{"course":{"productid":34394,"modality":1,"active":true,"language":"fr","title":"Chronicle SIEM Fundamentals","productcode":"CSIEMF","vendorcode":"FL","vendorname":"Fast Lane","fullproductcode":"FL-CSIEMF","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/training-csiemf","objective":"<p>Explore the essentials of Chronicle, a powerful Security Information and Event Management (SIEM) solution offered as a cloud service on the robust Google infrastructure. The Chronicle Fundamentals course provides an in-depth overview of the key functionalities, data analysis capabilities, and security aspects of Chronicle SIEM.<\/p>\n<ul>\n<li>Chronicle Access &ndash; Role-Based Access Control (RBAC) in Chronicle. Why Audit logging is important and how to implement it in your Chronicle instance.<\/li><li>Learn about Raw Log Search and UDM Search, how to use Search for investigation.<\/li><li>Chronicle Data On Boarding: forwarders, feed management, ingestion API, and direct ingestion.<\/li><li>Introduction to Chronicle Parsers &ndash; What is a parser, versioning, and parser extension.<\/li><li>Walkthrough of Chronicle Curated Detection rules.<\/li><li>Navigating Alerts using the Alert Graph: Entity data, releted alerts, alert context.<\/li><li>Learn about Entity data &ndash; Data enrichment in Chronicle, Entity types (Users &amp; Assets), Resources, Geo IP Enrichment.<\/li><li>Advanced Search Capabilities: Reference Lists, Group Fields, Pivot, Search for Alerts.<\/li><li>Parsing data in Chronicle &ndash; What are parsers and how can we manage them: Parser update, versioning, parser extensions.<\/li><li>Building rules for Chronicle: YARA-L 2.0 syntax, Rules UI, Single event rules, Multi-event rules, using entity data in rules, Outcomes, Functions &amp; Lists, best practice.<\/li><li>Building dashboards in Chronicle.<\/li><\/ul>","essentials":"<p>Basic knowledge about what is SIEM &amp; SOAR<\/p>","audience":"<p>Individuals who need a basic introduction to Chronicle SIEM<\/p>","contents":"<ul>\n<li>Module 1: Chronicle Access<\/li><li>Module 2: Searching with Chronicle<br\/>Hands-On: Raw Log &amp; UDM Search<\/li><li>Module 3: Chronicle Data On Boarding<br\/>Hands-On: Collect Linux Syslog<\/li><li>Module 4: Parsing Data In Chronicle<\/li><li>Module 5: Curated Detections<\/li><li>Module 6: Visualizing Alerts With Chronicle<br\/>Hands-On: Navigating and Reviewing using Alert Graph<\/li><li>Module 7: Entity Graph<br\/>Hands-On: Search &ndash; Asset\\User Enrichment<\/li><li>Module 8: Advance Searching With Chronicle<br\/>Hands-On: Advanced Search<\/li><li>Module 9: Building Rules For Chronicle<br\/>Hands-On: Building Rules<\/li><li>Module 10: Visualizing Alerts (Advance)<\/li><li>Module 11: Entity Graph (Advance)<\/li><li>Module 12: Visualizing Data in Chronicle Hands-On: Building Dashboard In Chronicle<\/li><\/ul>","objective_plain":"Explore the essentials of Chronicle, a powerful Security Information and Event Management (SIEM) solution offered as a cloud service on the robust Google infrastructure. The Chronicle Fundamentals course provides an in-depth overview of the key functionalities, data analysis capabilities, and security aspects of Chronicle SIEM.\n\n\n- Chronicle Access \u2013 Role-Based Access Control (RBAC) in Chronicle. Why Audit logging is important and how to implement it in your Chronicle instance.\n- Learn about Raw Log Search and UDM Search, how to use Search for investigation.\n- Chronicle Data On Boarding: forwarders, feed management, ingestion API, and direct ingestion.\n- Introduction to Chronicle Parsers \u2013 What is a parser, versioning, and parser extension.\n- Walkthrough of Chronicle Curated Detection rules.\n- Navigating Alerts using the Alert Graph: Entity data, releted alerts, alert context.\n- Learn about Entity data \u2013 Data enrichment in Chronicle, Entity types (Users & Assets), Resources, Geo IP Enrichment.\n- Advanced Search Capabilities: Reference Lists, Group Fields, Pivot, Search for Alerts.\n- Parsing data in Chronicle \u2013 What are parsers and how can we manage them: Parser update, versioning, parser extensions.\n- Building rules for Chronicle: YARA-L 2.0 syntax, Rules UI, Single event rules, Multi-event rules, using entity data in rules, Outcomes, Functions & Lists, best practice.\n- Building dashboards in Chronicle.","essentials_plain":"Basic knowledge about what is SIEM & SOAR","audience_plain":"Individuals who need a basic introduction to Chronicle SIEM","contents_plain":"- Module 1: Chronicle Access\n- Module 2: Searching with Chronicle\nHands-On: Raw Log & UDM Search\n- Module 3: Chronicle Data On Boarding\nHands-On: Collect Linux Syslog\n- Module 4: Parsing Data In Chronicle\n- Module 5: Curated Detections\n- Module 6: Visualizing Alerts With Chronicle\nHands-On: Navigating and Reviewing using Alert Graph\n- Module 7: Entity Graph\nHands-On: Search \u2013 Asset\\User Enrichment\n- Module 8: Advance Searching With Chronicle\nHands-On: Advanced Search\n- Module 9: Building Rules For Chronicle\nHands-On: Building Rules\n- Module 10: Visualizing Alerts (Advance)\n- Module 11: Entity Graph (Advance)\n- Module 12: Visualizing Data in Chronicle Hands-On: Building Dashboard In Chronicle","skill_level":"Intermediate","version":"1.0","duration":{"unit":"d","value":3,"formatted":"3 jours"},"pricelist":{"List Price":{"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":2995},"AT":{"country":"AT","currency":"EUR","taxrate":20,"price":2995},"SE":{"country":"SE","currency":"EUR","taxrate":25,"price":2995},"GB":{"country":"GB","currency":"GBP","taxrate":20,"price":2595},"SI":{"country":"SI","currency":"EUR","taxrate":20,"price":2995},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":2995}}},"lastchanged":"2025-10-20T09:26:48+02:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course-schedule\/34394","source_lang":"fr","source":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course\/training-csiemf"}}