does datatable also append rows on new alerted detections from Yara-l rule, I have only experimented it with a retrohunt(for investigations) ?
I'm hoping the rule saves the detections to the table while on live + alerting.
Page 1 / 1
Also how do you define the primary keys of the data table ?
You can have your rule/detection append to a Data Table. Details here: https://cloud.google.com/chronicle/docs/investigation/data-tables#write_detections_and_alerts_to_data_tables_using_yara-l
-mike
You can have your rule/detection append to a Data Table. Details here: https://cloud.google.com/chronicle/docs/investigation/data-tables#write_detections_and_alerts_to_data_tables_using_yara-l
-mike
Yea, that's understood.
I didn't make any detections for the rule till now(the one i'm experimenting with) -- so I only wanted to confirm that the export not only for the retro-hunt. but also exports when the rule naturally make detections ?
Yea, that's understood.
I didn't make any detections for the rule till now(the one i'm experimenting with) -- so I only wanted to confirm that the export not only for the retro-hunt. but also exports when the rule naturally make detections ?
You're correct! A live rule will append to the Data Table when it's active.
-mike
Also how do you define the primary keys of the data table ?
Hello @mikewilusz
could you also help here, if you aware of it ?
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.