Google Security Operations - SIEM Rules | Google Cloud Skills Boost

<!DOCTYPE html> <html lang='en'> <head> <title>Google Security Operations - SIEM Rules | Google Cloud Skills Boost</title> <meta name="action-cable-url" content="/cable" /> <script> //<![CDATA[ window.gon={};gon.deployment="google-run"; //]]> </script> <script> window.dataLayer = window.dataLayer || []; const properties = JSON.parse(atob('eyJsb2NhbGUiOiJlbiIsInVzZXJfcm9sZXMiOiJzdHVkZW50IiwiZmVhdHVyZV9zdXBwb3J0X2NhbGxvdXRzIjp0cnVlLCJmZWF0dXJlX2l3X2FpX2Fzc2lzdGFudCI6dHJ1ZSwiZmVhdHVyZV9mcm9udF9kb29yX2xhbmRpbmdfcGFnZSI6dHJ1ZSwiZmVhdHVyZV9yZXJvdXRlX25ld19pbnRlcnZpZXdfd2FybXVwIjp0cnVlLCJmZWF0dXJlX3Byb2dyYW1fYW5ub3VuY2VtZW50cyI6dHJ1ZSwiZmVhdHVyZV9nY3Nib19mcmVlIjp0cnVlLCJmZWF0dXJlX3BlcnNvbmFsaXplZF9xdWVzdHMiOmZhbHNlLCJmZWF0dXJlX2FsZXhhbmRyaWFfc3Vic2NyaXB0aW9uc19wYWdpbmF0aW9uIjp0cnVlLCJmZWF0dXJlX2Jhcmtlcl9wYXVzZSI6ZmFsc2UsImZlYXR1cmVfZW50aXR5X2FwaV9rZXlzIjp0cnVlLCJmZWF0dXJlX2hpZGVfcHJpY2UiOnRydWUsImZlYXR1cmVfaW5ub3ZhdG9yX21lbWJlcnNoaXAiOnRydWUsImZlYXR1cmVfc2VhcmNoX2F1dG9jb21wbGV0ZSI6dHJ1ZSwiZmVhdHVyZV9haV9za2lsbHMiOnRydWUsImZlYXR1cmVfaW5ub3ZhdG9yX3NpZ25faW4iOmZhbHNlLCJmZWF0dXJlX3NlYXJjaF9hc3luYyI6dHJ1ZSwiZmVhdHVyZV9hbGV4YW5kcmlhX3Nob3dfYnVuZGxlX2Vycm9ycyI6dHJ1ZSwiZmVhdHVyZV9jYXRhbG9nX2ZpbHRlcnNfYnV0dG9uIjp0cnVlLCJmZWF0dXJlX25ld19jYXJkcyI6dHJ1ZSwiZmVhdHVyZV9zaG93X2FubnVhbF9wdXJjaGFzZV9ub3ciOnRydWUsImZlYXR1cmVfY2hhdF9vZmZfZm9yX3NpZ25lZF9vdXRfdXNlcnMiOnRydWUsImZlYXR1cmVfY291cnNlX21vbmV0aXphdGlvbiI6dHJ1ZSwiZmVhdHVyZV9sYW5kaW5nX3BhZ2UiOnRydWUsImZlYXR1cmVfaW5ub3ZhdG9yX21lbWJlcnNoaXBfbW9kYWwiOnRydWUsImZlYXR1cmVfbGVhcm5pbmdfcGxhbl9zZWFyY2giOnRydWUsImZlYXR1cmVfbW9uc29vbl9xdW90YV92MiI6dHJ1ZSwiZmVhdHVyZV9kZWR1cF9iYWRnZSI6dHJ1ZSwiZmVhdHVyZV9yaXNlX3BvYyI6dHJ1ZSwiZmVhdHVyZV9jb3Vyc2VfYnVpbGRlciI6ZmFsc2UsImZlYXR1cmVfc2VhcmNoX3VwZGF0ZXMiOmZhbHNlLCJmZWF0dXJlX2FncmVzc2l2ZV9tb25zb29uX3F1b3RhIjp0cnVlLCJmZWF0dXJlX2xlYXJuZXJfcHJvZmlsZV91eCI6ZmFsc2UsImZlYXR1cmVfdGVsbF9uYXZ5X2FsbG93ZWRfem9uZXMiOnRydWUsImZlYXR1cmVfY2Fub25pY2FsX2RvbWFpbl9yZWRpcmVjdCI6dHJ1ZSwiZmVhdHVyZV9mZWVkYmFjayI6dHJ1ZSwiZmVhdHVyZV9ndWVzdF91c2VyIjp0cnVlLCJmZWF0dXJlX3NlYXJjaF9zb3J0X2J5Ijp0cnVlLCJmZWF0dXJlX29hdXRoX3Jpc2Nfc2h1dG9mZiI6dHJ1ZSwiZmVhdHVyZV90ZWFtcyI6dHJ1ZSwiZmVhdHVyZV9wZXJmX3Rlc3QiOmZhbHNlLCJmZWF0dXJlX3BlZXJfYXNzaWdubWVudCI6ZmFsc2UsImZlYXR1cmVfb25lX3RhcCI6dHJ1ZSwiZmVhdHVyZV91c2VkX2luIjp0cnVlLCJmZWF0dXJlX2NyZWRseV9pbnRlZ3JhdGlvbl9hbm5vdW5jZW1lbnRfbW9kYWwiOnRydWUsImZlYXR1cmVfYXV0b19jb3Vyc2VfdXBncmFkZSI6ZmFsc2UsImZlYXR1cmVfbW9uc29vbl9xdW90YSI6dHJ1ZSwiZmVhdHVyZV9vbnJhbXAiOnRydWUsImZlYXR1cmVfY2FjaGVfZXhwbG9yZV9wYWdlX3Jlc3VsdCI6dHJ1ZSwiZmVhdHVyZV9jb250ZW50X3Byb3ZpZGVyX2FkbWluIjp0cnVlLCJmZWF0dXJlX2xvZ19jb29raWVzIjpmYWxzZSwiZmVhdHVyZV90dXJibyI6ZmFsc2UsImZlYXR1cmVfc2hvd19pbnRlcnZpZXdfd2FybXVwIjp0cnVlLCJmZWF0dXJlX2hpZGVfdW5wb3B1bGFyX2ZpbHRlcnMiOnRydWUsImZlYXR1cmVfY3JlZGx5Ijp0cnVlLCJmZWF0dXJlX2lsdF9jb250ZW50X3Byb2dyYW0iOmZhbHNlLCJmZWF0dXJlX2FiX2NvbnRlbnRfZ2NwLW9uZGVtYW5kLWNvbnRlbnQvVC1HT09HQVYtQnxwcm9qZWN0LXNlZWtoby1wdWJsaWMtY2F0YWxvZ3wxLjB8MS4xIjpmYWxzZSwiZmVhdHVyZV9jb21tdW5pdHlfZm9ydW0iOmZhbHNlLCJmZWF0dXJlX2RldmVsb3Blcl9wcmVtaXVtIjp0cnVlLCJmZWF0dXJlX2hlYWRlcl9zZWFyY2hfYmFyIjp0cnVlLCJmZWF0dXJlX3N3aXRjaF9wYXRoX2FuZF9leHBsb3JlX2hlYWRlcnMiOnRydWUsImZlYXR1cmVfbmV3X3JlcG9ydF9maWVsZHMiOnRydWUsImZlYXR1cmVfc2VhcmNoX3N1Z2dlc3Rpb25zIjp0cnVlLCJmZWF0dXJlX2NyZWRseV9tYW5hZ2VtZW50IjpmYWxzZSwiZ3JvdXBfc3VhZG1pbnMiOmZhbHNlLCJncm91cF9ub25fc3VhZG1pbnMiOnRydWUsImdyb3VwX2FkbWlucyI6ZmFsc2UsImdyb3VwX3RyYWluZXJzIjpmYWxzZSwiZ3JvdXBfY29vcmRpbmF0b3JzIjpmYWxzZSwiZ3JvdXBfY3JlYXRvcnMiOmZhbHNlLCJncm91cF9zdHVkZW50cyI6dHJ1ZSwiZ3JvdXBfbm9uX29yZ2FuaXphdGlvbiI6dHJ1ZSwiZ3JvdXBfb3JnYW5pemF0aW9uX21lbWJlcnMiOmZhbHNlLCJncm91cF9ub25fcHJvZ3JhbSI6dHJ1ZSwiZ3JvdXBfZ29vZ2xlcnMiOmZhbHNlfQ==')); properties.event = 'user_properties'; dataLayer.push(properties); </script> <script> window.dataLayer = window.dataLayer || []; function gtag() { if (arguments[0] === 'event') { dataLayer.push({ event: arguments[1], eventParams: arguments[2] }, { eventParams: undefined }); } else { dataLayer.push(arguments); } } let gtmLoaded = false; function glueCookieNotificationBarLoaded() { if (!gtmLoaded) { (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer',"GTM-MBRHNDG7"); gtmLoaded = true; } } document.addEventListener('turbo:load', () => { dataLayer.push({ event: 'page_view' }); }); </script> <script src="https://cdn.qwiklabs.com/assets/hallofmirrors/polyfills/webcomponents-loader-2e147cb1679d97581f981243bfc2d1c03dc34a58.js"></script> <script src="https://cdn.qwiklabs.com/assets/vendor-5ee6eafe71fd3831091397e1aa344044a8642273.js"></script> <script src="https://cdn.qwiklabs.com/assets/application-b63927e009724d5e97f1947b71c466dab777dace.js"></script> <script src="https://cdn.qwiklabs.com/assets/hallofmirrors/hallofmirrors-b4e8637d49337c7ac1dbce61e0af43e14ac7c629.js"></script> <script src="https://support.google.com/inapp/api.js"></script> <script type='application/ld+json'> {"@context":"https://schema.org/","@id":"https://www.cloudskillsboost.google/course_templates/690","@type":"Course","name":"Google Security Operations - SIEM Rules","description":"Get hands-on experience applying and building rules for Chronicle. You learn what YARA-L is and how to customize \u0026 create event rules.","educationalLevel":"Beginner","image":["https://cdn.qwiklabs.com/assets/learning_plans/activity_thumbnail_course-151d92b9399572d2384c85c70f8596f22b2c18c2.png"],"provider":{"@type":"Organization","name":"Google Cloud","url":"https://cloud.google.com/learn"},"publisher":{"@type":"Organization","name":"Google Cloud Skills Boost","url":"https://cloudskillsboost.google"},"about":["Rules","Chronicle SIEM","YARA-L"],"teaches":[],"datePublished":"2024-05-07","inLanguage":"en","availableLanguage":["en"],"offers":[{"@type":"Offer","category":"Partially Free"},{"@type":"Offer","category":"Subscription"}],"hasCourseInstance":[{"@type":"CourseInstance","courseMode":"Online","courseWorkload":"PT4H15M"}],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.0","reviewCount":"1"}} </script> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="0flAEF50/OYuEJozyNQrBC55riTa6cRFLpnJm+2Spf/dKRx3ChbPFHl0Z/raQu6FjwaAHM2wiWiVTn01OKmq9w==" /> <meta content='width=device-width, initial-scale=1.0, user-scalable=yes' name='viewport'> <meta content='1rRsY0INj8RvwB5EF5pwdxt2A2P9aDgAlsICaJ0d5w0' name='google-site-verification'> <meta content='#3681E4' property='msapplication-TileColor'> <meta content='/favicon-144.png' property='msapplication-TileImage'> <meta content='{"userId":58295017,"experimentIds":["support_callouts","iw_ai_assistant","front_door_landing_page","reroute_new_interview_warmup","program_announcements","gcsbo_free","alexandria_subscriptions_pagination","entity_api_keys","hide_price","innovator_membership","search_autocomplete","ai_skills","search_async","alexandria_show_bundle_errors","catalog_filters_button","new_cards","show_annual_purchase_now","chat_off_for_signed_out_users","course_monetization","landing_page","innovator_membership_modal","learning_plan_search","monsoon_quota_v2","dedup_badge","rise_poc","agressive_monsoon_quota","tell_navy_allowed_zones","canonical_domain_redirect","feedback","guest_user","search_sort_by","oauth_risc_shutoff","teams","one_tap","used_in","credly_integration_announcement_modal","monsoon_quota","onramp","cache_explore_page_result","content_provider_admin","show_interview_warmup","hide_unpopular_filters","credly","developer_premium","header_search_bar","switch_path_and_explore_headers","new_report_fields","search_suggestions"]}' name='help-api-product-data'> <meta content='{"groupIds":["non_suadmins","students","non_organization","non_program"]}' name='help-api-custom-data'> <meta content='Get hands-on experience applying and building rules for Chronicle. You learn what YARA-L is and how to customize &amp; create event rules.' name='description'> <meta content='Qwiklabs' name='author'> <meta content='Google Security Operations - SIEM Rules | Google Cloud Skills Boost' property='og:title'> <meta content='website' property='og:type'> <meta content='/favicon-144.png' property='og:image'> <meta content='Qwiklabs' property='og:site_name'> <meta content='Get hands-on experience applying and building rules for Chronicle. You learn what YARA-L is and how to customize &amp; create event rules.' property='og:description'> <meta content='/qwiklabs_logo_900x887.png' property='og:logo' size='900x887'> <meta content='/qwiklabs_logo_994x187.png' property='og:logo' size='994x187'> <meta property="og:url" content="https://www.cloudskillsboost.google/paths/187/course_templates/690" /><link href="https://www.cloudskillsboost.google/paths/187/course_templates/690" rel="canonical" /> <link href='https://cdn.qwiklabs.com/X46FrQX4iLxHW5MxL8jICvgZM0evMEKscCeQO%2BazGdo%3D' rel='shortcut icon' type='image/x-icon'> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Oswald:400|Roboto+Mono:400,700|Roboto:300,400,500,700|Google+Sans:300,400,500,700|Google+Sans+Display:400|Material+Icons|Google+Material+Icons|Google+Sans+Text:400,500,700" media="screen" /> <link rel="stylesheet" href="https://cdn.qwiklabs.com/assets/application-695216663cb0699363a80338f91725185aa37b9c.css" media="all" /> <link rel="stylesheet" href="https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css" media="screen" /> <style> :root { --primary-text-on-surface-color: #0b57d0; --primary-text-on-surface-color-dark: #0a4eba; --primary-text-on-surface-color-darker: #0945a4; --primary-text-on-surface-color-darkest: #083c8f; --primary-surface-color: #0b57d0; --primary-surface-color-rgb: 11,87,208; --primary-surface-color-light: #cfe0fc; --primary-surface-color-lightest: #e7f0fe; --text-on-primary-color: #ffffff; --accent-text-on-surface-color: #f000e8; --accent-surface-color: #f9ab00; --accent-surface-color-rgb: 249,171,0; --accent-surface-color-light: #ffefcc; --text-on-accent-color: #202124; } </style> </head> <body class=' course-template-show-body course-layout-body l-full no-nav learner-layout-body '> <ql-drawer-container class='body-container'> <ql-drawer id='app-nav' mode='over' slot='drawer' width='288'> <div class='nav-panel__logo'> <div class="custom-logo"><img alt="Google Cloud Skills Boost" height="24" aria-label="Google Cloud Skills Boost" src="https://cdn.qwiklabs.com/PGyhmgS3zZncIEGywnx5UXsKwepRRFQ9BhAg%2FWHNrlQ%3D" /></div> </div> <nav class='ql-sidenav'> <ql-sidenav-item href='/catalog' icon='school' label='Explore'></ql-sidenav-item> <ql-sidenav-item active href='/paths' icon='playlist_add_check' label='Paths'></ql-sidenav-item> <ql-sidenav-item href='/subscriptions' icon='subscriptions' label='Subscriptions'></ql-sidenav-item> <ql-button class='outline-back' hairline icon='arrow_forward' label='Back' onclick='ql.toggleAppNav(false)'></ql-button> </nav> </ql-drawer> <ql-drawer-content class='body-content' slot='drawer-content'> <div class='sticky'> <ql-toolbar class='app-toolbar' jumpEnabled role='banner'> <div class='toolbar-navigation' slot='navigation'> <ql-toggle-button class='always-show' for='outline-drawer' icon='menu' id='menu-toggle' label='Toggle course outline' tip='Toggle course outline'></ql-toggle-button> </div> <div class='toolbar-title ql-title-medium' slot='title'><a class="custom-logo" aria-label="Google Cloud Skills Boost" href="/"><div class="custom-logo"><img alt="Google Cloud Skills Boost" height="24" aria-label="Google Cloud Skills Boost" src="https://cdn.qwiklabs.com/PGyhmgS3zZncIEGywnx5UXsKwepRRFQ9BhAg%2FWHNrlQ%3D" /></div></a> </div> <div class='toolbar-tabs' role='tablist' slot='tabs'><ql-tab href='/catalog' label='Explore'></ql-tab> <ql-tab href='/paths' label='Paths'></ql-tab> <ql-tab href='/subscriptions' label='Subscriptions'></ql-tab> <div class='search-bar-container'> <form class="header-search-form" action="/catalog" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓" autocomplete="off" /> <input autocomplete='off' class='header-search-input' id='searchbar-autocomplete' name='keywords' placeholder='Search'> <div class='elevation-3' id='searchbar-autocomplete-loading-icon'> <ql-spinner></ql-spinner> <div class='ql-body-small'>Loading...</div> </div> <div class='elevation-3' id='searchbar-autocomplete-no-results'> <div class='ql-body-small'>No results found.</div> </div> <ul class='hide' id='searchbar-autocomplete-menu'></ul> </form> <ql-icon-button class='search-bar-button' icon='search' label='Search for Cloud Skills Boost content'></ql-icon-button> <ql-icon-button class='exit-search-button' icon='close' label='Exit search'></ql-icon-button> </div> </div> <div class='toolbar-actions' slot='action'> <ql-icon-button icon='share' id='share_690' label='Share on social media' tip='Share'></ql-icon-button> <ql-menu for='share_690'> <ql-menu-item data-analytics-action='Shared to LinkedIn Feed.' data-analytics-category='CourseTemplate' data-analytics-label='Google Security Operations - SIEM Rules' href='https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.cloudskillsboost.google%2Fcourse_templates%2F690%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin%26utm_campaign%3Dql-social-share' icon='post_linkedin' label='Share on LinkedIn Feed' role='link' target='_blank'> <span class='label'>Share on LinkedIn Feed</span> </ql-menu-item> <ql-menu-item data-analytics-action='Shared to Twitter.' data-analytics-category='CourseTemplate' data-analytics-label='Google Security Operations - SIEM Rules' href='https://twitter.com/intent/tweet?text=Excited%20to%20share%20what%20I%E2%80%99m%20learning%20on%20%23GoogleCloudSkillsBoost&url=https%3A%2F%2Fwww.cloudskillsboost.google%2Fcourse_templates%2F690%3Futm_medium%3Dsocial%26utm_source%3Dtwitter%26utm_campaign%3Dql-social-share&hashtags=' icon='post_twitter' label='Twitter' role='link' target='_blank'> <span class='label'>Twitter</span> </ql-menu-item> <ql-menu-item data-analytics-action='Shared to Facebook.' data-analytics-category='CourseTemplate' data-analytics-label='Google Security Operations - SIEM Rules' href='https://facebook.com/sharer.php?display=popup&u=https%3A%2F%2Fwww.cloudskillsboost.google%2Fcourse_templates%2F690%3Futm_medium%3Dsocial%26utm_source%3Dfacebook%26utm_campaign%3Dql-social-share' icon='post_facebook' label='Facebook' role='link' target='_blank'> <span class='label'>Facebook</span> </ql-menu-item> <ql-copyable-input label='Share Link' value='https://www.cloudskillsboost.google/course_templates/690'></ql-copyable-input> </ql-menu> <ql-icon-button class='header-search-button' icon='search' label='Search for Cloud Skills Boost content' tip='Search'></ql-icon-button> <ql-icon-button class='mobile-hide' icon='help_outline' id='help-menu-button' label='Open help menu' tip='Help'></ql-icon-button> <ql-menu for='help-menu-button' id='help-menu'> <ql-menu-item data-analytics-action='opened_help' data-analytics-label='course' label='Help Center' onclick='hallofmirrors.helpService.startHelp({"productData":{"userId":58295017},"context":"course"})'></ql-menu-item> <ql-menu-item href='mailto:support@qwiklabs.com' label='Email support'></ql-menu-item> <ql-menu-item label='Send feedback' onclick='userfeedback.api.startFeedback( { 'productId': '5080217', 'enableAnonymousFeedback': true, 'authuser': 'undefined', 'locale': 'en' }, { 'user_id': '58295017', 'current_organization': '' })'></ql-menu-item> <ql-menu-item href='https://reportingwidget.google.com/widget/54?cid=1&url=https://www.cloudskillsboost.google/paths/187/course_templates/690?' label='Report Illegal Content'></ql-menu-item> </ql-menu> <ql-icon-button class='mobile-hide' icon='language' id='language' label='Select your language preference' tip='Language'></ql-icon-button> <ql-menu for='language'> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='ar' href='/paths/187/course_templates/690?locale=ar' label='العربية‬‎' lang='ar'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='de' href='/paths/187/course_templates/690?locale=de' label='Deutsch' lang='de'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='en' href='/paths/187/course_templates/690?locale=en' label='English' lang='en'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='es' href='/paths/187/course_templates/690?locale=es' label='español (Latinoamérica)' lang='es'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='fr' href='/paths/187/course_templates/690?locale=fr' label='français' lang='fr'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='fr_CA' href='/paths/187/course_templates/690?locale=fr_CA' label='français (Canada)' lang='fr-CA'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='he' href='/paths/187/course_templates/690?locale=he' label='עברית' lang='he'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='id' href='/paths/187/course_templates/690?locale=id' label='bahasa Indonesia' lang='id'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='it' href='/paths/187/course_templates/690?locale=it' label='italiano' lang='it'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='ja' href='/paths/187/course_templates/690?locale=ja' label='日本語' lang='ja'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='ko' href='/paths/187/course_templates/690?locale=ko' label='한국어' lang='ko'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='pl' href='/paths/187/course_templates/690?locale=pl' label='polski' lang='pl'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='pt_BR' href='/paths/187/course_templates/690?locale=pt_BR' label='português (Brasil)' lang='pt-BR'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='pt_PT' href='/paths/187/course_templates/690?locale=pt_PT' label='português (Portugal)' lang='pt-PT'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='ru' href='/paths/187/course_templates/690?locale=ru' label='русский' lang='ru'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='tr' href='/paths/187/course_templates/690?locale=tr' label='Türkçe' lang='tr'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='uk' href='/paths/187/course_templates/690?locale=uk' label='українська' lang='uk'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='zh' href='/paths/187/course_templates/690?locale=zh' label='简体中文' lang='zh'></ql-menu-item> <ql-menu-item data-analytics-action='changed_locale' data-analytics-label='zh_TW' href='/paths/187/course_templates/690?locale=zh_TW' label='繁體中文' lang='zh-TW'></ql-menu-item> </ql-menu> <ql-button class='mobile-hide' data-analytics-action='clicked_header_sign_in' href='/users/sign_in' label='Sign in' text></ql-button> <ql-button data-analytics-action='clicked_header_join' href='/users/sign_up' label='Join'></ql-button> <script src='https://accounts.google.com/gsi/client'></script> <div data-authenticity_token='Y9YLcNFnURJHeuUyZ5xjWYcgbR/mQpcuUrg2+9g+qlhvBlcXhQVi4BAeGPt1CqbYJl9DJ/Eb2gPpb4JVDQWlUA==' data-cancel_on_tap_outside='false' data-client_id='1023251155897-tb54g624q9e77gtsrnemgv4c2ihekurv.apps.googleusercontent.com' data-login_uri='/auth/google?tos=false' data-prompt_parent_id='g_id_onload' data-turbo='false' id='g_id_onload'></div> </div> </ql-toolbar> <div id='callout-container'> </div> </div> <div class='page-header'> <ql-toolbar class='page-toolbar'> <h1 class='toolbar-title ql-title-medium' slot='title'>Google Cloud Skills Boost</h1> <div class='toolbar-actions' slot='action'></div> </ql-toolbar> <div class='page-banner js-page-banner'> <div class='content'><span> Your Learning progress might get lost. <a href="/users/sign_in">Sign in</a> or <a href="/users/sign_up">Join</a> to save your progress. </span> </div> <ql-icon-button class='js-close-banner'>close</ql-icon-button> </div> </div> <main id='jump-content'> <ql-drawer-container class='course-container'> <ql-drawer class='course-drawer course-drawer-left' id='outline-drawer' localStorageId='course-outline' open responsive='965' slot='drawer' width='240'> <div class='course-outline-header'> <ql-button class='main-menu' icon='arrow_back' label='Main menu' onclick='ql.toggleAppNav()' text></ql-button> <div class='course-info'> <h2 class='ql-title-medium learning-path-idx'>03</h2> <h2 class='ql-title-medium'> Google Security Operations - SIEM Rules </h2> </div> </div> <ql-course-outline coursePath='/paths/187/course_templates/690' modules='[{"id":"69632","title":"Using the Chronicle Platform","description":null,"steps":[{"id":"480157","prompt":null,"isOptional":false,"activities":[{"id":"472959","href":"/paths/187/course_templates/690/labs/472959","isLocked":false,"duration":3600000,"title":"Chronicle SIEM: Introduction \u0026 Single Event Rules","description":"In this lab you perform basic configuration tasks within a Chronicle environment instance.","type":"lab","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480158","prompt":null,"isOptional":true,"activities":[{"id":"472960","href":"/paths/187/course_templates/690/quizzes/472960","isLocked":false,"duration":3000000,"title":"Chronicle SIEM: Introduction \u0026 Single Event Rules Quiz","description":null,"type":"quiz","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480159","prompt":null,"isOptional":false,"activities":[{"id":"472961","href":"/paths/187/course_templates/690/labs/472961","isLocked":false,"duration":5400000,"title":"Chronicle SIEM: Multi Event Rules","description":"In this lab you will learn more about Multi Event Rules of the Chronicle security solution.","type":"lab","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480160","prompt":null,"isOptional":true,"activities":[{"id":"472962","href":"/paths/187/course_templates/690/quizzes/472962","isLocked":false,"duration":3000000,"title":"Chronicle SIEM: Multi Event Rules Quiz","description":null,"type":"quiz","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480161","prompt":null,"isOptional":false,"activities":[{"id":"472963","href":"/paths/187/course_templates/690/labs/472963","isLocked":false,"duration":5400000,"title":"Chronicle SIEM: Outcomes \u0026 Functions","description":"In this lab you will learn more about Outcomes and Functions of the Chronicle security solution.","type":"lab","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480162","prompt":null,"isOptional":true,"activities":[{"id":"472964","href":"/paths/187/course_templates/690/quizzes/472964","isLocked":false,"duration":3000000,"title":"Chronicle SIEM: Outcomes \u0026 Functions Quiz","description":null,"type":"quiz","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":true},{"id":"next-steps","title":"Your Next Steps","description":null,"steps":[{"id":"badge-step","prompt":null,"isOptional":true,"activities":[{"id":"badge","href":null,"isLocked":true,"duration":null,"title":"Course Badge","description":null,"type":"badge","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":true}]'></ql-course-outline> </ql-drawer> <ql-drawer-content class='course-activity' slot='drawer-content'> <div class='course-activity-header'> <div class='breadcrumbs ql-label-medium'> <a id="path_name" href="/paths/187">Path</a> <ql-icon>navigate_next</ql-icon> <a id="course_name" href="/paths/187/course_templates/690">Course</a> <ql-icon>navigate_next</ql-icon> Overview </div> </div> <div class='course-activity-content'> <div class='course-wrapper'> <div class='course-top-matter'> <div class='course-title'> <ql-activity-label activity='course'></ql-activity-label> <div class='title-text'> <h2 class='ql-display-small learning-path-idx'>03</h2> <h1 class='ql-display-small'>Google Security Operations - SIEM Rules</h1> </div> </div> <div class='course-progress'> </div> <div class='course-skills'> <div class='course-skills-chips'> <ql-icon class='course-skills-icon'>magic_button</ql-icon> <ql-chip gradient> Rules </ql-chip> <ql-chip gradient> Chronicle SIEM </ql-chip> <ql-chip gradient> YARA-L </ql-chip> </div> <div class='course-skills-disclaimer'> These skills were generated by A.I. Do you agree this course teaches these skills? <ql-icon-button class='course-skills-button' href='/course_templates/690/review_skills?response_ids%5B%5D=53158952&response_ids%5B%5D=53158953&response_ids%5B%5D=53158954&score=1' icon='thumb_up_alt' method='post'></ql-icon-button> <ql-icon-button class='course-skills-button' icon='thumb_down_alt' onclick='document.querySelector('#skills_survey_modal').open();'></ql-icon-button> </div> <ql-dialog class='skills_survey_modal' id='skills_survey_modal' noDefaultAction> <ql-ai-feedback allowBlankSubmit disclaimer='Note: If you don't provide feedback, you acknowledge that the course successfully teaches the specified skills.' itemResponses='[{"id":"53158952","surveyItem":{"id":"567","stem":"Rules"},"feedbackFreeText":"","feedbackCategories":[],"submitted":false},{"id":"53158953","surveyItem":{"id":"568","stem":"Chronicle SIEM"},"feedbackFreeText":"","feedbackCategories":[],"submitted":false},{"id":"53158954","surveyItem":{"id":"569","stem":"YARA-L"},"feedbackFreeText":"","feedbackCategories":[],"submitted":false}]' rating='downvote'></ql-ai-feedback> </ql-dialog> </div> <div class='course-details'> <span class='course-detail'> <ql-icon icon='date_range'></ql-icon> 4 hours 15 minutes </span> <span class='course-detail'> <ql-icon icon='show_chart'></ql-icon> Introductory </span> <span class='course-detail'> <ql-icon>universal_currency_alt</ql-icon> 3 Credits </span> </div> <div class='course-description'>Get hands-on experience applying and building rules for Chronicle. You learn what YARA-L is and how to customize & create event rules.</div> <div class='course-badge-buttons'> <div class='course-badge-buttons__text-badge-section'> <div class='course-badge-buttons__text'> <p>When you complete this course, you can earn the badge displayed here! View all the badges you have earned by visiting your profile page. Boost your cloud career by showing the world the skills you have developed!</p> </div> <div class='course-badge-buttons__badge'> <div class='course-badge'> <img alt="Badge for Google Security Operations - SIEM Rules" src="https://cdn.qwiklabs.com/NxFG1sSnAqVjTSYTaALe4rbIUVbmjm68xjsQ56ZLfUo%3D" /> </div> </div> </div> <div class='course-badge-buttons__buttons'> </div> </div> </div> <div class='course-curriculum'> <ql-course courseId='14431' modules='[{"id":"69632","title":"Using the Chronicle Platform","description":null,"steps":[{"id":"480157","prompt":null,"isOptional":false,"activities":[{"id":"472959","href":"/paths/187/course_templates/690/labs/472959","isLocked":false,"duration":3600000,"title":"Chronicle SIEM: Introduction \u0026 Single Event Rules","description":"In this lab you perform basic configuration tasks within a Chronicle environment instance.","type":"lab","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480158","prompt":null,"isOptional":true,"activities":[{"id":"472960","href":"/paths/187/course_templates/690/quizzes/472960","isLocked":false,"duration":3000000,"title":"Chronicle SIEM: Introduction \u0026 Single Event Rules Quiz","description":null,"type":"quiz","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480159","prompt":null,"isOptional":false,"activities":[{"id":"472961","href":"/paths/187/course_templates/690/labs/472961","isLocked":false,"duration":5400000,"title":"Chronicle SIEM: Multi Event Rules","description":"In this lab you will learn more about Multi Event Rules of the Chronicle security solution.","type":"lab","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480160","prompt":null,"isOptional":true,"activities":[{"id":"472962","href":"/paths/187/course_templates/690/quizzes/472962","isLocked":false,"duration":3000000,"title":"Chronicle SIEM: Multi Event Rules Quiz","description":null,"type":"quiz","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480161","prompt":null,"isOptional":false,"activities":[{"id":"472963","href":"/paths/187/course_templates/690/labs/472963","isLocked":false,"duration":5400000,"title":"Chronicle SIEM: Outcomes \u0026 Functions","description":"In this lab you will learn more about Outcomes and Functions of the Chronicle security solution.","type":"lab","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false},{"id":"480162","prompt":null,"isOptional":true,"activities":[{"id":"472964","href":"/paths/187/course_templates/690/quizzes/472964","isLocked":false,"duration":3000000,"title":"Chronicle SIEM: Outcomes \u0026 Functions Quiz","description":null,"type":"quiz","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":true},{"id":"next-steps","title":"Your Next Steps","description":null,"steps":[{"id":"badge-step","prompt":null,"isOptional":true,"activities":[{"id":"badge","href":null,"isLocked":true,"duration":null,"title":"Course Badge","description":null,"type":"badge","isComplete":false,"inProgress":false,"score":null,"disabled":false}],"isComplete":false,"isTestedOut":false,"allActivitiesRequired":false}],"expanded":true}]'></ql-course> <ql-collapsible class='course-info'> <div class='course-info-header' slot='header'> <ql-icon>info</ql-icon> <div class='ql-title-medium'>Course Info</div> </div> <div class='ql-body-medium' slot='collapsible'> <ql-expandable-list> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Available languages</div> </div> <div class='ql-body-medium' slot='collapsible'> English </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>What do I do when I finish this course?</div> </div> <div class='ql-body-medium' slot='collapsible'> After finishing this course, you can explore additional content in your learning path or browse the catalog. </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>What badges can I earn?</div> </div> <div class='ql-body-medium' slot='collapsible'> Upon finishing the required items in a course, you will earn a badge of completion. Badges can be viewed on your profile and shared with your social network. </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Interested in taking this course with one of our authorized on-demand partners? </div> </div> <div class='ql-body-medium' slot='collapsible'> Explore Google Cloud content on <a href="https://www.coursera.org/googlecloud" target="_blank"> Coursera </a> and <a href="https://www.pluralsight.com/authors/google-cloud" target="_blank"> Pluralsight. </a> </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Prefer learning with an instructor? </div> </div> <div class='ql-body-medium' slot='collapsible'> View the public classroom schedule <a href="https://cloud.google.com/training/courses" target="_blank"> here. </a> </div> </ql-collapsible> <ql-collapsible> <div slot='header'> <div class='ql-title-small'>Can I take this course for free?</div> </div> <div class='ql-body-medium' slot='collapsible'> When you enroll into most courses, you will be able to consume course materials like videos and documents for free. If a course consists of labs, you will need to purchase an individual subscription or credits to be able consume the labs. Labs can also be unlocked by any campaigns you participate in. All required activities in a course must be completed to be awarded the completion badge. </div> </ql-collapsible> </ql-expandable-list> </div> </ql-collapsible> </div> </div> </div> </ql-drawer-content> </ql-drawer-container> </main> <footer class='application-footer'> <a target="_blank" href="/privacy_policy">Privacy</a> <a href="/terms_of_service">Terms</a> <a class='glue-cookie-notification-bar-control'>Manage cookies</a> <div class='powered-by'> <span aria-hidden>Powered by</span> <img alt="Powered by Qwiklabs" src="https://cdn.qwiklabs.com/assets/qwiklabs_logo_grayscale-253167e4722753ac463e99dbda9945e0db4a7f88.svg" /> </div> </footer> </ql-drawer-content> </ql-drawer-container> <span class='hidden' id='flash-sibling-before'></span> <ql-snackbar></ql-snackbar> <script data-glue-cookie-notification-bar-category='2A' src='https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.js'></script> <ql-dialog dismissalLabel='Cancel' headline='A newer version of this course is available. Your progress will carry over if you choose to upgrade. However, your completion percentage may change if the new version has added or removed any learning activities. Click the preview button to see the course changes before upgrading.' icon='error' id='course-session-upgrade-modal'> <ql-button href='/paths/187/course_templates/690/preview' label='Preview' slot='action'> Preview </ql-button> </ql-dialog> <script> document.addEventListener("turbo:load", function () { ql.initMaterialInputs(); initChosen(); initTabs(); ql.list.init(); ql.favoriting.init(); ql.header.myAccount.init(); initTooltips(); ql.autocomplete.init(); ql.modals.init(); ql.toggleButtons.init(); ql.analytics.init(); Turbo.session.drive = false; ql.aiFeaturesSurvey.init(); ql.course_resize_layout.init("Google SIEM & SOAR Learning Path", "Path", "Google Security Operations - SIEM Rules", "Course", ""); ql.searchHeader.init(); (new ql.searchAutocomplete()).init({forHeader: true, topSuggestions: [{"label":"machine learning"},{"label":"cloud architecture"},{"label":"generative ai"},{"label":"data analyst"},{"label":"security fundamentals"}]}); ql.messages.init(); ql.jumpContent.init(); }, {once: true}); </script> </body> </html>

CINXE.COM

Google Security Operations - SIEM Rules | Google Cloud Skills Boost