Explore the essentials of Chronicle, a powerful Security Information and Event Management (SIEM) solution offered as a cloud service on the robust Google infrastructure. The Chronicle Fundamentals course provides an in-depth overview of the key functionalities, data analysis capabilities, and security aspects of Chronicle SIEM.

Chronicle Access – Role-Based Access Control (RBAC) in Chronicle. Why Audit logging is important and how to implement it in your Chronicle instance.
Learn about Raw Log Search and UDM Search, how to use Search for investigation.
Chronicle Data On Boarding: forwarders, feed management, ingestion API, and direct ingestion.
Introduction to Chronicle Parsers – What is a parser, versioning, and parser extension.
Walkthrough of Chronicle Curated Detection rules.
Navigating Alerts using the Alert Graph: Entity data, releted alerts, alert context.
Learn about Entity data – Data enrichment in Chronicle, Entity types (Users & Assets), Resources, Geo IP Enrichment.
Advanced Search Capabilities: Reference Lists, Group Fields, Pivot, Search for Alerts.
Parsing data in Chronicle – What are parsers and how can we manage them: Parser update, versioning, parser extensions.
Building rules for Chronicle: YARA-L 2.0 syntax, Rules UI, Single event rules, Multi-event rules, using entity data in rules, Outcomes, Functions & Lists, best practice.
Building dashboards in Chronicle