Hi!
In the curated detection section in SecOps, there is something called Third Party Vendor Passthrough Rules. Does anyone know what they are?
Solved
Explanation of Passthrough Rules
+2Best answer by cmorris
Exactly. Rather than looking for a behavior, the events section of the detection will look for a log type and a severity and trigger based off of that and pass along additional context through the outcome section. No bi-directional sync through the Curated Detections as that is just taking the log and surfacing it. The SOAR integration for the technology may have options to sync or to update.
+12These are rules designed to take an alert from one of the included log types and surface it as an alert in SecOps - https://docs.cloud.google.com/chronicle/docs/detection/third-party-vendor-alerts-category
+2These are rules designed to take an alert from one of the included log types and surface it as an alert in SecOps - https://docs.cloud.google.com/chronicle/docs/detection/third-party-vendor-alerts-category
So alert forwarding per say? And ofc not any bi-directional alert status sync between products
+12Exactly. Rather than looking for a behavior, the events section of the detection will look for a log type and a severity and trigger based off of that and pass along additional context through the outcome section. No bi-directional sync through the Curated Detections as that is just taking the log and surfacing it. The SOAR integration for the technology may have options to sync or to update.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.