Hi All,
We are utilizing Webhooks to ingest alerts from various sources into SIEM and it's working fine.
Can we also utilize it to ingest raw logs in json format into SIEM. w.r.t alerts, there will be only 20-30 events per day but in case of raw logs, the volume is high. Is it recommended to use webhooks for the same?
Webhooks should scale just fine for high volume log sources. It'll max out at 900k requests per minute with a max of 4mb per request. Your current utilization should be visible from the Chronicle API management quota page in your cloud console as 'Feed Import Push Logs requests per minute' https://console.cloud.google.com/apis/api/chronicle.googleapis.com/quotas
The Webhooks can work for almost all logtypes, but depending on where your logs are now and what options are available on the log source it may be easier to ingest via one of the other ingest methods https://cloud.google.com/chronicle/docs/secops/secops-ingestion
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.