Hi Everyone,
I am just starting with Google SecOps/Chronicle and find creating custom/new parsers interesting. I was wondering if there is a course or clear documentation on how to get started with writing parsers and how to create an efficient one.
Page 1 / 1
Hi Silas.
Here’s some content related to syntax
https://cloud.google.com/chronicle/docs/reference/parser-syntax
There’s also a great piece here by Chris from our org.
https://medium.com/@thatsiemguy/understanding-chronicle-parsers-with-visualization-4ff79f674323
Thanks @dnehoda for providing some resources. @SilasRamsbottom Wanted to follow up to see if the information we provided helped answer your questions. If not, how else can we help you. Thanks!
Hi @matthewnichols ,
Thank you.
It did help a lot. I have marked @dnehoda answer as solution as well.
The only challenge I’m facing now is the ability to practice it hands-on. Is there a community version available for practicing parser editing? I’ve already used up the initial $300 Google Cloud trial for another purpose 😇.
Thanks @SilasRamsbottom, there is not a community version available.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.