I am trying to create a custom action in google secops SOAR in which I am fetching some data and it needs to be matched with corresponding logs in chronicle SIEM.
How I cam achieve this ? Is there any corresponding module or API way or both ?
How to query SIEM Logs via SOAR action
+5
+10The Google Chronicle integration has a UDM Query action that will allow you to query the SIEM and display the results in the SOAR. Details available here: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#execute_udm_query
-mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.