In order to narrow down the detection data sent from Nebula, you can utilize the search parameters available in Google Chronicle SIEM. This allows you to precisely filter and access the required information.
To search for Nebula data in the Google Chronicle SIEM platform:
- Go to Investigation > SIEM Search.
- Enter the following string into the search field:
metadata.vendor_name = "Malwarebytes" and metadata.log_type = "MALWAREBYTES_EDR"
- Select the desired date parameter.
- Click Run Search.
- Click on the Events tab.
- The data ingested from Nebula is displayed using a Unified Data Model in Google Chronicle SIEM.
Return to the Nebula integration with Google Chronicle SIEM section.