CINXE.COM
Security Practices with Google Security Operations - SIEM | Google Cloud Skills Boost
<!DOCTYPE html> <html lang='en'> <head> <title>Security Practices with Google Security Operations - SIEM | Google Cloud Skills Boost</title> <meta name="action-cable-url" content="/cable" /> <script> //<![CDATA[ window.gon={};gon.deployment="google-run"; //]]> </script> <script> window.dataLayer = window.dataLayer || []; const properties = JSON.parse(atob('eyJsb2NhbGUiOiJlbiIsInVzZXJfcm9sZXMiOiJzdHVkZW50IiwiZmVhdHVyZV9zdXBwb3J0X2NhbGxvdXRzIjp0cnVlLCJmZWF0dXJlX2l3X2FpX2Fzc2lzdGFudCI6dHJ1ZSwiZmVhdHVyZV9mcm9udF9kb29yX2xhbmRpbmdfcGFnZSI6dHJ1ZSwiZmVhdHVyZV9yZXJvdXRlX25ld19pbnRlcnZpZXdfd2FybXVwIjp0cnVlLCJmZWF0dXJlX3Byb2dyYW1fYW5ub3VuY2VtZW50cyI6dHJ1ZSwiZmVhdHVyZV9nY3Nib19mcmVlIjp0cnVlLCJmZWF0dXJlX3BlcnNvbmFsaXplZF9xdWVzdHMiOmZhbHNlLCJmZWF0dXJlX2FsZXhhbmRyaWFfc3Vic2NyaXB0aW9uc19wYWdpbmF0aW9uIjp0cnVlLCJmZWF0dXJlX2Jhcmtlcl9wYXVzZSI6ZmFsc2UsImZlYXR1cmVfZW50aXR5X2FwaV9rZXlzIjp0cnVlLCJmZWF0dXJlX2hpZGVfcHJpY2UiOnRydWUsImZlYXR1cmVfaW5ub3ZhdG9yX21lbWJlcnNoaXAiOnRydWUsImZlYXR1cmVfc2VhcmNoX2F1dG9jb21wbGV0ZSI6dHJ1ZSwiZmVhdHVyZV9haV9za2lsbHMiOnRydWUsImZlYXR1cmVfaW5ub3ZhdG9yX3NpZ25faW4iOmZhbHNlLCJmZWF0dXJlX3NlYXJjaF9hc3luYyI6dHJ1ZSwiZmVhdHVyZV9hbGV4YW5kcmlhX3Nob3dfYnVuZGxlX2Vycm9ycyI6dHJ1ZSwiZmVhdHVyZV9jYXRhbG9nX2ZpbHRlcnNfYnV0dG9uIjp0cnVlLCJmZWF0dXJlX25ld19jYXJkcyI6dHJ1ZSwiZmVhdHVyZV9zaG93X2FubnVhbF9wdXJjaGFzZV9ub3ciOnRydWUsImZlYXR1cmVfY2hhdF9vZmZfZm9yX3NpZ25lZF9vdXRfdXNlcnMiOnRydWUsImZlYXR1cmVfY291cnNlX21vbmV0aXphdGlvbiI6dHJ1ZSwiZmVhdHVyZV9sYW5kaW5nX3BhZ2UiOnRydWUsImZlYXR1cmVfaW5ub3ZhdG9yX21lbWJlcnNoaXBfbW9kYWwiOnRydWUsImZlYXR1cmVfbGVhcm5pbmdfcGxhbl9zZWFyY2giOnRydWUsImZlYXR1cmVfbW9uc29vbl9xdW90YV92MiI6dHJ1ZSwiZmVhdHVyZV9kZWR1cF9iYWRnZSI6dHJ1ZSwiZmVhdHVyZV9yaXNlX3BvYyI6dHJ1ZSwiZmVhdHVyZV9jb3Vyc2VfYnVpbGRlciI6ZmFsc2UsImZlYXR1cmVfc2VhcmNoX3VwZGF0ZXMiOnRydWUsImZlYXR1cmVfYWdyZXNzaXZlX21vbnNvb25fcXVvdGEiOnRydWUsImZlYXR1cmVfbGVhcm5lcl9wcm9maWxlX3V4IjpmYWxzZSwiZmVhdHVyZV90ZWxsX25hdnlfYWxsb3dlZF96b25lcyI6dHJ1ZSwiZmVhdHVyZV9jYW5vbmljYWxfZG9tYWluX3JlZGlyZWN0Ijp0cnVlLCJmZWF0dXJlX2ZlZWRiYWNrIjp0cnVlLCJmZWF0dXJlX2d1ZXN0X3VzZXIiOnRydWUsImZlYXR1cmVfc2VhcmNoX3NvcnRfYnkiOnRydWUsImZlYXR1cmVfb2F1dGhfcmlzY19zaHV0b2ZmIjp0cnVlLCJmZWF0dXJlX3RlYW1zIjp0cnVlLCJmZWF0dXJlX3BlcmZfdGVzdCI6ZmFsc2UsImZlYXR1cmVfcGVlcl9hc3NpZ25tZW50IjpmYWxzZSwiZmVhdHVyZV9vbmVfdGFwIjp0cnVlLCJmZWF0dXJlX3VzZWRfaW4iOnRydWUsImZlYXR1cmVfY3JlZGx5X2ludGVncmF0aW9uX2Fubm91bmNlbWVudF9tb2RhbCI6dHJ1ZSwiZmVhdHVyZV9hdXRvX2NvdXJzZV91cGdyYWRlIjpmYWxzZSwiZmVhdHVyZV9tb25zb29uX3F1b3RhIjp0cnVlLCJmZWF0dXJlX29ucmFtcCI6dHJ1ZSwiZmVhdHVyZV9jYWNoZV9leHBsb3JlX3BhZ2VfcmVzdWx0Ijp0cnVlLCJmZWF0dXJlX2NvbnRlbnRfcHJvdmlkZXJfYWRtaW4iOnRydWUsImZlYXR1cmVfbG9nX2Nvb2tpZXMiOmZhbHNlLCJmZWF0dXJlX3R1cmJvIjpmYWxzZSwiZmVhdHVyZV9zaG93X2ludGVydmlld193YXJtdXAiOnRydWUsImZlYXR1cmVfaGlkZV91bnBvcHVsYXJfZmlsdGVycyI6dHJ1ZSwiZmVhdHVyZV9jcmVkbHkiOnRydWUsImZlYXR1cmVfaWx0X2NvbnRlbnRfcHJvZ3JhbSI6ZmFsc2UsImZlYXR1cmVfYWJfY29udGVudF9nY3Atb25kZW1hbmQtY29udGVudC9ULUdPT0dBVi1CfHByb2plY3Qtc2Vla2hvLXB1YmxpYy1jYXRhbG9nfDEuMHwxLjEiOmZhbHNlLCJmZWF0dXJlX2NvbW11bml0eV9mb3J1bSI6ZmFsc2UsImZlYXR1cmVfZGV2ZWxvcGVyX3ByZW1pdW0iOnRydWUsImZlYXR1cmVfaGVhZGVyX3NlYXJjaF9iYXIiOnRydWUsImZlYXR1cmVfc3dpdGNoX3BhdGhfYW5kX2V4cGxvcmVfaGVhZGVycyI6dHJ1ZSwiZmVhdHVyZV9uZXdfcmVwb3J0X2ZpZWxkcyI6dHJ1ZSwiZmVhdHVyZV9zZWFyY2hfc3VnZ2VzdGlvbnMiOnRydWUsImZlYXR1cmVfY3JlZGx5X21hbmFnZW1lbnQiOmZhbHNlLCJncm91cF9zdWFkbWlucyI6ZmFsc2UsImdyb3VwX25vbl9zdWFkbWlucyI6dHJ1ZSwiZ3JvdXBfYWRtaW5zIjpmYWxzZSwiZ3JvdXBfdHJhaW5lcnMiOmZhbHNlLCJncm91cF9jb29yZGluYXRvcnMiOmZhbHNlLCJncm91cF9jcmVhdG9ycyI6ZmFsc2UsImdyb3VwX3N0dWRlbnRzIjp0cnVlLCJncm91cF9ub25fb3JnYW5pemF0aW9uIjp0cnVlLCJncm91cF9vcmdhbml6YXRpb25fbWVtYmVycyI6ZmFsc2UsImdyb3VwX25vbl9wcm9ncmFtIjp0cnVlLCJncm91cF9nb29nbGVycyI6ZmFsc2V9')); properties.event = 'user_properties'; dataLayer.push(properties); </script> <script> window.dataLayer = window.dataLayer || []; function gtag() { if (arguments[0] === 'event') { dataLayer.push({ event: arguments[1], eventParams: arguments[2] }, { eventParams: undefined }); } else { dataLayer.push(arguments); } } let gtmLoaded = false; function glueCookieNotificationBarLoaded() { if (!gtmLoaded) { (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer',"GTM-MBRHNDG7"); gtmLoaded = true; } } document.addEventListener('turbo:load', () => { dataLayer.push({ event: 'page_view' }); }); </script> <script src="https://cdn.qwiklabs.com/assets/hallofmirrors/polyfills/webcomponents-loader-2e147cb1679d97581f981243bfc2d1c03dc34a58.js"></script> <script src="https://cdn.qwiklabs.com/assets/vendor-5ee6eafe71fd3831091397e1aa344044a8642273.js"></script> <script src="https://cdn.qwiklabs.com/assets/application-b63927e009724d5e97f1947b71c466dab777dace.js"></script> <script src="https://cdn.qwiklabs.com/assets/hallofmirrors/hallofmirrors-b4e8637d49337c7ac1dbce61e0af43e14ac7c629.js"></script> <script src="https://support.google.com/inapp/api.js"></script> <script type='application/ld+json'> {"@context":"https://schema.org/","@id":"https://www.cloudskillsboost.google/course_templates/442","@type":"Course","name":"Security Practices with Google Security Operations - SIEM","description":"\u003cp\u003eLearn the technical aspects you need to know about Chronicle and how it can help you detect and action threats.\u003c/p\u003e","educationalLevel":"Intermediate","image":["https://cdn.qwiklabs.com/6IqIZLDb9wDPHfbCZZntvmIRUU2v7NWJVeax%2B2EdP5Q%3D"],"provider":{"@type":"Organization","name":"Google Cloud","url":"https://cloud.google.com/learn"},"publisher":{"@type":"Organization","name":"Google Cloud Skills Boost","url":"https://cloudskillsboost.google"},"about":["Cloud Monitoring and Logging","Cloud Security","Chronicle"],"teaches":["Understand Technical Concepts for Chronicle","Learn how to use and deploy Chronicle"],"datePublished":"2024-05-07","inLanguage":"en","availableLanguage":["en"],"offers":[{"@type":"Offer","category":"Free"}],"hasCourseInstance":[{"@type":"CourseInstance","courseMode":"Online","courseWorkload":"PT8H"}],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.14","reviewCount":"921"}} </script> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="4JLgNyUWYfsqiJd8XVQNg5fazU/VuGqFD6DWCA7UvPhGDyxoDSolKwIysIHXnrjEkfaA2xi78ffbvX6baEN6Dw==" /> <meta content='width=device-width, initial-scale=1.0, user-scalable=yes' name='viewport'> <meta content='1rRsY0INj8RvwB5EF5pwdxt2A2P9aDgAlsICaJ0d5w0' name='google-site-verification'> <meta content='#3681E4' property='msapplication-TileColor'> <meta content='/favicon-144.png' property='msapplication-TileImage'> <meta content='{"userId":58292265,"experimentIds":["support_callouts","iw_ai_assistant","front_door_landing_page","reroute_new_interview_warmup","program_announcements","gcsbo_free","alexandria_subscriptions_pagination","entity_api_keys","hide_price","innovator_membership","search_autocomplete","ai_skills","search_async","alexandria_show_bundle_errors","catalog_filters_button","new_cards","show_annual_purchase_now","chat_off_for_signed_out_users","course_monetization","landing_page","innovator_membership_modal","learning_plan_search","monsoon_quota_v2","dedup_badge","rise_poc","search_updates","agressive_monsoon_quota","tell_navy_allowed_zones","canonical_domain_redirect","feedback","guest_user","search_sort_by","oauth_risc_shutoff","teams","one_tap","used_in","credly_integration_announcement_modal","monsoon_quota","onramp","cache_explore_page_result","content_provider_admin","show_interview_warmup","hide_unpopular_filters","credly","developer_premium","header_search_bar","switch_path_and_explore_headers","new_report_fields","search_suggestions"]}' name='help-api-product-data'> <meta content='{"groupIds":["non_suadmins","students","non_organization","non_program"]}' name='help-api-custom-data'> <meta content='&lt;p&gt;Learn the technical aspects you need to know about Chronicle and how it can help you detect and action threats.&lt;/p&gt;' name='description'> <meta content='Qwiklabs' name='author'> <meta content='Security Practices with Google Security Operations - SIEM | Google Cloud Skills Boost' property='og:title'> <meta content='website' property='og:type'> <meta content='/favicon-144.png' property='og:image'> <meta content='Qwiklabs' property='og:site_name'> <meta content='&lt;p&gt;Learn the technical aspects you need to know about Chronicle and how it can help you detect and action threats.&lt;/p&gt;' property='og:description'> <meta content='/qwiklabs_logo_900x887.png' property='og:logo' size='900x887'> <meta content='/qwiklabs_logo_994x187.png' property='og:logo' size='994x187'> <meta property="og:url" content="https://www.cloudskillsboost.google/paths/187/course_templates/442" /><link href="https://www.cloudskillsboost.google/paths/187/course_templates/442" rel="canonical" /> <link href='https://cdn.qwiklabs.com/X46FrQX4iLxHW5MxL8jICvgZM0evMEKscCeQO%2BazGdo%3D' rel='shortcut icon' type='image/x-icon'> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Oswald:400|Roboto+Mono:400,700|Roboto:300,400,500,700|Google+Sans:300,400,500,700|Google+Sans+Display:400|Material+Icons|Google+Material+Icons|Google+Sans+Text:400,500,700" media="screen" /> <link rel="stylesheet" href="https://cdn.qwiklabs.com/assets/application-695216663cb0699363a80338f91725185aa37b9c.css" media="all" /> <link rel="stylesheet" href="https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css" media="screen" /> <style> :root { --primary-text-on-surface-color: #0b57d0; --primary-text-on-surface-color-dark: #0a4eba; --primary-text-on-surface-color-darker: #0945a4; --primary-text-on-surface-color-darkest: #083c8f; --primary-surface-color: #0b57d0; --primary-surface-color-rgb: 11,87,208; --primary-surface-color-light: #cfe0fc; --primary-surface-color-lightest: #e7f0fe; --text-on-primary-color: #ffffff; --accent-text-on-surface-color: #f000e8; --accent-surface-color: #f9ab00; --accent-surface-color-rgb: 249,171,0; --accent-surface-color-light: #ffefcc; --text-on-accent-color: #202124; } </style> </head> <body class=' course-template-show-body course-layout-body l-full no-nav learner-layout-body '> <ql-drawer-container class='body-container'> <ql-drawer id='app-nav' mode='over' slot='drawer' width='288'> <div class='nav-panel__logo'> <div class="custom-logo"><img alt="Google Cloud Skills Boost" height="24" aria-label="Google Cloud Skills Boost" src="https://cdn.qwiklabs.com/PGyhmgS3zZncIEGywnx5UXsKwepRRFQ9BhAg%2FWHNrlQ%3D" /></div> </div> <nav class='ql-sidenav'> <ql-sidenav-item href='/catalog' icon='school' label='Explore'></ql-sidenav-item> <ql-sidenav-item active href='/paths' icon='playlist_add_check' label='Paths'></ql-sidenav-item> <ql-sidenav-item href='/subscriptions' icon='subscriptions' label='Subscriptions'></ql-sidenav-item> <ql-button class='outline-back' hairline icon='arrow_forward' label='Back' onclick='ql.toggleAppNav(false)'></ql-button> </nav> </ql-drawer> <ql-drawer-content class='body-content' slot='drawer-content'> <div class='sticky'> <ql-toolbar class='app-toolbar' jumpEnabled role='banner'> <div class='toolbar-navigation' slot='navigation'> <ql-toggle-button class='always-show' for='outline-drawer' icon='menu' id='menu-toggle' label='Toggle course outline' tip='Toggle course outline'></ql-toggle-button> </div> <div class='toolbar-title ql-title-medium' slot='title'><a class="custom-logo" aria-label="Google Cloud Skills Boost" href="/"><div class="custom-logo"><img alt="Google Cloud Skills Boost" height="24" aria-label="Google Cloud Skills Boost" src="https://cdn.qwiklabs.com/PGyhmgS3zZncIEGywnx5UXsKwepRRFQ9BhAg%2FWHNrlQ%3D" /></div></a> </div> <div class='toolbar-tabs' role='tablist' slot='tabs'><ql-tab href='/catalog' label='Explore'></ql-tab> <ql-tab href='/paths' label='Paths'></ql-tab> <ql-tab href='/subscriptions' label='Subscriptions'></ql-tab> <div class='search-bar-container'> <form class="header-search-form" action="/catalog" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓" autocomplete="off" /> <input autocomplete='off' class='header-search-input' id='searchbar-autocomplete' name='keywords' placeholder='Search'> <div class='elevation-3' id='searchbar-autocomplete-loading-icon'> <ql-spinner></ql-spinner> <div class='ql-body-small'>Loading...</div> </div> <div class='elevation-3' id='searchbar-autocomplete-no-results'> <div class='ql-body-small'>No results found.</div> </div> <ul class='hide' id='searchbar-autocomplete-menu'></ul> </form> <ql-icon-button class='search-bar-button' icon='search' label='Search for Cloud Skills Boost content'></ql-icon-button> <ql-icon-button class='exit-search-button' icon='close' label='Exit search'></ql-icon-button> </div> </div> <div class='toolbar-actions' slot='action'> <ql-icon-button icon='share' id='share_442' label='Share on social media' tip='Share'></ql-icon-button> <ql-menu for='share_442'> <ql-menu-item data-analytics-action='Shared to LinkedIn Feed.' data-analytics-category='CourseTemplate' data-analytics-label='Security Practices with Google Security Operations - SIEM' href='https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.cloudskillsboost.google%2Fcourse_templates%2F442%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin%26utm_campaign%3Dql-social-share' icon='post_linkedin' label='Share on LinkedIn Feed' role='link' target='_blank'> <span class='label'>Share on LinkedIn Feed</span> </ql-menu-item> <ql-menu-item data-analytics-action='Shared to Twitter.' data-analytics-category='CourseTemplate' data-analytics-label='Security Practices with Google Security Operations - SIEM' href='https://twitter.com/intent/tweet?text=Excited%20to%20share%20what%20I%E2%80%99m%20learning%20on%20%23GoogleCloudSkillsBoost&url=https%3A%2F%2Fwww.cloudskillsboost.google%2Fcourse_templates%2F442%3Futm_medium%3Dsocial%26utm_source%3Dtwitter%26utm_campaign%3Dql-social-share&hashtags=' icon='post_twitter' label='Twitter' role='link' target='_blank'> <span class='label'>Twitter</span> </ql-menu-item> <ql-menu-item data-analytics-action='Shared to Facebook.' data-analytics-category='CourseTemplate' data-analytics-label='Security Practices with Google Security Operations - SIEM' href='https://facebook.com/sharer.php?display=popup&u=https%3A%2F%2Fwww.cloudskillsboost.google%2Fcourse_templates%2F442%3Futm_medium%3Dsocial%26utm_source%3Dfacebook%26utm_campaign%3Dql-social-share' icon='post_facebook' label='Facebook' role='link' target='_blank'> <span class='label'>Facebook</span> </ql-menu-item> <ql-copyable-input label='Share Link' value='https://www.cloudskillsboost.google/course_templates/442'></ql-copyable-input> </ql-menu> <ql-icon-button class='header-search-button' icon='search' label='Search for Cloud Skills Boost content' tip='Search'></ql-icon-button> <ql-icon-button class='mobile-hide' icon='help_outline' id='help-menu-button' label='Open help menu' tip='Help'></ql-icon-button> <ql-menu for='help-menu-button' id='help-menu'> <ql-menu-item data-analytics-action='opened_help' data-analytics-label='course' label='Help Center' onclick='hallofmirrors.helpService.startHelp({"productData":{"userId":58292265},"context":"course"})'></ql-menu-item> <ql-menu-item href='mailto:support@qwiklabs.com' label='Email support'></ql-menu-item> <ql-menu-item label='Send feedback' onclick='userfeedback.api.startFeedback( { 'productId': '5080217', 'enableAnonymousFeedback': true, 'authuser': 'undefined', 'locale': 'en' }, { 'user_id': '58292265', 'current_organization': '' })'></ql-menu-item> <ql-menu-item href='https://reportingwidget.google.com/widget/54?cid=1&url=https://www.cloudskillsboost.google/paths/187/course_templates/442?' label='Report Illegal Content'></ql-menu-item> </ql-menu> <ql-icon-button class='mobile-hide' icon='language' id='language' label='Select your language preference' tip='Language'></ql-icon-button> <ql-menu for='language'> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='ar' href='/paths/187/course_templates/442?locale=ar' label='العربية' lang='ar'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='de' href='/paths/187/course_templates/442?locale=de' label='Deutsch' lang='de'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='en' href='/paths/187/course_templates/442?locale=en' label='English' lang='en'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='es' href='/paths/187/course_templates/442?locale=es' label='español (Latinoamérica)' lang='es'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='fr' href='/paths/187/course_templates/442?locale=fr' label='français' lang='fr'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='fr_CA' href='/paths/187/course_templates/442?locale=fr_CA' label='français (Canada)' lang='fr-CA'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='he' href='/paths/187/course_templates/442?locale=he' label='עברית' lang='he'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='id' href='/paths/187/course_templates/442?locale=id' label='bahasa Indonesia' lang='id'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='it' href='/paths/187/course_templates/442?locale=it' label='italiano' lang='it'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='ja' href='/paths/187/course_templates/442?locale=ja' label='日本語' lang='ja'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='ko' href='/paths/187/course_templates/442?locale=ko' label='한국어' lang='ko'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='pl' href='/paths/187/course_templates/442?locale=pl' label='polski' lang='pl'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='pt_BR' href='/paths/187/course_templates/442?locale=pt_BR' label='português (Brasil)' lang='pt-BR'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='pt_PT' href='/paths/187/course_templates/442?locale=pt_PT' label='português (Portugal)' lang='pt-PT'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='ru' href='/paths/187/course_templates/442?locale=ru' label='русский' lang='ru'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='tr' href='/paths/187/course_templates/442?locale=tr' label='Türkçe' lang='tr'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='uk' href='/paths/187/course_templates/442?locale=uk' label='українська' lang='uk'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='zh' href='/paths/187/course_templates/442?locale=zh' label='简体中文' lang='zh'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='zh_TW' href='/paths/187/course_templates/442?locale=zh_TW' label='繁體中文' lang='zh-TW'></ql-menu-item> </ql-menu> <ql-button class='mobile-hide' data-analytics-action='clicked_header_sign_in' href='/users/sign_in' label='Sign in' text></ql-button> <ql-button data-analytics-action='clicked_header_join' href='/users/sign_up' label='Join'></ql-button> <script src='https://accounts.google.com/gsi/client'></script> <div data-authenticity_token='VcZwDuJegob7iunFnz9F/pG0MeLWIBSr+uI+KNOzOmjzW7xRymLGVtMwzjgV9fC5l5h8dhsjj9ku/5a7tST8nw==' data-cancel_on_tap_outside='false' data-client_id='1023251155897-tb54g624q9e77gtsrnemgv4c2ihekurv.apps.googleusercontent.com' data-login_uri='/auth/google?tos=false' data-prompt_parent_id='g_id_onload' data-turbo='false' id='g_id_onload'></div> </div> </ql-toolbar> <div id='callout-container'> </div> </div> <div class='page-header'> <ql-toolbar class='page-toolbar'> <h1 class='toolbar-title ql-title-medium' slot='title'>Google Cloud Skills Boost</h1> <div class='toolbar-actions' slot='action'></div> </ql-toolbar> <div class='page-banner js-page-banner'> <div class='content'><span> Your Learning progress might get lost. <a href="/users/sign_in">Sign in</a> or <a href="/users/sign_up">Join</a> to save your progress. </span> </div> <ql-icon-button class='js-close-banner'>close</ql-icon-button> </div> </div> <main id='jump-content'> <ql-drawer-container class='course-container'> <ql-drawer class='course-drawer course-drawer-left' id='outline-drawer' localStorageId='course-outline' open responsive='965' slot='drawer' width='240'> <div class='course-outline-header'> <ql-button class='main-menu' icon='arrow_back' label='Main menu' onclick='ql.toggleAppNav()' text></ql-button> <div class='course-info'> <h2 class='ql-title-medium learning-path-idx'>01</h2> <h2 class='ql-title-medium'> Security Practices with Google Security Operations - SIEM </h2> </div> </div> <ql-course-outline coursePath='/paths/187/course_templates/442' modules='[{"id":"69602","title":"Foundations of Chronicle","description":"\u003cp\u003eThis module covers all information that is fundamental to working with Chronicle, covering Chronicle architecture, UI, and concepts like UDM.\u003c/p\u003e","steps":[{"id":"479946","prompt":null,"isOptional":true,"activities":[{"id":"472748","href":"/paths/187/course_templates/442/video/472748","isLocked":false,"duration":214000,"title":"Overview: What is Chronicle, and why is it useful?","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479947","prompt":null,"isOptional":true,"activities":[{"id":"472749","href":"/paths/187/course_templates/442/video/472749","isLocked":false,"duration":648000,"title":"Overview: Chronicle demo","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479948","prompt":null,"isOptional":true,"activities":[{"id":"472750","href":"/paths/187/course_templates/442/documents/472750","isLocked":false,"duration":1800000,"title":"Overview: Chronicle website","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479949","prompt":null,"isOptional":true,"activities":[{"id":"472751","href":"/paths/187/course_templates/442/documents/472751","isLocked":false,"duration":1800000,"title":"Overview: Chronicle help documentation","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479950","prompt":null,"isOptional":true,"activities":[{"id":"472752","href":"/paths/187/course_templates/442/video/472752","isLocked":false,"duration":358000,"title":"User Interface: Structured query search","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479951","prompt":null,"isOptional":true,"activities":[{"id":"472753","href":"/paths/187/course_templates/442/video/472753","isLocked":false,"duration":214000,"title":"User Interface: Raw log scan","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479952","prompt":null,"isOptional":true,"activities":[{"id":"472754","href":"/paths/187/course_templates/442/video/472754","isLocked":false,"duration":426000,"title":"User Interface: Chronicle Views (incl. IP view, Domain view, Hash view, Asset view)","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479953","prompt":null,"isOptional":true,"activities":[{"id":"472755","href":"/paths/187/course_templates/442/video/472755","isLocked":false,"duration":193000,"title":"User Interface: Enterprise Insights","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479954","prompt":null,"isOptional":true,"activities":[{"id":"472756","href":"/paths/187/course_templates/442/video/472756","isLocked":false,"duration":422000,"title":"User Interface: Dashboard Views","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479955","prompt":null,"isOptional":true,"activities":[{"id":"472757","href":"/paths/187/course_templates/442/video/472757","isLocked":false,"duration":556000,"title":"User Interface: Rules Views, Rule Dashboard, Managed Analystics,. Rule Editor","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479956","prompt":null,"isOptional":true,"activities":[{"id":"472758","href":"/paths/187/course_templates/442/video/472758","isLocked":false,"duration":613000,"title":"Other Fundamental Chronicle Concepts: UDM Overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479957","prompt":null,"isOptional":true,"activities":[{"id":"472759","href":"/paths/187/course_templates/442/documents/472759","isLocked":false,"duration":1800000,"title":"Other Fundamental Chronicle Concetps: UDM Help Center Documentations","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69603","title":"Collecting and Parsing Data","description":"\u003cp\u003eThis module will teach you all of the ways in which data can be ingested into Chronicle and how parsers and the syntax behind them are used to normalize this data. Includes topics such as: Chronicle Forwarder, 3rd Party API Feeds, and the Ingestion API.\u003c/p\u003e","steps":[{"id":"479958","prompt":null,"isOptional":true,"activities":[{"id":"472760","href":"/paths/187/course_templates/442/documents/472760","isLocked":false,"duration":1800000,"title":"Getting Data: List of Supported data / log sources","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479959","prompt":null,"isOptional":true,"activities":[{"id":"472761","href":"/paths/187/course_templates/442/video/472761","isLocked":false,"duration":294000,"title":"Getting Data: Methods of ingestion data into Chronicle","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479960","prompt":null,"isOptional":true,"activities":[{"id":"472762","href":"/paths/187/course_templates/442/documents/472762","isLocked":false,"duration":1800000,"title":"Getting Data: How to guide for ingesting AWS Logs into Chronicle","description":null,"type":"document","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479961","prompt":null,"isOptional":true,"activities":[{"id":"472763","href":"/paths/187/course_templates/442/documents/472763","isLocked":false,"duration":1800000,"title":"Getting Data: Feed Management API","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479962","prompt":null,"isOptional":true,"activities":[{"id":"472764","href":"/paths/187/course_templates/442/documents/472764","isLocked":false,"duration":1800000,"title":"Getting Data: How to guide for troubleshooting Forwarder issues / monitoring Forwarder health","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479963","prompt":null,"isOptional":true,"activities":[{"id":"472765","href":"/paths/187/course_templates/442/documents/472765","isLocked":false,"duration":1800000,"title":"Getting Data: When to use the Ingest API vs. the Feed Management UI or Forwarder","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479964","prompt":null,"isOptional":true,"activities":[{"id":"472766","href":"/paths/187/course_templates/442/documents/472766","isLocked":false,"duration":1800000,"title":"Getting Data: How-to guide: Overview Ingest API with example configuration","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479965","prompt":null,"isOptional":true,"activities":[{"id":"472767","href":"/paths/187/course_templates/442/documents/472767","isLocked":false,"duration":1800000,"title":"Getting Data: Help Center on Ingestion API","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479966","prompt":null,"isOptional":true,"activities":[{"id":"472768","href":"/paths/187/course_templates/442/video/472768","isLocked":false,"duration":213000,"title":"Parsing data: Overview of writing parsers","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479967","prompt":null,"isOptional":true,"activities":[{"id":"472769","href":"/paths/187/course_templates/442/video/472769","isLocked":false,"duration":194000,"title":"Parsing data: Parser API overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479968","prompt":null,"isOptional":true,"activities":[{"id":"472770","href":"/paths/187/course_templates/442/documents/472770","isLocked":false,"duration":1800000,"title":"Parsing Data: Supported Default Parsers","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479969","prompt":null,"isOptional":true,"activities":[{"id":"472771","href":"/paths/187/course_templates/442/documents/472771","isLocked":false,"duration":1800000,"title":"Parsing data: When to use default parsers","description":null,"type":"document","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479970","prompt":null,"isOptional":true,"activities":[{"id":"472772","href":"/paths/187/course_templates/442/documents/472772","isLocked":false,"duration":1800000,"title":"Parsing Data: How-to: JSON parser example guide","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479971","prompt":null,"isOptional":true,"activities":[{"id":"472773","href":"/paths/187/course_templates/442/documents/472773","isLocked":false,"duration":1800000,"title":"Parsing Data: How-to: KeyValue example guide","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479972","prompt":null,"isOptional":true,"activities":[{"id":"472774","href":"/paths/187/course_templates/442/documents/472774","isLocked":false,"duration":1800000,"title":"Parsing data: How-to: GROK example guide","description":null,"type":"document","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69604","title":"Access","description":"\u003cp\u003eThis module will teach you how to access Chronicle and learn about roles, admin views, and data lakes. Partners will also learn how to create API keys for customers.\u003c/p\u003e","steps":[{"id":"479973","prompt":null,"isOptional":true,"activities":[{"id":"472775","href":"/paths/187/course_templates/442/video/472775","isLocked":false,"duration":252000,"title":"Authentication: How to configure IdPs, using GCP as an example","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479974","prompt":null,"isOptional":true,"activities":[{"id":"472776","href":"/paths/187/course_templates/442/documents/472776","isLocked":false,"duration":1800000,"title":"Authentication: How to guide for configuring Okta IdP","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479975","prompt":null,"isOptional":true,"activities":[{"id":"472777","href":"/paths/187/course_templates/442/documents/472777","isLocked":false,"duration":1800000,"title":"Authenication: How to guide for configuring Azure IdP","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479976","prompt":null,"isOptional":true,"activities":[{"id":"472778","href":"/paths/187/course_templates/442/documents/472778","isLocked":false,"duration":1800000,"title":"Authenication: How to guide for configuring Cloud Identity IdP","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479977","prompt":null,"isOptional":true,"activities":[{"id":"472779","href":"/paths/187/course_templates/442/video/472779","isLocked":false,"duration":318000,"title":"Authorization: Role Based Access Control overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479978","prompt":null,"isOptional":true,"activities":[{"id":"472780","href":"/paths/187/course_templates/442/documents/472780","isLocked":false,"duration":1800000,"title":"Authorization: Help Center: Role-Based Access Control (RBAC)","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479979","prompt":null,"isOptional":true,"activities":[{"id":"472781","href":"/paths/187/course_templates/442/documents/472781","isLocked":false,"duration":1800000,"title":"Authorization:Help Center: Roles and permissions","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69605","title":"Building Rules to Find Threats","description":"\u003cp\u003eThis module will teach you how to detect threats using rules written in YARA-L, share common examples, and showcase how to use the Chronicle UI.\u003c/p\u003e","steps":[{"id":"479980","prompt":null,"isOptional":true,"activities":[{"id":"472782","href":"/paths/187/course_templates/442/video/472782","isLocked":false,"duration":254000,"title":"Rules overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479981","prompt":null,"isOptional":true,"activities":[{"id":"472783","href":"/paths/187/course_templates/442/documents/472783","isLocked":false,"duration":1800000,"title":"Help Center: Rules dashboard","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479982","prompt":null,"isOptional":true,"activities":[{"id":"472784","href":"/paths/187/course_templates/442/video/472784","isLocked":false,"duration":249000,"title":"Rules Engine overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479983","prompt":null,"isOptional":true,"activities":[{"id":"472785","href":"/paths/187/course_templates/442/documents/472785","isLocked":false,"duration":1800000,"title":"Help Center: Rules editor","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479984","prompt":null,"isOptional":true,"activities":[{"id":"472786","href":"/paths/187/course_templates/442/video/472786","isLocked":false,"duration":529000,"title":"Demo: Building a YARA-L Rule","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479985","prompt":null,"isOptional":true,"activities":[{"id":"472787","href":"/paths/187/course_templates/442/documents/472787","isLocked":false,"duration":1800000,"title":"YARA-L 2.0 language syntax","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479986","prompt":null,"isOptional":true,"activities":[{"id":"472788","href":"/paths/187/course_templates/442/documents/472788","isLocked":false,"duration":1800000,"title":"How to write a rule for a single / multi-event","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479987","prompt":null,"isOptional":true,"activities":[{"id":"472789","href":"/paths/187/course_templates/442/documents/472789","isLocked":false,"duration":1800000,"title":"How to write a rule for EntityGraph","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479988","prompt":null,"isOptional":true,"activities":[{"id":"472790","href":"/paths/187/course_templates/442/video/472790","isLocked":false,"duration":373000,"title":"How to Deploy a rule using the Detection API","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479989","prompt":null,"isOptional":true,"activities":[{"id":"472791","href":"/paths/187/course_templates/442/documents/472791","isLocked":false,"duration":1800000,"title":"Detection API overview","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479990","prompt":null,"isOptional":true,"activities":[{"id":"472792","href":"/paths/187/course_templates/442/video/472792","isLocked":false,"duration":244000,"title":"Rule Detections View \n(Finding detections of rule in the rule detection view UI)","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479991","prompt":null,"isOptional":true,"activities":[{"id":"472793","href":"/paths/187/course_templates/442/documents/472793","isLocked":false,"duration":1800000,"title":"Troubleshooting Rules: Community Help Forum","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69606","title":"Investigating Threats","description":"\u003cp\u003eThis module will teach you how to investigate threats using Chronicle UI Looker Dashboards and APIs, as well as leverage context enrichment to perform accurate investigations and how to deal with false positives. For Exercises 1-6, these files need to be downloaded and uploaded to https://colab.sandbox.google.com/\u003c/p\u003e","steps":[{"id":"479992","prompt":null,"isOptional":true,"activities":[{"id":"472794","href":"/paths/187/course_templates/442/video/472794","isLocked":false,"duration":577000,"title":"Ways to investigate a threat","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479993","prompt":null,"isOptional":true,"activities":[{"id":"472795","href":"/paths/187/course_templates/442/video/472795","isLocked":false,"duration":767000,"title":"Demoing the Chronicle search UI","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479994","prompt":null,"isOptional":true,"activities":[{"id":"472796","href":"/paths/187/course_templates/442/documents/472796","isLocked":false,"duration":1800000,"title":"Looker Help Center","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479995","prompt":null,"isOptional":true,"activities":[{"id":"472797","href":"/paths/187/course_templates/442/documents/472797","isLocked":false,"duration":1800000,"title":"Chronicle Search API","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479996","prompt":null,"isOptional":true,"activities":[{"id":"472798","href":"/paths/187/course_templates/442/documents/472798","isLocked":false,"duration":1800000,"title":"Accessing the Chronicle Data Lake","description":null,"type":"document","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479997","prompt":null,"isOptional":true,"activities":[{"id":"472799","href":"/paths/187/course_templates/442/documents/472799","isLocked":false,"duration":1800000,"title":"Chronicle Data Lake structure - reference \n(incl. Dataset \u0026 Tables, Schema, Retention)","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479998","prompt":null,"isOptional":true,"activities":[{"id":"472800","href":"/paths/187/course_templates/442/video/472800","isLocked":false,"duration":302000,"title":"What is BigQuery and how can you use it to hunt for and report threats?","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479999","prompt":null,"isOptional":true,"activities":[{"id":"472801","href":"/paths/187/course_templates/442/documents/472801","isLocked":false,"duration":1800000,"title":"Excercise Files","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480000","prompt":null,"isOptional":true,"activities":[{"id":"472802","href":"/paths/187/course_templates/442/documents/472802","isLocked":false,"duration":1800000,"title":"Reference: SQL functions","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480001","prompt":null,"isOptional":true,"activities":[{"id":"472803","href":"/paths/187/course_templates/442/documents/472803","isLocked":false,"duration":1800000,"title":"Reference: Understanding repeated fields/ Joining Data \u0026 Enums","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69607","title":"Responding to Threats","description":"\u003cp\u003eThis module will teach you how Google Chronicle can be used by 3rd party or SOAR solutions, such as Google Cloud Siemplify, to respond to Threats.\u003c/p\u003e","steps":[{"id":"480002","prompt":null,"isOptional":true,"activities":[{"id":"472804","href":"/paths/187/course_templates/442/video/472804","isLocked":false,"duration":544000,"title":"How to respond to threats, best practices, recommendation to use a SOAR for systematic responses","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480003","prompt":null,"isOptional":true,"activities":[{"id":"472805","href":"/paths/187/course_templates/442/documents/472805","isLocked":false,"duration":1800000,"title":"How-to guide for Siemplify integration","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480004","prompt":null,"isOptional":true,"activities":[{"id":"472806","href":"/paths/187/course_templates/442/documents/472806","isLocked":false,"duration":1800000,"title":"Siemplify documentation (e.g. APIs)","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69608","title":"Quiz","description":"\u003cp\u003ePlease answer the following 40 questions to test your knowledge based on the course material you have just reviewed. If you earn 70% or higher, you will be awarded a Chronicle Technical Skills Badge.\u003c/p\u003e","steps":[{"id":"480005","prompt":null,"isOptional":false,"activities":[{"id":"472807","href":"/paths/187/course_templates/442/quizzes/472807","isLocked":false,"duration":11700000,"title":"Chronicle Technical Training Quiz","description":null,"type":"quiz","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"next-steps","title":"Your Next Steps","description":null,"steps":[{"id":"badge-step","prompt":null,"isOptional":true,"activities":[{"id":"badge","href":null,"isLocked":true,"duration":null,"title":"Course Badge","description":null,"type":"badge","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":true}]'></ql-course-outline> </ql-drawer> <ql-drawer-content class='course-activity' slot='drawer-content'> <div class='course-activity-header'> <div class='breadcrumbs ql-label-medium'> <a id="path_name" href="/paths/187">Path</a> <ql-icon>navigate_next</ql-icon> <a id="course_name" href="/paths/187/course_templates/442">Course</a> <ql-icon>navigate_next</ql-icon> Overview </div> </div> <div class='course-activity-content'> <div class='course-wrapper'> <div class='course-top-matter'> <div class='course-title'> <ql-activity-label activity='course'></ql-activity-label> <div class='title-text'> <h2 class='ql-display-small learning-path-idx'>01</h2> <h1 class='ql-display-small'>Security Practices with Google Security Operations - SIEM</h1> </div> </div> <div class='course-progress'> </div> <div class='course-skills'> <div class='course-skills-chips'> <ql-icon class='course-skills-icon'>magic_button</ql-icon> <ql-chip gradient> Cloud Monitoring and Logging </ql-chip> <ql-chip gradient> Cloud Security </ql-chip> <ql-chip gradient> Chronicle </ql-chip> </div> <div class='course-skills-disclaimer'> These skills were generated by A.I. Do you agree this course teaches these skills? <ql-icon-button class='course-skills-button' href='/course_templates/442/review_skills?response_ids%5B%5D=53157678&response_ids%5B%5D=53157679&response_ids%5B%5D=53157680&score=1' icon='thumb_up_alt' method='post'></ql-icon-button> <ql-icon-button class='course-skills-button' icon='thumb_down_alt' onclick='document.querySelector('#skills_survey_modal').open();'></ql-icon-button> </div> <ql-dialog class='skills_survey_modal' id='skills_survey_modal' noDefaultAction> <ql-ai-feedback allowBlankSubmit disclaimer='Note: If you don't provide feedback, you acknowledge that the course successfully teaches the specified skills.' itemResponses='[{"id":"53157678","surveyItem":{"id":"175","stem":"Cloud Monitoring and Logging"},"feedbackFreeText":"","feedbackCategories":[],"submitted":false},{"id":"53157679","surveyItem":{"id":"176","stem":"Cloud Security"},"feedbackFreeText":"","feedbackCategories":[],"submitted":false},{"id":"53157680","surveyItem":{"id":"177","stem":"Chronicle"},"feedbackFreeText":"","feedbackCategories":[],"submitted":false}]' rating='downvote'></ql-ai-feedback> </ql-dialog> </div> <div class='course-details'> <span class='course-detail'> <ql-icon icon='date_range'></ql-icon> 8 hours </span> <span class='course-detail'> <ql-icon icon='show_chart'></ql-icon> Intermediate </span> <span class='course-detail'> <ql-icon>universal_currency_alt</ql-icon> No cost </span> </div> <div class='course-description'><p>Learn the technical aspects you need to know about Chronicle and how it can help you detect and action threats.</p></div> <div class='course-badge-buttons'> <div class='course-badge-buttons__text-badge-section'> <div class='course-badge-buttons__text'> <p>When you complete this course, you can earn the badge displayed here! View all the badges you have earned by visiting your profile page. Boost your cloud career by showing the world the skills you have developed!</p> </div> <div class='course-badge-buttons__badge'> <div class='course-badge'> <img alt="Badge for Security Practices with Google Security Operations - SIEM" src="https://cdn.qwiklabs.com/vtj%2Fn607pbqsutnnNv06u1BnBMes9EcXUoYcN6FATlg%3D" /> </div> </div> </div> <div class='course-badge-buttons__buttons'> </div> </div> </div> <div class='course-curriculum'> <ql-course courseId='14426' modules='[{"id":"69602","title":"Foundations of Chronicle","description":"\u003cp\u003eThis module covers all information that is fundamental to working with Chronicle, covering Chronicle architecture, UI, and concepts like UDM.\u003c/p\u003e","steps":[{"id":"479946","prompt":null,"isOptional":true,"activities":[{"id":"472748","href":"/paths/187/course_templates/442/video/472748","isLocked":false,"duration":214000,"title":"Overview: What is Chronicle, and why is it useful?","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479947","prompt":null,"isOptional":true,"activities":[{"id":"472749","href":"/paths/187/course_templates/442/video/472749","isLocked":false,"duration":648000,"title":"Overview: Chronicle demo","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479948","prompt":null,"isOptional":true,"activities":[{"id":"472750","href":"/paths/187/course_templates/442/documents/472750","isLocked":false,"duration":1800000,"title":"Overview: Chronicle website","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479949","prompt":null,"isOptional":true,"activities":[{"id":"472751","href":"/paths/187/course_templates/442/documents/472751","isLocked":false,"duration":1800000,"title":"Overview: Chronicle help documentation","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479950","prompt":null,"isOptional":true,"activities":[{"id":"472752","href":"/paths/187/course_templates/442/video/472752","isLocked":false,"duration":358000,"title":"User Interface: Structured query search","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479951","prompt":null,"isOptional":true,"activities":[{"id":"472753","href":"/paths/187/course_templates/442/video/472753","isLocked":false,"duration":214000,"title":"User Interface: Raw log scan","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479952","prompt":null,"isOptional":true,"activities":[{"id":"472754","href":"/paths/187/course_templates/442/video/472754","isLocked":false,"duration":426000,"title":"User Interface: Chronicle Views (incl. IP view, Domain view, Hash view, Asset view)","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479953","prompt":null,"isOptional":true,"activities":[{"id":"472755","href":"/paths/187/course_templates/442/video/472755","isLocked":false,"duration":193000,"title":"User Interface: Enterprise Insights","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479954","prompt":null,"isOptional":true,"activities":[{"id":"472756","href":"/paths/187/course_templates/442/video/472756","isLocked":false,"duration":422000,"title":"User Interface: Dashboard Views","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479955","prompt":null,"isOptional":true,"activities":[{"id":"472757","href":"/paths/187/course_templates/442/video/472757","isLocked":false,"duration":556000,"title":"User Interface: Rules Views, Rule Dashboard, Managed Analystics,. Rule Editor","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479956","prompt":null,"isOptional":true,"activities":[{"id":"472758","href":"/paths/187/course_templates/442/video/472758","isLocked":false,"duration":613000,"title":"Other Fundamental Chronicle Concepts: UDM Overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479957","prompt":null,"isOptional":true,"activities":[{"id":"472759","href":"/paths/187/course_templates/442/documents/472759","isLocked":false,"duration":1800000,"title":"Other Fundamental Chronicle Concetps: UDM Help Center Documentations","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69603","title":"Collecting and Parsing Data","description":"\u003cp\u003eThis module will teach you all of the ways in which data can be ingested into Chronicle and how parsers and the syntax behind them are used to normalize this data. Includes topics such as: Chronicle Forwarder, 3rd Party API Feeds, and the Ingestion API.\u003c/p\u003e","steps":[{"id":"479958","prompt":null,"isOptional":true,"activities":[{"id":"472760","href":"/paths/187/course_templates/442/documents/472760","isLocked":false,"duration":1800000,"title":"Getting Data: List of Supported data / log sources","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479959","prompt":null,"isOptional":true,"activities":[{"id":"472761","href":"/paths/187/course_templates/442/video/472761","isLocked":false,"duration":294000,"title":"Getting Data: Methods of ingestion data into Chronicle","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479960","prompt":null,"isOptional":true,"activities":[{"id":"472762","href":"/paths/187/course_templates/442/documents/472762","isLocked":false,"duration":1800000,"title":"Getting Data: How to guide for ingesting AWS Logs into Chronicle","description":null,"type":"document","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479961","prompt":null,"isOptional":true,"activities":[{"id":"472763","href":"/paths/187/course_templates/442/documents/472763","isLocked":false,"duration":1800000,"title":"Getting Data: Feed Management API","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479962","prompt":null,"isOptional":true,"activities":[{"id":"472764","href":"/paths/187/course_templates/442/documents/472764","isLocked":false,"duration":1800000,"title":"Getting Data: How to guide for troubleshooting Forwarder issues / monitoring Forwarder health","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479963","prompt":null,"isOptional":true,"activities":[{"id":"472765","href":"/paths/187/course_templates/442/documents/472765","isLocked":false,"duration":1800000,"title":"Getting Data: When to use the Ingest API vs. the Feed Management UI or Forwarder","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479964","prompt":null,"isOptional":true,"activities":[{"id":"472766","href":"/paths/187/course_templates/442/documents/472766","isLocked":false,"duration":1800000,"title":"Getting Data: How-to guide: Overview Ingest API with example configuration","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479965","prompt":null,"isOptional":true,"activities":[{"id":"472767","href":"/paths/187/course_templates/442/documents/472767","isLocked":false,"duration":1800000,"title":"Getting Data: Help Center on Ingestion API","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479966","prompt":null,"isOptional":true,"activities":[{"id":"472768","href":"/paths/187/course_templates/442/video/472768","isLocked":false,"duration":213000,"title":"Parsing data: Overview of writing parsers","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479967","prompt":null,"isOptional":true,"activities":[{"id":"472769","href":"/paths/187/course_templates/442/video/472769","isLocked":false,"duration":194000,"title":"Parsing data: Parser API overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479968","prompt":null,"isOptional":true,"activities":[{"id":"472770","href":"/paths/187/course_templates/442/documents/472770","isLocked":false,"duration":1800000,"title":"Parsing Data: Supported Default Parsers","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479969","prompt":null,"isOptional":true,"activities":[{"id":"472771","href":"/paths/187/course_templates/442/documents/472771","isLocked":false,"duration":1800000,"title":"Parsing data: When to use default parsers","description":null,"type":"document","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479970","prompt":null,"isOptional":true,"activities":[{"id":"472772","href":"/paths/187/course_templates/442/documents/472772","isLocked":false,"duration":1800000,"title":"Parsing Data: How-to: JSON parser example guide","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479971","prompt":null,"isOptional":true,"activities":[{"id":"472773","href":"/paths/187/course_templates/442/documents/472773","isLocked":false,"duration":1800000,"title":"Parsing Data: How-to: KeyValue example guide","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479972","prompt":null,"isOptional":true,"activities":[{"id":"472774","href":"/paths/187/course_templates/442/documents/472774","isLocked":false,"duration":1800000,"title":"Parsing data: How-to: GROK example guide","description":null,"type":"document","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69604","title":"Access","description":"\u003cp\u003eThis module will teach you how to access Chronicle and learn about roles, admin views, and data lakes. Partners will also learn how to create API keys for customers.\u003c/p\u003e","steps":[{"id":"479973","prompt":null,"isOptional":true,"activities":[{"id":"472775","href":"/paths/187/course_templates/442/video/472775","isLocked":false,"duration":252000,"title":"Authentication: How to configure IdPs, using GCP as an example","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479974","prompt":null,"isOptional":true,"activities":[{"id":"472776","href":"/paths/187/course_templates/442/documents/472776","isLocked":false,"duration":1800000,"title":"Authentication: How to guide for configuring Okta IdP","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479975","prompt":null,"isOptional":true,"activities":[{"id":"472777","href":"/paths/187/course_templates/442/documents/472777","isLocked":false,"duration":1800000,"title":"Authenication: How to guide for configuring Azure IdP","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479976","prompt":null,"isOptional":true,"activities":[{"id":"472778","href":"/paths/187/course_templates/442/documents/472778","isLocked":false,"duration":1800000,"title":"Authenication: How to guide for configuring Cloud Identity IdP","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479977","prompt":null,"isOptional":true,"activities":[{"id":"472779","href":"/paths/187/course_templates/442/video/472779","isLocked":false,"duration":318000,"title":"Authorization: Role Based Access Control overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479978","prompt":null,"isOptional":true,"activities":[{"id":"472780","href":"/paths/187/course_templates/442/documents/472780","isLocked":false,"duration":1800000,"title":"Authorization: Help Center: Role-Based Access Control (RBAC)","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479979","prompt":null,"isOptional":true,"activities":[{"id":"472781","href":"/paths/187/course_templates/442/documents/472781","isLocked":false,"duration":1800000,"title":"Authorization:Help Center: Roles and permissions","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69605","title":"Building Rules to Find Threats","description":"\u003cp\u003eThis module will teach you how to detect threats using rules written in YARA-L, share common examples, and showcase how to use the Chronicle UI.\u003c/p\u003e","steps":[{"id":"479980","prompt":null,"isOptional":true,"activities":[{"id":"472782","href":"/paths/187/course_templates/442/video/472782","isLocked":false,"duration":254000,"title":"Rules overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479981","prompt":null,"isOptional":true,"activities":[{"id":"472783","href":"/paths/187/course_templates/442/documents/472783","isLocked":false,"duration":1800000,"title":"Help Center: Rules dashboard","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479982","prompt":null,"isOptional":true,"activities":[{"id":"472784","href":"/paths/187/course_templates/442/video/472784","isLocked":false,"duration":249000,"title":"Rules Engine overview","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479983","prompt":null,"isOptional":true,"activities":[{"id":"472785","href":"/paths/187/course_templates/442/documents/472785","isLocked":false,"duration":1800000,"title":"Help Center: Rules editor","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479984","prompt":null,"isOptional":true,"activities":[{"id":"472786","href":"/paths/187/course_templates/442/video/472786","isLocked":false,"duration":529000,"title":"Demo: Building a YARA-L Rule","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479985","prompt":null,"isOptional":true,"activities":[{"id":"472787","href":"/paths/187/course_templates/442/documents/472787","isLocked":false,"duration":1800000,"title":"YARA-L 2.0 language syntax","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479986","prompt":null,"isOptional":true,"activities":[{"id":"472788","href":"/paths/187/course_templates/442/documents/472788","isLocked":false,"duration":1800000,"title":"How to write a rule for a single / multi-event","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479987","prompt":null,"isOptional":true,"activities":[{"id":"472789","href":"/paths/187/course_templates/442/documents/472789","isLocked":false,"duration":1800000,"title":"How to write a rule for EntityGraph","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479988","prompt":null,"isOptional":true,"activities":[{"id":"472790","href":"/paths/187/course_templates/442/video/472790","isLocked":false,"duration":373000,"title":"How to Deploy a rule using the Detection API","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479989","prompt":null,"isOptional":true,"activities":[{"id":"472791","href":"/paths/187/course_templates/442/documents/472791","isLocked":false,"duration":1800000,"title":"Detection API overview","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479990","prompt":null,"isOptional":true,"activities":[{"id":"472792","href":"/paths/187/course_templates/442/video/472792","isLocked":false,"duration":244000,"title":"Rule Detections View \n(Finding detections of rule in the rule detection view UI)","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479991","prompt":null,"isOptional":true,"activities":[{"id":"472793","href":"/paths/187/course_templates/442/documents/472793","isLocked":false,"duration":1800000,"title":"Troubleshooting Rules: Community Help Forum","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69606","title":"Investigating Threats","description":"\u003cp\u003eThis module will teach you how to investigate threats using Chronicle UI Looker Dashboards and APIs, as well as leverage context enrichment to perform accurate investigations and how to deal with false positives. For Exercises 1-6, these files need to be downloaded and uploaded to https://colab.sandbox.google.com/\u003c/p\u003e","steps":[{"id":"479992","prompt":null,"isOptional":true,"activities":[{"id":"472794","href":"/paths/187/course_templates/442/video/472794","isLocked":false,"duration":577000,"title":"Ways to investigate a threat","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479993","prompt":null,"isOptional":true,"activities":[{"id":"472795","href":"/paths/187/course_templates/442/video/472795","isLocked":false,"duration":767000,"title":"Demoing the Chronicle search UI","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479994","prompt":null,"isOptional":true,"activities":[{"id":"472796","href":"/paths/187/course_templates/442/documents/472796","isLocked":false,"duration":1800000,"title":"Looker Help Center","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479995","prompt":null,"isOptional":true,"activities":[{"id":"472797","href":"/paths/187/course_templates/442/documents/472797","isLocked":false,"duration":1800000,"title":"Chronicle Search API","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479996","prompt":null,"isOptional":true,"activities":[{"id":"472798","href":"/paths/187/course_templates/442/documents/472798","isLocked":false,"duration":1800000,"title":"Accessing the Chronicle Data Lake","description":null,"type":"document","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479997","prompt":null,"isOptional":true,"activities":[{"id":"472799","href":"/paths/187/course_templates/442/documents/472799","isLocked":false,"duration":1800000,"title":"Chronicle Data Lake structure - reference \n(incl. Dataset \u0026 Tables, Schema, Retention)","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479998","prompt":null,"isOptional":true,"activities":[{"id":"472800","href":"/paths/187/course_templates/442/video/472800","isLocked":false,"duration":302000,"title":"What is BigQuery and how can you use it to hunt for and report threats?","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"479999","prompt":null,"isOptional":true,"activities":[{"id":"472801","href":"/paths/187/course_templates/442/documents/472801","isLocked":false,"duration":1800000,"title":"Excercise Files","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480000","prompt":null,"isOptional":true,"activities":[{"id":"472802","href":"/paths/187/course_templates/442/documents/472802","isLocked":false,"duration":1800000,"title":"Reference: SQL functions","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480001","prompt":null,"isOptional":true,"activities":[{"id":"472803","href":"/paths/187/course_templates/442/documents/472803","isLocked":false,"duration":1800000,"title":"Reference: Understanding repeated fields/ Joining Data \u0026 Enums","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69607","title":"Responding to Threats","description":"\u003cp\u003eThis module will teach you how Google Chronicle can be used by 3rd party or SOAR solutions, such as Google Cloud Siemplify, to respond to Threats.\u003c/p\u003e","steps":[{"id":"480002","prompt":null,"isOptional":true,"activities":[{"id":"472804","href":"/paths/187/course_templates/442/video/472804","isLocked":false,"duration":544000,"title":"How to respond to threats, best practices, recommendation to use a SOAR for systematic responses","description":null,"type":"video","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480003","prompt":null,"isOptional":true,"activities":[{"id":"472805","href":"/paths/187/course_templates/442/documents/472805","isLocked":false,"duration":1800000,"title":"How-to guide for Siemplify integration","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480004","prompt":null,"isOptional":true,"activities":[{"id":"472806","href":"/paths/187/course_templates/442/documents/472806","isLocked":false,"duration":1800000,"title":"Siemplify documentation (e.g. APIs)","description":null,"type":"link","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"69608","title":"Quiz","description":"\u003cp\u003ePlease answer the following 40 questions to test your knowledge based on the course material you have just reviewed. If you earn 70% or higher, you will be awarded a Chronicle Technical Skills Badge.\u003c/p\u003e","steps":[{"id":"480005","prompt":null,"isOptional":false,"activities":[{"id":"472807","href":"/paths/187/course_templates/442/quizzes/472807","isLocked":false,"duration":11700000,"title":"Chronicle Technical Training Quiz","description":null,"type":"quiz","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":false},{"id":"next-steps","title":"Your Next Steps","description":null,"steps":[{"id":"badge-step","prompt":null,"isOptional":true,"activities":[{"id":"badge","href":null,"isLocked":true,"duration":null,"title":"Course Badge","description":null,"type":"badge","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":true}]'></ql-course> <ql-collapsible class='course-info'> <div class='course-info-header' slot='header'> <ql-icon>info</ql-icon> <div class='ql-title-medium'>Course Info</div> </div> <div class='ql-body-medium' slot='collapsible'> <ql-expandable-list> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Objectives</div> </div> <div class='ql-body-medium' slot='collapsible'> <ul> <li> Understand Technical Concepts for Chronicle </li> <li> Learn how to use and deploy Chronicle </li> </ul> </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Prerequisites</div> </div> <div class='ql-body-medium' slot='collapsible'> None </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Audience</div> </div> <div class='ql-body-medium' slot='collapsible'> Google Cloud Customers and Partners </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Available languages</div> </div> <div class='ql-body-medium' slot='collapsible'> English and 日本語 </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>What do I do when I finish this course?</div> </div> <div class='ql-body-medium' slot='collapsible'> After finishing this course, you can explore additional content in your learning path or browse the catalog. </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>What badges can I earn?</div> </div> <div class='ql-body-medium' slot='collapsible'> Upon finishing the required items in a course, you will earn a badge of completion. Badges can be viewed on your profile and shared with your social network. </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Interested in taking this course with one of our authorized on-demand partners? </div> </div> <div class='ql-body-medium' slot='collapsible'> Explore Google Cloud content on <a href="https://www.coursera.org/googlecloud" target="_blank"> Coursera </a> and <a href="https://www.pluralsight.com/authors/google-cloud" target="_blank"> Pluralsight. </a> </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Prefer learning with an instructor? </div> </div> <div class='ql-body-medium' slot='collapsible'> View the public classroom schedule <a href="https://cloud.google.com/training/courses" target="_blank"> here. </a> </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Can I take this course for free?</div> </div> <div class='ql-body-medium' slot='collapsible'> When you enroll into most courses, you will be able to consume course materials like videos and documents for free. If a course consists of labs, you will need to purchase an individual subscription or credits to be able consume the labs. Labs can also be unlocked by any campaigns you participate in. All required activities in a course must be completed to be awarded the completion badge. </div> </ql-collapsible> </ql-expandable-list> </div> </ql-collapsible> </div> </div> </div> </ql-drawer-content> </ql-drawer-container> </main> <footer class='application-footer'> <a target="_blank" href="/privacy_policy">Privacy</a> <a href="/terms_of_service">Terms</a> <a class='glue-cookie-notification-bar-control'>Manage cookies</a> <div class='powered-by'> <span aria-hidden>Powered by</span> <img alt="Powered by Qwiklabs" src="https://cdn.qwiklabs.com/assets/qwiklabs_logo_grayscale-253167e4722753ac463e99dbda9945e0db4a7f88.svg" /> </div> </footer> </ql-drawer-content> </ql-drawer-container> <span class='hidden' id='flash-sibling-before'></span> <ql-snackbar></ql-snackbar> <script data-glue-cookie-notification-bar-category='2A' src='https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.js'></script> <ql-dialog dismissalLabel='Cancel' headline='A newer version of this course is available. Your progress will carry over if you choose to upgrade. However, your completion percentage may change if the new version has added or removed any learning activities. Click the preview button to see the course changes before upgrading.' icon='error' id='course-session-upgrade-modal'> <ql-button href='/paths/187/course_templates/442/preview' label='Preview' slot='action'> Preview </ql-button> </ql-dialog> <script> document.addEventListener("turbo:load", function () { ql.initMaterialInputs(); initChosen(); initTabs(); ql.list.init(); ql.favoriting.init(); ql.header.myAccount.init(); initTooltips(); ql.autocomplete.init(); ql.modals.init(); ql.toggleButtons.init(); ql.analytics.init(); Turbo.session.drive = false; ql.aiFeaturesSurvey.init(); ql.course_resize_layout.init("Google SIEM & SOAR Learning Path", "Path", "Security Practices with Google Security Operations - SIEM", "Course", ""); ql.searchHeader.init(); (new ql.searchAutocomplete()).init({forHeader: true, topSuggestions: [{"label":"machine learning"},{"label":"cloud architecture"},{"label":"generative ai"},{"label":"data analyst"},{"label":"security fundamentals"}]}); ql.messages.init(); ql.jumpContent.init(); }, {once: true}); </script> </body> </html>