Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Google

Chronicle Technical Training

Google via Google Cloud Skills Boost

Overview

Learn the technical aspects you need to know about Chronicle and how it can help you detect and action threats.

Syllabus

  • Foundations of Chronicle
    • Overview: What is Chronicle, and why is it useful?
    • Overview: Chronicle demo
    • Overview: Chronicle website
    • Overview: Chronicle help documentation
    • User Interface: Structured query search
    • User Interface: Raw log scan
    • User Interface: Chronicle Views (incl. IP view, Domain view, Hash view, Asset view)
    • User Interface: Enterprise Insights
    • User Interface: Dashboard Views
    • User Interface: Rules Views, Rule Dashboard, Managed Analystics,. Rule Editor
    • Other Fundamental Chronicle Concepts: UDM Overview
    • Other Fundamental Chronicle Concetps: UDM Help Center Documentations
  • Collecting and Parsing Data
    • Getting Data: List of Supported data / log sources
    • Getting Data: Methods of ingestion data into Chronicle
    • Getting Data: How to guide for ingesting AWS Logs into Chronicle
    • Getting Data: Feed Management API
    • Getting Data: How to guide for troubleshooting Forwarder issues / monitoring Forwarder health
    • Getting Data: When to use the Ingest API vs. the Feed Management UI or Forwarder
    • Getting Data: How-to guide: Overview Ingest API with example configuration
    • Getting Data: Help Center on Ingestion API
    • Parsing data: Overview of writing parsers
    • Parsing data: Parser API overview
    • Parsing Data: Supported Default Parsers
    • Parsing data: When to use default parsers
    • Parsing Data: How-to: JSON parser example guide
    • Parsing Data: How-to: KeyValue example guide
    • Parsing data: How-to: GROK example guide
  • Access
    • Authentication: How to configure IdPs, using GCP as an example
    • Authentication: How to guide for configuring Okta IdP
    • Authenication: How to guide for configuring Azure IdP
    • Authenication: How to guide for configuring Cloud Identity IdP
    • Authorization: Role Based Access Control overview
    • Authorization: Help Center: Role-Based Access Control (RBAC)
    • Authorization:Help Center: Roles and permissions
  • Building Rules to Find Threats
    • Rules overview
    • Help Center: Rules dashboard
    • Rules Engine overview
    • Help Center: Rules editor
    • Demo: Building a YARA-L Rule
    • YARA-L 2.0 language syntax
    • How to write a rule for a single / multi-event
    • How to write a rule for EntityGraph
    • How to Deploy a rule using the Detection API
    • Detection API overview
    • Rule Detections View (Finding detections of rule in the rule detection view UI)
    • Troubleshooting Rules: Community Help Forum
  • Investigating Threats
    • Ways to investigate a threat
    • Demoing the Chronicle search UI
    • Looker Help Center
    • Chronicle Search API
    • Accessing the Chronicle Data Lake
    • Chronicle Data Lake structure - reference (incl. Dataset & Tables, Schema, Retention)
    • What is BigQuery and how can you use it to hunt for and report threats?
    • Excercise Files
    • Reference: SQL functions
    • Reference: Understanding repeated fields/ Joining Data & Enums
  • Responding to Threats
    • How to respond to threats, best practices, recommendation to use a SOAR for systematic responses
    • How-to guide for Siemplify integration
    • Siemplify documentation (e.g. APIs)
  • Quiz
    • Chronicle Technical Training Quiz
  • Your Next Steps
    • Course Badge

Reviews

Start your review of Chronicle Technical Training

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.