Security Forums

Defender for Endpoint Containers

Hello,Setting up a feed integration for Defender for Endpoint following the google docs page found here. When we get to the Azure URI (https://somethingstorage.blob.core.windows.net) can we setup a wildcard here or do we need to create a feed for eac

2 hours ago

jrrutlandNew Member

Increased false positive rates being observed

Hey y’all!As of yesterday, I have been seeing a incredibly high false positive rate (blocking 100% of legitimate users in my testing). Specifically, this is impacting my iOS Web Views, which have a custom user agent string. This is not impacting my A

5 hours ago

komajaroNew Member

Data table event enrichment (inner vs left vs outer)

Hello,Is there a way to influcence the type of join operation when using data tables ?Previously, when working with splunk there was an option to pick one of 3 choices: inner, outer or left.When working with data tables in secops I see that it behave

151

10 hours ago

BernaldoBronze 1

Alert no ingestion from feeds

Hi,I’m triying to create an alert that indicates when there’s a lack of logs from a feed source. Basically my idea was:rule DEV_FEED_LACK_OF_DATA { meta: author = description = severity = "Critical" events: $e.metadata.log_type = "Off

263

13 hours ago

pranay_makNew Member

Delay in Entity Visibility

I created a entity parser and ingested entities. The Ingested logs appear immediately in Raw Log Search, but the corresponding entities only become visible in UDM Search and Native Dashboards after almost a full day. I ensured that timestamp fie

15 hours ago

DaisukeBPMNew Member

reCAPTCHA Classic still showing "Migrate keys" after successful migration to GCP

Hi,I have successfully migrated my reCAPTCHA keys to Google Cloud Platform, but the reCAPTCHA Classic console still displays the "Migrate keys" message. I would like to confirm whether any additional action is needed on my end.Current situation:- GCP

190

23 hours ago

_K_OBronze 5

Has Anyone Migrated from Forwarders to Bindplane?

Hi All, With the Google SecOps Forwarder being deprecated next year (https://docs.bindplane.com/how-to-guides/google-secops/migrating-from-the-deprecated-google-chronicle-forwarder) has anyone here started / completed the migration? My team and I ar

100

chronicleDDsrBronze 3

events exclusions in detection rule

Hi team,We are working on a session hijacking case on slack log source and focusing on series of event where $ip is more than or equal to 2 which seems to be working with current rule we haveWe are looking for a starting point to filter out events of

141

Cloud Security Foundation

StewartNew Member

Best Cloud Security Tools for Auditors in 2026?

Curious what auditors and GRC teams are actually using in 2026 to assess cloud environments, especially GCP-heavy ones.Most “cloud security tools” are built for SecOps. From an audit perspective, the needs are different: Read-only access and short en

EP0New Member

Test Rule not matching UDM Search results

452

1 hour ago

marcus_aureliusBronze 1

Defender for Endpoint Containers

2 hours ago

jrrutlandNew Member

Increased false positive rates being observed

5 hours ago

komajaroNew Member

Data table event enrichment (inner vs left vs outer)

151

10 hours ago

pranay_makNew Member

Delay in Entity Visibility

15 hours ago

DaisukeBPMNew Member

reCAPTCHA Classic still showing "Migrate keys" after successful migration to GCP

190

23 hours ago

chronicleDDsrBronze 3

events exclusions in detection rule

141

nelsos.torresNew Member

Best Practice: BindPlane Agent Integration for Linux Servers - Optimal LogType Selection

I need guidance on the optimal integration approach for ingesting Linux server logs into Google SecOps/Chronicle using the BindPlane agent.Specific Questions:1. Recommended LogType for Linux Systems - What is the most appropriate log_type for gener

291

Cloud Security Foundation

begerNew Member

!urgent help, My Project (id: bionic-xxxx) is being suspended for repeatedly violating our Google Cloud Platform Terms of Service

in my project show this message “My Project (id: bionic-xxxx) is being suspended for repeatedly violating our Google Cloud Platform Terms of Service or Acceptable Use Policy (including Terms of Service of the Google API you may be using). “ and I can

ORBRSilver 1