Hello Folks, I am running a google secops POC, so till now i have installed bindplane agent on Windows endpoints and connected their feed to google secops. The issue im facing is that im unable to collect the correct telemetry and also unable to collect the powershell telemetry data. I have these logs forwarded to google secops SIEM, but im unable to create a CASE which is basically SOAR. Ive tried using the chronicle connector but unable to push these alerts to soar and create a case.
If possible please help me out to the earliest.
Thank you
Solved
Google secops Integration setup
Best answer by SoarAndy
The connector will do “anything that fires as an Alert, ingest to SOAR”
If you write the Rule, and enable Alerting, that’s all you need
+11Is the PowerShell data flowing into SecOps? From there, you would create a detection rule based on the behaviors you wanted to alert on. You would set that rule to alerting and a case should be created via the connector from there.
Is the PowerShell data flowing into SecOps? From there, you would create a detection rule based on the behaviors you wanted to alert on. You would set that rule to alerting and a case should be created via the connector from there.
Yes, Powershell logs are present with alerting rules, but im confused with the connector to make it a case. What is the config to create the connector
+12The connector will do “anything that fires as an Alert, ingest to SOAR”
If you write the Rule, and enable Alerting, that’s all you need
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.