This repository contains helper functions and detection rules that could be helpful to customers of Chronicle.
folder | description |
---|---|
detection_rules/ |
YARA-L detection rules which can be used directly in the Chronicle Rules Editor |
helper_functions/ |
Helper functions to collect logs from systems where no native capability to stream to the SIEM or storage bucket exists |
Rules can be created from the Chronicle dashboard by using the Rules Editor. You can copy/paste rules directly into new rules. Some rules may require modifications.
Creating high quality detection rules is hard enough as it is; why not contribute and benefit from rules sourced by the community?
Contributions to helper functions (e.g., pulling data from a system where a native capability does not already exist) and detection rules would be appreciated!