Good day,
Is there an API endpoint that can be leveraged to manually create alerts using a cloud function for example in google secops siem ?
Thank you in advance !
Page 1 / 1
To create a (Detection) Alert in Google SecOps SIEM would require a YARA-L Detection Rule (set to Alerting) is triggered. From a Cloud Function you can via the legacy Ingestion API, or newer Chronicle API (importLogs) to send in matching raw logs or structured UDM Events to trigger a YARA-L Detection Alert.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.