TechQA.

YARA-L Rule - Chronicle

19 views Asked by At

I need to create a rule in this language that will trigger an alert every time a new user is created in GCP.

I need the rule to be suitable for the Chronicle environment.

I tried to do this -

rule new_user_creation{
    
    meta:
        author = "test"
        description = "Alert when a new user created"

    events:
        $create.target.user.userid = $user
        $create.metadata.event_type = "USER_CREATION"

    condition:
        $create

}

Thank you

chronicle
Original Q&A
0

There are 0 answers

Related Questions in CHRONICLE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions