I was checking information about monitoring of silent log sources and came across few previous posts and these official documentation:
Silent-host monitoring | Google Security Operations | Google Cloud Documentation
Use Cloud Monitoring for ingestion insights | Google Security Operations | Google Cloud Documentation
However from what I’ve seen previously, it seems to mention individual “hosts” specifically. If I wanted to monitor and alert on a specific log type (e.g. ZSCALER_WEBPROXY) going silent, does this fall under similar circumstance? And to that point, is there any way currently to alert (either through scheduled UDM search or YARA-L detection) for this activity?
It’s a complicated situation where we do not actually have access to Cloud Monitoring so if there is a way to do this via SecOps that would be really helpful.
Question
Silent Log Source Alerting
+1Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.