This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question
mccrilb
Silver 1
Silver 1
Since ‎06-16-2022
Friday

My Stats

  • 107 Posts
  • 3 Solutions
  • 39 Likes given
  • 29 Likes received

Yugali's Bio

Badges mccrilb Earned

View all badges

Recent Activity

KQL Queries in Azure?

2 weeks ago
for example:AzureActivity| where Caller in (```user```)| where SubscriptionId == "subscriptionID"| where ResourceGroup in (```Resource Group```) Is there a way to do this now, or a feature in the works? We use KQL queries in "Execute a custom hunting...

GoogleChronicle_Is Value In Reference List

3 weeks ago
This function no longer seems to be working correctly. We use this in several playbooks all of which are no longer functioning correctly.

Data Tables

3 weeks ago
This showed up in our SIEM today. I have been trying to figure this out. I can get it to work in a UDM search, but not in a rule.UDMprincipal.hostname in regex %CCF_SM_WINDOWS_Hack_Tools_CommandLine_Group1_Exclude.Hostname nocasetarget.process.file.f...

ZScaler Integration

04-03-2025
There is a major issue with this. I have opened a ticket.For the Add to Blacklist function:if the URL entity contains http or https the function does not remove the http or https and then validate and block the URL. Instead it parses out the domain a...

Rule chaining

03-20-2025
https://cloud.google.com/chronicle/docs/detection/rule-chaining?hl=en#single_event_detection_rulesHas anyone worked with this function? I did open a ticket, when I create the consumer rule I am seeing this errorparsing: error with token: "detection" ...
View more
OSZAR »