Skip to main content
Solved

Detection gaps

  • January 14, 2026
  • 3 replies
  • 44 views
rlewis
Forum|alt.badge.img

Hey guys, do any of you know of a way to efficiently identify which log sources you need ingested in order for the curated detections or even custom rules to work as intended? Google secops currently doesn’t tell you which logs are needed and/or missing for a rule to be accurate.

Best answer by AymanC

Hi ​@rlewis,

 

Typically the ‘overview’ documentations within detection lists the compatible log sources for Curated Detections. If you’re an Enterprise+ customer, from memory you can also see the rule logic behind these rules to see see more specifics.

https://docs.cloud.google.com/chronicle/docs/detection/cloud-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/composite-rules-category
https://docs.cloud.google.com/chronicle/docs/detection/chrome-enterprise-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/linux-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/macos-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/mandiant-hunt-category
https://docs.cloud.google.com/chronicle/docs/detection/risk-analytics-ueba-category
https://docs.cloud.google.com/chronicle/docs/detection/windows-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/ati-curated-detections

Kind Regards,

Ayman

3 replies

AymanC
Forum|alt.badge.img+14
  • AymanCBronze 5
  • Bronze 5
  • Answer
  • January 14, 2026

Hi ​@rlewis,

 

Typically the ‘overview’ documentations within detection lists the compatible log sources for Curated Detections. If you’re an Enterprise+ customer, from memory you can also see the rule logic behind these rules to see see more specifics.

https://docs.cloud.google.com/chronicle/docs/detection/cloud-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/composite-rules-category
https://docs.cloud.google.com/chronicle/docs/detection/chrome-enterprise-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/linux-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/macos-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/mandiant-hunt-category
https://docs.cloud.google.com/chronicle/docs/detection/risk-analytics-ueba-category
https://docs.cloud.google.com/chronicle/docs/detection/windows-threats-category
https://docs.cloud.google.com/chronicle/docs/detection/ati-curated-detections

Kind Regards,

Ayman

rlewis
Forum|alt.badge.img
  • rlewis
  • Author
  • New Member
  • January 14, 2026

thanks ​@AymanC  I’ll take a look through these docs. I tried to open up a specific curated detection to check to the metadata for that information but I didn’t see any info like that but I could have missed it somewhere.

AymanC
Forum|alt.badge.img+14
  • AymanCBronze 5
  • Bronze 5
  • January 14, 2026

Hi ​@rlewis

 

It’ll be dependent on your license, however it’ll be located within the Content Hub, there’s a dedicated ‘Curated Detections’ section where you can view and manage curated detections.

 

Kind Regards,

Ayman

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.