We have use case to build the asset management inventory, Where we can manage the devices from centralized dashboard.
We already ingesting multiple log types to SECOPS (Chronicle SIEM). But how to use these log types for asset management.
Any doc or suggestion will be helpful.
Page 1 / 1
chronicle is best for threat detection and log management however there is always a workaround. Now the question is - how are you currently doing it? Through a third party tool or somewhere in a spreadsheet. Also do you have SOAR solution in place?
Yes we have a SOAR in place and not via spreadsheet planning to fetch the content via api and display in webpage.
As someone mentioned above, SecOps is not built for Asset Management purposes.
There are native Dashboards on Data Ingestion and Health that can help you understand what log sources are sending logs into SecOps, but all of these Dashboards would not help you with a comprehensive understanding of your Assets.
As someone mentioned above, SecOps is not built for Asset Management purposes.
There are native Dashboards on Data Ingestion and Health that can help you understand what log sources are sending logs into SecOps, but all of these Dashboards would not help you with a comprehensive understanding of your Assets.
To add on here - how would you track or define an asset?
IP, hostname, domain, user?
There’s such an ever changing list of items but I suppose you could create a dashboard in the native dashboard but what would be your log source of truth? There would be alot of overlap across technologies.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.