Hi Community!
If you're writing detection rules or threat hunting in Google SecOps, you're already using Yara-L. But what if you could take any of those queries and, in one step, turn them into a live, visual, sharable dashboard?
In this new video, Greg Kushmerek from the Google team demos exactly that.
This isn't just about pretty charts. It's about a fundamental shift from text-based alerts to visual pattern analysis—all using the same language. See a real-world example of how to track subtle DLP events over time, rather than getting buried in thousands of low-level alerts.
This demo covers:
- The Power of One Language: Using Yara-L for rules, search, AND dashboards.
- Real-World Use Case: Tracking user PII/PCI uploads to spot high-risk users.
- Actionable Insights: Pivoting from a dashboard widget straight into an investigation.
- Collaboration: Sharing your custom-built dashboards with your team.
For all the analysts and threat hunters here: What's the first Yara-L query you would turn into a dashboard?