Table of Contents:
This article describes the required prerequisites and procedure(s) to ingest raw logs to Chronicle from multiple sources.
Resolution Intelligence Cloud enables you to send events or alert logs from multiple ingestion sources such as Google Cloud Platform, Amazon AWS, Microsoft Azure, CrowdStrike, Falcon and 950+ other cloud services to Chronicle where they are parsed, enriched, and updated with context to notify SOC analyst if there is a potential threat possess to your IT environment.
Chronicle Feed Setup
Prerequisites
Before you begin ingesting data, ensure that you have integrated Chronicle with the Resolution Intelligence Cloud.
Required Permissions
- Owner
- Global Admin
- A user with Manager role
- Configuration Manager
Setting up feeds for Chronicle
To configure feeds,
- Login to Resolution Intelligence with your credentials
- Click gear icon at the top right of header or hover over burger menu at the top left corner then navigate to Configurations --> Log & Data Ingestion
- Click any tile that you would like to ingest logs
- Under Storage Path, in Log Storage Path field, enter a required URL
- Under Feed Options,
- In URL is field, select any of the following:
- Single File: The URL points to a single blob that will be ingested with each execution of the feed
- Directory: The URL points to a directory. All files contained within the directory will be ingested with each execution of the feed
- Directory which includes subdirectory: The URL points to a Blob Storage container
- In Source Deletion Options, select any of the following:
- Never Delete Files: Files will not be removed
- Delete Transferred Files and empty disk: Transferred files will be removed and empties disk space
- Delete Transferred Files: Only transferred files will be removed
- In Ingestion Labels, enter label and value (optional)
- In URL is field, select any of the following:
- Click Save
Comments
0 comments
Please sign in to leave a comment.