We have enterprise plus instance, question is how do we know that all GCTI feeds like SPUR context, Remote Access Tools, Benign Binaries, Relationships are surfacing in the chronicle without any issues during the implementation phase.
How do we confirm this.
Hi @ganeshsunkari ,
Good question. To confirm that VirusTotal and GCTI feeds like SPUR, Remote Access Tools, Benign Binaries, and Relationships are fully ingested in Chronicle Enterprise Plus:
Check the Feed Management section in Chronicle to see feed status and last ingestion times.
Use the Detection Rules or IOC search to run test queries against known indicators from those feeds.
Review the log ingestion metrics and feed dashboards to ensure no errors or delays.
If needed, work with Google Cloud Support to validate end-to-end feed health during implementation.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.