Dear Everyone,
Please let me know if below scenario is achievable in chronicle SIEM custom dashboard.
if user belongs to malware_group(ACL), it should capture yes in the report else no.
my acl looks like-- chronicle_soc_users
can i actually use if statement to get the desired result?
Thanks in advance.
Emmie
Hi @Emmie-123,
Based on which dashboard functionality you are referring to, if it is using Looker Embedded, this is possible by using the 'if' function[1]
if(yesno_expression, value_if_yes, value_if_no)
This thread[2] should also aid in providing an example of this function being used, and its output (if referring to using dashboards utilising looker embedded). Alternatively if this is related to stats and aggregates search, or preview dashboard functionality, then this following reference[3] should help you.
[1] - https://cloud.google.com/looker/docs/functions-and-operators
[2] - Solved: Re: SIEM Dashboard in Google Secops - Google Cloud Community
[3] - https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-syntax#conditional_logic
Kind Regards,
Ayman
Hi @Emmie-123,
Based on which dashboard functionality you are referring to, if it is using Looker Embedded, this is possible by using the 'if' function[1]
if(yesno_expression, value_if_yes, value_if_no)
This thread[2] should also aid in providing an example of this function being used, and its output (if referring to using dashboards utilising looker embedded). Alternatively if this is related to stats and aggregates search, or preview dashboard functionality, then this following reference[3] should help you.
[1] - https://cloud.google.com/looker/docs/functions-and-operators
[2] - Solved: Re: SIEM Dashboard in Google Secops - Google Cloud Community
[3] - https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-syntax#conditional_logic
Kind Regards,
Ayman
Hi @AymanC , Thanks for the input. please confirm what parameter should i use in yesno_expression?
if(yesno_expression, value_if_yes, value_if_no)
Hi @AymanC , Thanks for the input. please confirm what parameter should i use in yesno_expression?
if(yesno_expression, value_if_yes, value_if_no)
Hi @Emmie-123,
The 'yesno_expression' should contain the value you want to match (for example wherever 'malware_group' is), for it to then output 'value_if_yes', or 'value_if_no'.
Kind Regarrds,
Ayman
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.