Hey Team
How can i filter logs before sending it via chronicle forwarder and Chronicle ingestion API, is it possible?
For example i want to discard some maintenance specific logs from Palo alto .if i am doing it via Forwarder how can i achieve this and if i am doing via ingestion APi how can i achieve this.
For the forwarder, we support regex filtering of events. Details are here: https://cloud.google.com/chronicle/docs/install/forwarder-configuration-manual#filter
For Ingestion API, your code that's using the ingestion API would have to do the event filtering. If you're thinking about our Feed Management (where we do API collection), we do not support filtering there yet today.
-mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.