Hello ,
it's possible to create a rule to detect silent forwarders in chronicle ? i don't want to create a policy in gcp monitoring .
Which UDM should i use ? can you help please ?
Thanks
Page 1 / 1
Assuming you are looking for silent forwarders, not silent devices, I can imagine how this can be accomplished. You may send the metrics to Chronicle via pub/sub from GCP console (essentially you are feeding these forwarder metrics to Chronicle) and then write a parser for them. We need to check if there is a log type we can use to ingest these. Once there you can then write a rule to look for silent forwarder.
Is it possible to achieve this in GCP by creating a policy that triggers an alert when a Forwarder is down?
If so, could you please guide me on how to set this up?
Thanks
Is it possible to achieve this in GCP by creating a policy that triggers an alert when a Forwarder is down?
If so, could you please guide me on how to set this up?
Thanks
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.