Skip to main content

List Device Events - Chronicle

This Playbook is part of the Google SecOps Pack.#

This playbook receives ChronicleAsset identifier information and provides a list of events related to each one of them. Supported integration: Chronicle, Google SecOps

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Chronicle
  • Google SecOps

Scripts#

  • DeleteContext

Commands#

  • gcb-list-events

Playbook Inputs#


NameDescriptionDefault ValueRequired
chronicleasset_hostnameThe hostname associated with the ChronicleAsset.Optional
chronicleasset_ipThe IP address associated with the ChronicleAsset.Optional
chronicleasset_macThe MAC address associated with the ChronicleAsset.Optional
chronicleasset_product_idThe product ID associated with the ChronicleAsset.Optional

Playbook Outputs#


PathDescriptionType
GoogleChronicleBackstory.EventsList of events associated with the ChronicleAsset.unknown

Playbook Image#


List Device Events - Chronicle