Hi
I am not sure if i am putting my question correctly here , Is it necessary to learn Chronicle Ingestion API , are there scenarios where normal integration method wont work and will have to adher to Chronicle Ingestion API , reason for asking this i am not good with coding and stuff .So just wanted to know if i should start learning python .
Can we have a video based tutorial of a log ingestion via Chronicle Ingestion API ,explaining the steps ?
Page 1 / 1
Hi again,
You certainly don’t HAVE to use the ingestion API by itself, through python scripting or postman. However, there’s multiple use cases where it’s very helpful to have that knowledge. If there’s a small app you use that has logging but would likely never have a feed or parser setup, then you could preformat your logs as UDM and skip the parsing process.
Another example would be to ingest logs for troubleshooting scenarios or rule creation.
Chris has a couple articles about using the new and old API’s.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.