Chronicle SIEM Fundamentals (CSIEMF)

Explore the essentials of Chronicle, a powerful Security Information and Event Management (SIEM) solution offered as a cloud service on the robust Google infrastructure. The Chronicle Fundamentals course provides an in-depth overview of the key functionalities, data analysis capabilities, and security aspects of Chronicle SIEM.

• Chronicle Access – Role-Based Access Control (RBAC) in Chronicle. Why Audit logging is important and how to implement it in your Chronicle instance.
• Learn about Raw Log Search and UDM Search, how to use Search for investigation.
• Chronicle Data On Boarding: forwarders, feed management, ingestion API, and direct ingestion.
• Introduction to Chronicle Parsers – What is a parser, versioning, and parser extension.
• Walkthrough of Chronicle Curated Detection rules.
• Navigating Alerts using the Alert Graph: Entity data, releted alerts, alert context.
• Learn about Entity data – Data enrichment in Chronicle, Entity types (Users & Assets), Resources, Geo IP Enrichment.
• Advanced Search Capabilities: Reference Lists, Group Fields, Pivot, Search for Alerts.
• Parsing data in Chronicle – What are parsers and how can we manage them: Parser update, versioning, parser extensions.
• Building rules for Chronicle: YARA-L 2.0 syntax, Rules UI, Single event rules, Multi-event rules, using entity data in rules, Outcomes, Functions & Lists, best practice.
• Building dashboards in Chronicle.