Currently only v2 of the ingestion API is supported
Before setting up the Chronicle destination, ensure you have a Google Cloud account and access to the Chronicle security analytics platform. More details on setting this up can be found in the Google Cloud documentation here.
|The endpoint for sending to chronicle.
|Method used for authenticating to Google Cloud: auto, json, file.
|JSON value from a Google Service Account credential file. Required if Authentication Method is set to 'json'.
|Path to a Google Service Account credential file on the collector system. Required if Authentication Method is set to 'file'.
|Type of log to be sent to Chronicle. The Supported Log Types can be seen here.
|The customer ID used for sending logs.
|Raw Log Field
|The OTTL formatted field name that contains the raw log data.
attributes["log_type"] field is present in the log, and maps to a known Chronicle
log_type the exporter will use the value of that field as the log type. If the
attributes["log_type"] field is not present, the exporter will use the value of the
log_type configuration field as the log type.
This exporter requires a Google Cloud service account with access to the Chronicle API. The service account must have access to the endpoint specfied in the config. Besides the default endpoint (https://malachiteingestion-pa.googleapis.com), there are also regional endpoints that can be used here.
For additional information on accessing Chronicle, see the Chronicle documentation.
Supported Retry and Queuing Settings
This destination supports the following retry and queuing settings:
|Retry on Failure
This configuration sets up the Chronicle destination with necessary details such as region, authentication method, credentials, and log type.