://medium.com/@thatsiemguy/auditing-chronicle-admin-actions-27c9f011283d
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.