google/chronicle-alerts Dashboards | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Search Archives Contacting Support

google/chronicle-alerts Dashboards

chronicle-alerts

The Chronicle Alerts dashboard provides comprehensive security alert monitoring through integrated alert visualizations. This dashboard enables tracking of security incidents, analysis of alert patterns, and investigation of threat detections across the Chronicle security environment.

chronicle-alerts

The Chronicle Alerts dashboard provides comprehensive security alert monitoring through integrated alert visualizations. This dashboard enables tracking of security incidents, analysis of alert patterns, and investigation of threat detections across the Chronicle security environment.

Widget	Description	Type
Frequent Hashes in Chronicle Alerts (Top 7)	List that displays the hashes that have been seen the most within Chronicle alerts Hide Query Show Query logscale `rename(field=udmEvent.target.process.file.sha256, as="SHA-256") \| top("SHA-256", limit=7) \| rename(field="_count", as="Count")`	`Table`
Most Recent Files in Chronicle Alerts	A table that shows the most recent files seen in alerts Hide Query Show Query logscale `rename(field="udmEvent.target.process.file.fullPath", as="File Path") \| rename(field="udmEvent.target.process.file.sha256", as="SHA-256") \| rename(timestamp, as="Time") \| table(["File Path", "SHA-256", "Time"], sortby=Time, limit=7)`	`Table`
Chronicle Alert Event Types (Top 10)	A chart that shows the most common UDM event types of each alert Hide Query Show Query logscale `top("udmEvent.metadata.eventType", limit=10, rest="Other")`	`Pie Chart`
Chronicle Alerts by Severity	A pie chart that shows the percentage of alerts per severity Hide Query Show Query logscale `top(severity, limit=5, rest="Other")`	`Pie Chart`
Most Recent Chronicle Alerts	A table that displays up to 10 recent alerts Hide Query Show Query logscale `rename(field="description", as="Description") \| rename(field="severity", as="Severity") \| rename(field="name", as="Rule") \| rename(field="timestamp", as="Time") \| rename(field="udmEvent.principal.hostname", as="Hostname") \| rename(field="udmEvent.metadata.eventType", as="Event Type") \| table(["Severity", "Rule", "Time", "Hostname", "Event Type", "Description"], sortby=Time, limit=10)`	`Table`
Total Chronicle Alerts	The number of total Chronicle Alerts Hide Query Show Query logscale `count()`	`Gauge`
Chronicle Alert Timeline	A timeline of all alerts seen in Chronicle divided by hostname Hide Query Show Query logscale `timechart(udmEvent.principal.hostname)`	`Time Chart`
Chronicle Alert Sources (Top 10)	A graph that shows the top data sources for Chronicle alerts Hide Query Show Query logscale `top(udmEvent.metadata.productName, limit=10, rest="Other")`	`Pie Chart`
Chronicle Alerts by Hostname (Top 10)	A chart that displays the percentage of alerts seen by Chronicle that correspond to each hostname Hide Query Show Query logscale `top("udmEvent.principal.hostname", limit=10, rest="Other")`	`Pie Chart`

Enter search term