Chris Martin (@thatsiemguy)Data RBAC in Chronicle SIEMIn this post I explore Role Based Access Control (RBAC) functionality available within Chronicle SIEM, part of the Google SecOps platform…12h ago12h ago
Chris Martin (@thatsiemguy)Windows Event Log collection with the new SecOps Collection AgentIn this post I explore using the Google SecOps Collection Agent (also known as the BindPlane OTEL Agent) to collect Windows Event Logs.Jul 4Jul 4
Chris Martin (@thatsiemguy)MISP, BindPlane, and Google SecOpsExploring the default MISP IOC integration for Google SecOps using PyMISP and ObservIQ BindPlane.Jun 29Jun 29
Chris Martin (@thatsiemguy)Aggregate Queries in UDM SearchGoogle SecOps has introduced UDM Stats, a powerful new feature in preview that brings aggregate queries to UDM Search using YL2.Jun 16Jun 16
Chris Martin (@thatsiemguy)Native Google Authentication in Google Cloud SecOpsIn this post I explore the exciting upcoming new feature in Google Cloud SecOps: native Google Cloud Identity authentication.Jun 101Jun 101
Chris Martin (@thatsiemguy)observIQ BindPlane, the OTEL Agent, and Google SecOpsLearn about the Bindplane OP and OpenTelemetry (OTel) Agent available now for users of Google SecOps.May 211May 211
Chris Martin (@thatsiemguy)Mandiant Fusion available in Google SecOps E+Example of using Mandiant Fusion IOC data with Google SecOps YARA-L rules in Detection Engine.May 14May 14
Chris Martin (@thatsiemguy)Automagic JSON ParsingGoogle SecOps is releasing a detection and response changing feature for Chronicle SIEM users: Autonomous Parsers, aka Extracted Fields…May 7May 7
Chris Martin (@thatsiemguy)Indexed fields in UDM SearchHow to use indexed fields in UDM Search to return results quickerApr 13Apr 13
Chris Martin (@thatsiemguy)Expiring IOCs in Entity GraphHow to expire Indicators of Compromise (IOCs) within Chronicle SIEM’s Entity GraphMar 20Mar 20