Hi
Is Google working on any AI based parser assistance tool, that can assist MSSP to ingest custom log or logs for which parser is yet not developed from Google ?
Is it feasible to do below objective? Objective: Create an app that auto-detects log formats, retrieves parsing rules from Google SecOps docs via RAG, and generates UDM-compliant parsers
Hi Rahul.
Yes, we've been doing research on this, though mostly focused on Parser extensions. I think what you outlined is the right approach, though we've needed to add a lot of parser specific stuff into the process to get the parsers to compile. If you want to DM me, I can share some more info directly.
Hi @rahul7514,
For JSON log sources, the below references may be of interest:
https://cloud.google.com/chronicle/docs/event-processing/auto-extraction
https://medium.com/@thatsiemguy/automagic-json-parsing-e838ecda08c2
Kind Regards,
Ayman
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.