After a January reset, we are back in a new location with more New to Chronicle goodness. Today, we are looking at how alerts and detections can be viewed in relation to its associated entities within the Alert Graph. The alert graph allows investigators to pivot across multiple alerts and entities to establish that larger picture while easily gathering context and drilling into entities to find additional supporting information. Check this out and much more at the Google Cloud hashtag#secops community website! https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Chronicle-Alert-Graph-Part-1/ba-p/707582

Today I'm going to wrap up our last New to Chronicle blog of the year and share the work we've been doing on getting community rules underway and looking ahead to next year! #secops https://chronicle.security/blog/posts/new-to-chronicle-community-rules/

In this installment of the google Cloud New to Chronicle blog series, we take a look at saving, re-using, sharing and template-izing those well crafted searches for others in your organization to benefit from! #secops

https://chronicle.security/blog/posts/new-to-chronicle-saved-searches/

And now for the dramatic conclusion to our building our dashboard arc in the New to Chronicle series, here are tips on formatting and filtering to pass parameters into the dashboard. Then we cover how you can share your dashboards with your friends and neighbors! https://chronicle.security/blog/posts/new-to-chronicle-formatting-filtering-and-sharing-dashboards/ #secops #siem

This is a bit delayed, but here is my talk from @sansforensics in Austin on logging and visibility around a Golden SAML attack and subsequent cloud activity in both Azure AD and O365. Big thanks to @heathermahalik, @PhilHagen and the team at SANS for giving me an opportunity to present! https://www.youtube.com/watch?v=VpgiwpySNuA

In our latest New to Chronicle blog, we continue to explore building dashboards in Chronicle. This time we add customization to create custom fields, aggregations and calculations! https://chronicle.security/blog/posts/new-to-chronicle-building-dashboards-using-custom-fields/

Building dashboards in Google Chronicle and you are looking for a time chart? We’ve got you covered. Here’s my latest including an intro of the pivot function! https://chronicle.security/blog/posts/new-to-chronicle-dashboarding-using-pivot-to-create-a-time-chart/

In case you missed it, here’s my latest New to Chronicle highlights building a tabular tile in your Chronicle dashboards. If you haven't tried it yet, you really should! https://chronicle.security/blog/posts/new-to-chronicle-dashboarding-tabular-summary-of-detections/

I know you want to hear about @googlecloud goodness like Duet AI for @chroniclesec and @Mandiant this week but I’ve posted my latest New to Chronicle blog in case you are getting started building dashboard tiles! https://chronicle.security/blog/posts/new-to-chronicle-building-our-first-dashboard-tile/

Thanks to the fine folks at @Antisy_Training and @eanmeyer for MC-ing track two for Blue Team Summit. I hope everyone enjoyed it as much as I did and thanks for letting me come and speak!

In our latest New to Chronicle we cover building rules to detect tor exit nodes and remote access tools with data sets that we provide in Chronicle! Learn how to build rules to take advantage of these feeds! @GoogleCloudTech https://chronicle.security/blog/posts/new-to-chronicle-detecting-tor-exit-nodes-and-remote-access-tools/

Our team at Chronicle partnered with Okta to collaborate and develop a set of YARA-L rules that Okta users can apply to their Chronicle instance. Check out our blog which contains links to rules, their blog and more! https://chronicle.security/blog/posts/better-together-detecting-suspicious-okta-events-with-chronicle-detections/

We're back with part two of our New To Chronicle mailbag for July. Check it out for tips that will help your rule writing in YARA-L! #secops #detectionengineering https://chronicle.security/blog/posts/new-to-chronicle-user-mailbag-part-2/

Looking forward to presenting at SANS DFIR in August. I promise I won’t present in hat and sunglasses! #dfir #SANSDFIR

I've been writing the New to Chronicle blog series for nearly a year now and realized that we've never posted user questions, so this month will be user mail bag posts (two parts) that I hope you all find helpful! https://chronicle.security/blog/posts/new-to-chronicle-user-mailbag-part-1/ #siem #secops #chronicle

I mentioned it before but tracking entities within your environment is not computationally trivial. Every ip, file hash and domain for prevalence is nothing to sneeze at. Now add first and last seen and add in your assets and users. Chronicle can handle these data loads easily and make this available for you to build detections with. Here's my latest. #secops https://chronicle.security/blog/posts/new-to-chronicle-first-and-last-seen/

More goodness from Chronicle with the addition of Grouped Fields. Check out how Google Cloud has added the capability to search quickly and easily through UDM for IP addresses, domains, hashes and much much more! #secops
https://chronicle.security/blog/posts/new-to-chronicle-grouped-fields/

Before heading out for the weekend, take a few minutes and check out part 2 on the new pivot capability that #chronicle has added! #googlecloud https://chronicle.security/blog/posts/new-to-chronicle-pivoting-in-udm-search-part-2-of-2/

Just in time for the weekend we have a new New to Chronicle post (new New?) around a new capability built into our UDM search called Pivot. No this has nothing to do with a sofa and a stairwell for those who used to watch Friends. This is part one of two but really good stuff being added to Google Chronicle to help analysts work with their data! #googlecloud #chronicle #secops #threathunting https://chronicle.security/blog/posts/new-to-chronicle-pivoting-in-udm-search-part-1-of-2/

Wouldn't it be interesting to understand the prevalence of a domain, a file hash or an ip address within your environment? Take a look at my latest in our New to Chronicle series on how we gather this data and how it can be used to build rules to identify low prevalence entities that could be pivots into additional hunting or investigation! Google Cloud #secops #threathunting

https://chronicle.security/blog/posts/new-to-chronicle-adding-prevalence-to-your-analysis/