New to Google SecOps: What Difference Does It Make?
Learn how to apply the function timestamp.diff to calculate the difference in specific time units within your datasets and how it differs from calculating differences using mathematical operations!
Blog Articles
Guide to using Ingestion Scripts with Google Security Operations
Streamline your log ingestion with Google Security Operations! Leverage our pre-built Cloud Run functions and simplify security data collection. Learn how in this guide.
New to Google SecOps: Time After Time
Learn how to use the timestamp.truncate function to easily aggregate or bucket today in your searches and rules for investigating and hunting!
Google Security Operations, Q3, 2024 Feature Roundup
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
New to Google SecOps: Domain and Hostname Extraction is NOT Like Pulling Teeth
Learn how string functions like strings.extract_hostname and strings.extract_domain and be used to easily grab portions of strings and use them in searches and rules in Google SecOps to streamline your hunts, detections and investigations!
Monitoring for Unexpected Rule Changes in Google Security Operations (2 of 2)
Learn how to detect unexpected changes to your rules in Google SecOps before they can impact your defenses.
New to Google SecOps: Time, Time, Time, See What’s Become of Me…
Learn how two time functions get_timestamp and as_unix_seconds can be used to more easily work with data/time values in Google SecOps as you hunt, investigate and build detections!
Monitoring for Unexpected Rule Changes in Google Security Operations (1 of 2)
Learn how to detect unexpected changes to your rules in Google SecOps before they can impact your defenses
Practical Techniques for Monitoring Your Security Data Pipeline (2 of 2)
Learn how to proactively monitor your security data pipeline with Google SecOps and ensure your team isn't blindsided by missing logs or malicious activity going unnoticed.
Practical Techniques for Monitoring Your Security Data Pipeline (1 of 2)
Learn how to proactively monitor your security data pipeline with Google SecOps and ensure your team isn't blindsided by missing logs or malicious activity going unnoticed.
New to Google SecOps: What's in a String?
In our latest New to Google SecOps blog, we are going to introduce three string functions that can be used to easily find and extract values within a string for use in threat hunting and detection engineering!
New to Google SecOps: Turning Strings into Integers for Statistical Analysis
In our latest New to Google SecOps blog, we are going to introduce two string functions that can be used to convert string values to integers which will then be used in statistical analysis.
Detecting Impossible Travel, with Google SecOps: Part 2
Explore creating a Playbook in Google SecOps to summarize Impossible Travel detections.
New to Google SecOps: New Statistical Functions in Search and Rules For Your Toolbox
Learn how new functions in Google SecOps can be used to calculate mean, median, mode, standard deviation and variance in rules and search
Detecting Impossible Travel, with Google SecOps: Part 1
Explore creating a YARA- L rule in Google SecOps to detect Impossible Travel.
Google Security Operations, Q2, 2024 Feature Roundup
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
Bulk closing alerts with Python and the Google Security Operations API
This article explains how to bulk close alerts with the Google Security Operations API. It provides step-by-step instructions and Python client code for closing a list of alerts triggered by a given detection rule.
New to Google SecOps: Integrating Entra ID and Office 365 Using Feed Management (Part 3)
We conclude this mini-series with the integration of the Entra ID application with Google Security Operations using the Feed Management capability and cover tips for setup, troubleshooting and optional settings for additional context.
New to Google SecOps: Integrating Entra ID and Office 365 Using Feed Management (Part 2)
Picking up where we left off last time, we look at the permissions required in an Entra ID app that are required to monitor these log sources in Google SecOps and how to configure the application.
New to Google SecOps: Integrating Entra ID and Office 365 Using Feed Management (Part 1)
Google SecOps provides organizations the ability to monitor on-premise and cloud solutions, including Microsoft Entra ID and Office 365 to gain greater visibility to threats. This post introduces the concepts of feeds as well as the components of a Microsoft Entra ID app that are required to set up monitoring of this data.
Events, and Lists, and Rules, oh my!
New Google SecOps instance with no data? Use the APIs to create your first Reference List, Detection Rule, and a USER_LOGIN UDM Event that triggers the Rule.
Monitoring for Suspicious GitHub Activity with Google Security Operations (Part 2)
In part two of this blog series, David French walks through an example of operationalizing threat intelligence to create an actionable detection for GitHub Enterprise. He also explains the concept of tuning detections to improve their precision and demonstrates how to do this in Google SecOps.
Monitoring for Suspicious GitHub Activity with Google Security Operations (Part 1)
For many organizations, GitHub houses critical intellectual property and is a prime target for attackers seeking to steal valuable source code, disrupt software development operations, or carry out supply chain attacks. In this blog series, David French demonstrates how to monitor your GitHub Enterprise environment for suspicious activity with Google SecOps.
New to Google SecOps: Getting More From Statistical Searches
Building on our previous post, take statistical search a step further in Google SecOps with additional aggregation functions, mathematical operators and if/then/else statements!
New to Google SecOps: Introducing Statistical Search
Learn how Google SecOps adds new capabilities to generate statistical searches that can help power investigations and hunts!
Google Security Operations Q1, 2024 Feature Roundup
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
Supercharge Your Security Visibility with Chrome Enterprise and Google SecOps - Part 3
In this blog, we will continue to extend our visibility. We will discover how we're developing custom integrations within Google SecOps platform for CRXcavator and Spin.AI to assess browser extensions.
New to Google SecOps: Formatting, Filtering and Sharing Dashboards
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on November 9th, 2023 and is focused on the Google SecOps integration with Looker for dashboarding. This blog summarized the previous steps around building dashboards and adds additional customizations and sharing to the dashboard we built throughout this mini-series.
Google Security Operations Q3, 2023 Feature Roundup
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
New to Google SecOps: Building Dashboards Using Custom Fields
The “New to Chronicle” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on October 11th, 2023 and is focused on the Google SecOps integration with Looker for dashboarding. This blog add the ability to create custom fields.
