After a January reset, we are back in a new location with more New to Chronicle goodness. Today, we are looking at how alerts and detections can be viewed in relation to its associated entities within the Alert Graph. The alert graph allows investigators to pivot across multiple alerts and entities to establish that larger picture while easily gathering context and drilling into entities to find additional supporting information. Check this out and much more at the Google Cloud hashtag#secops community website! https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Chronicle-Alert-Graph-Part-1/ba-p/707582
John Stoner
- 109 Followers
- 123 Following
- 32 Posts
Chauffeur for three hockey players | Reader of History and Non-Fiction | Principal Security Strategist @ Google Cloud
Today I'm going to wrap up our last New to Chronicle blog of the year and share the work we've been doing on getting community rules underway and looking ahead to next year! #secops https://chronicle.security/blog/posts/new-to-chronicle-community-rules/
In this installment of the google Cloud New to Chronicle blog series, we take a look at saving, re-using, sharing and template-izing those well crafted searches for others in your organization to benefit from! #secops
https://chronicle.security/blog/posts/new-to-chronicle-saved-searches/
And now for the dramatic conclusion to our building our dashboard arc in the New to Chronicle series, here are tips on formatting and filtering to pass parameters into the dashboard. Then we cover how you can share your dashboards with your friends and neighbors! https://chronicle.security/blog/posts/new-to-chronicle-formatting-filtering-and-sharing-dashboards/ #secops #siem
This is a bit delayed, but here is my talk from @sansforensics in Austin on logging and visibility around a Golden SAML attack and subsequent cloud activity in both Azure AD and O365. Big thanks to @heathermahalik, @PhilHagen and the team at SANS for giving me an opportunity to present! https://www.youtube.com/watch?v=VpgiwpySNuA
I Want The Log I Can’t Have
In our latest New to Chronicle blog, we continue to explore building dashboards in Chronicle. This time we add customization to create custom fields, aggregations and calculations! https://chronicle.security/blog/posts/new-to-chronicle-building-dashboards-using-custom-fields/
Building dashboards in Google Chronicle and you are looking for a time chart? We’ve got you covered. Here’s my latest including an intro of the pivot function! https://chronicle.security/blog/posts/new-to-chronicle-dashboarding-using-pivot-to-create-a-time-chart/
In case you missed it, here’s my latest New to Chronicle highlights building a tabular tile in your Chronicle dashboards. If you haven't tried it yet, you really should! https://chronicle.security/blog/posts/new-to-chronicle-dashboarding-tabular-summary-of-detections/
I know you want to hear about @googlecloud goodness like Duet AI for @chroniclesec and @Mandiant this week but I’ve posted my latest New to Chronicle blog in case you are getting started building dashboard tiles! https://chronicle.security/blog/posts/new-to-chronicle-building-our-first-dashboard-tile/
Thanks to the fine folks at @Antisy_Training and @eanmeyer for MC-ing track two for Blue Team Summit. I hope everyone enjoyed it as much as I did and thanks for letting me come and speak!