We're looking to ingest IRU and Kandji logs into our Google SecOps environment but can't find any related documentation. What's the recommended approach for this integration?
Question
Recommended approach: IRU/Kandji log ingestion into Google SecOps Chronicle
+2
+12I see an existing log type for Kandji (cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers). Ingest to log type using one of these methods - https://docs.cloud.google.com/chronicle/docs/ingestion/data-types#overview-data-ingestion. Where are the logs today (on-prem or cloud) and what options does Kandji provide for sending the logs?
There is not an existing parser for Kandji, so you would need to create one. You could also file a Feature Request for a parser.
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.