This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.
In this lab participants learn how to configure Single event rules, Multi event rules.
Course modules:
- Login into Chronicle SIEM cloud
- Navigating UI
- Understanding Rules
- Configuring Yara-L rules
- Customize Yara-L rules
- Analyzing alerts
- Using search UI
- Configure Severity of alerts
- Assign alerts to Security Analysts
- Duplicate rules and customize
- Combining UDM and RegEx from a Single Event
- leverages UDM and its fields to create rules
- Real time detection of rule & historical rules
- Configure Multi event rule to detect password spray
- Adding entity data to rules
- Adding entity context to existing rules
- Configuring outcomes
- Configuring Graphs
Reviews
There are no reviews yet.