Skip to main content

Hi Everyone,

I am working on creating a native dashboard in Google SecOps and have a use case where I need to display the Source IP address, count, and percentage of occurrences inside the table chart.

However, I am unsure how to calculate the percentage correctly.

For example:

Source IP addresscountpercentage(%)
102.50.3.12433.33%
102.50.0.10216.67%
10.20.0.0650%

Could anyone guide me on how to achieve this in YARA-L 2.0? Is there a direct solution or any possible workaround?

Thanks,
Prashant Nakum

Hi @prashant_nakum, have you tried looking at our documentation for YARA-L "Metrics Functions" to see if this information is helpful for building out your data table? 


Someone may provide a better solution for you here but I wanted to send over some of the docs related to metrics in the meantime.


https://cloud.google.com/chronicle/docs/detection/metrics-functions#yara-l_metrics_functions

Hi @prashant_nakum, have you tried looking at our documentation for YARA-L "Metrics Functions" to see if this information is helpful for building out your data table? 


Someone may provide a better solution for you here but I wanted to send over some of the docs related to metrics in the meantime.


https://cloud.google.com/chronicle/docs/detection/metrics-functions#yara-l_metrics_functions


Hi @vaskenh,

Thanks for your quick response!

However, I am looking to calculate the percentage based on the count of occurrences for each source IP address. I couldn’t find any function that directly supports or any other alternative for this calculation.

Is there any alternative approach or function available to achieve this?

Thanks,
Prashant Nakum

At the moment, we do not have a great solution for this. I am hopeful that with some current development work will unlock this later this year but I don't have a specific timeframe to share at the moment.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.