Chronicle SIEM/SOAR integration - Githubissues

GoogleCloudPlatform / pbmm-on-gcp-onboarding

GCP Canadian Public Sector Landing Zone overlay on top of the TEF via CFT modules - a secure cloud foundation

https://cloud.google.com/architecture/security-foundations

Apache License 2.0

45 stars 56 forks source link

Chronicle SIEM/SOAR integration #346

Closed obriensystems closed 5 months ago

obriensystems commented 7 months ago

see https://demo.backstory.chronicle.security/?warstory= and lab https://www.cloudskillsboost.google/focuses/60131?catalog_rank=%7B%22rank%22%3A1%2C%22num_filters%22%3A1%2C%22has_search%22%3Atrue%7D&parent=catalog&search_id=29981789

Siem vs Soar

Screenshot 2024-03-01 at 11 29 26

https://gemini.google.com/app/a478330f67604fe7

Feature | SIEM | SOAR | -- | -- | -- | -- Focus | Data collection, analysis, alerting | Incident response, automation, orchestration | Scope | Broad threat detection, compliance | Targeted remediation, reducing analyst workload | Actions | Generates alerts for investigation | Executes actions based on predefined playbooks | Approach | Rules-based, correlation | Workflow-driven, process automation |

fmichaelobrien commented 5 months ago

20240406: Closing issue during retrofit/rebase of this TEF V1 based/modified repo to TEF V4 standards This issue may participate in the LZ refactor after rebase Query on all issues related to the older V1 version via the tag https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/labels/2024-pre-tef-v4

obriensystems commented 5 months ago

20240406: Closing issue during retrofit/rebase of this TEF V1 based/modified repo to TEF V4 standards This issue may participate in the LZ refactor after rebase Query on all issues related to the older V1 version via the tag https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/labels/2024-pre-tef-v4