Skip to main content
Solved

How to Calculate Percentage in YARA-L 2.0 for Google SecOps Native Dashboard

  • March 17, 2025
  • 3 replies
  • 74 views
prashant_nakum
Forum|alt.badge.img+4

Hi Everyone,

I am working on creating a native dashboard in Google SecOps and have a use case where I need to display the Source IP address, count, and percentage of occurrences inside the table chart.

However, I am unsure how to calculate the percentage correctly.

For example:

Source IP addresscountpercentage(%)
102.50.3.12433.33%
102.50.0.10216.67%
10.20.0.0650%

Could anyone guide me on how to achieve this in YARA-L 2.0? Is there a direct solution or any possible workaround?

Thanks,
Prashant Nakum

Best answer by jstoner

At the moment, we do not have a great solution for this. I am hopeful that with some current development work will unlock this later this year but I don't have a specific timeframe to share at the moment.

3 replies

vaskenh
Staff
Forum|alt.badge.img+13
  • vaskenh
  • Staff
  • March 18, 2025

Hi @prashant_nakum, have you tried looking at our documentation for YARA-L "Metrics Functions" to see if this information is helpful for building out your data table? 

Someone may provide a better solution for you here but I wanted to send over some of the docs related to metrics in the meantime.

https://cloud.google.com/chronicle/docs/detection/metrics-functions#yara-l_metrics_functions

prashant_nakum
Forum|alt.badge.img+4

Hi @prashant_nakum, have you tried looking at our documentation for YARA-L "Metrics Functions" to see if this information is helpful for building out your data table? 

Someone may provide a better solution for you here but I wanted to send over some of the docs related to metrics in the meantime.

https://cloud.google.com/chronicle/docs/detection/metrics-functions#yara-l_metrics_functions


Hi @vaskenh,

Thanks for your quick response!

However, I am looking to calculate the percentage based on the count of occurrences for each source IP address. I couldn’t find any function that directly supports or any other alternative for this calculation.

Is there any alternative approach or function available to achieve this?

Thanks,
Prashant Nakum

jstoner
Staff
Forum|alt.badge.img+22
  • jstoner
  • Staff
  • Answer
  • March 20, 2025

At the moment, we do not have a great solution for this. I am hopeful that with some current development work will unlock this later this year but I don't have a specific timeframe to share at the moment.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.