google/chronicle-alerts Dashboards | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

google/chronicle-alerts Dashboards

chronicle-alerts

chronicle-alerts

Widget	Description	Type
Frequent Hashes in Chronicle Alerts (Top 7)	List that displays the hashes that have been seen the most within Chronicle alerts Hide Query Show Query logscale `rename(field=udmEvent.target.process.file.sha256, as="SHA-256") \| top("SHA-256", limit=7) \| rename(field="_count", as="Count")`	`Table`
Most Recent Files in Chronicle Alerts	A table that shows the most recent files seen in alerts Hide Query Show Query logscale `rename(field="udmEvent.target.process.file.fullPath", as="File Path") \| rename(field="udmEvent.target.process.file.sha256", as="SHA-256") \| rename(timestamp, as="Time") \| table(["File Path", "SHA-256", "Time"], sortby=Time, limit=7)`	`Table`
Chronicle Alert Event Types (Top 10)	A chart that shows the most common UDM event types of each alert Hide Query Show Query logscale `top("udmEvent.metadata.eventType", limit=10, rest="Other")`	`Pie Chart`
Chronicle Alerts by Severity	A pie chart that shows the percentage of alerts per severity Hide Query Show Query logscale `top(severity, limit=5, rest="Other")`	`Pie Chart`
Most Recent Chronicle Alerts	A table that displays up to 10 recent alerts Hide Query Show Query logscale `rename(field="description", as="Description") \| rename(field="severity", as="Severity") \| rename(field="name", as="Rule") \| rename(field="timestamp", as="Time") \| rename(field="udmEvent.principal.hostname", as="Hostname") \| rename(field="udmEvent.metadata.eventType", as="Event Type") \| table(["Severity", "Rule", "Time", "Hostname", "Event Type", "Description"], sortby=Time, limit=10)`	`Table`
Total Chronicle Alerts	The number of total Chronicle Alerts Hide Query Show Query logscale `count()`	`Gauge`
Chronicle Alert Timeline	A timeline of all alerts seen in Chronicle divided by hostname Hide Query Show Query logscale `timechart(udmEvent.principal.hostname)`	`Time Chart`
Chronicle Alert Sources (Top 10)	A graph that shows the top data sources for Chronicle alerts Hide Query Show Query logscale `top(udmEvent.metadata.productName, limit=10, rest="Other")`	`Pie Chart`
Chronicle Alerts by Hostname (Top 10)	A chart that displays the percentage of alerts seen by Chronicle that correspond to each hostname Hide Query Show Query logscale `top("udmEvent.principal.hostname", limit=10, rest="Other")`	`Pie Chart`

Enter search term