[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],[],[[["\u003cp\u003eAccess Google Security Operations by logging into the application and then view dashboards to assess your enterprise's security status.\u003c/p\u003e\n"],["\u003cp\u003eInitiate investigations using various data points, including hostnames, namespaces, IP addresses, domains, users, files, or by searching raw logs with regular expressions.\u003c/p\u003e\n"],["\u003cp\u003eRefine investigation results using procedural filtering within specific views such as User, Rule Detections, Asset, Domain, IP Address, Hash, and Raw Log Scan.\u003c/p\u003e\n"],["\u003cp\u003eManage and monitor events through the Rules Dashboard, which enables viewing rule status, running rules against historical data, viewing rule versions, and creating or editing rules.\u003c/p\u003e\n"],["\u003cp\u003eUtilize the Google Security Operations forwarder on both Windows and Linux environments and format your log events using the Unified Data Model (UDM) for unified data.\u003c/p\u003e\n"]]],[],null,["# How-to guides\n\nConducting an investigation\n---------------------------\n\n- [### Log in to Google SecOps\n Access the Google SecOps application.](/chronicle/docs/log-in-to-ui)\n- [### View Dashboards\n View the Google SecOps Dashboards to visualize the current security status of your Enterprise.](/chronicle/docs/investigation/dashboards-user-guide)\n- [### Investigate an asset\n Start your investigation using an asset's hostname.](/chronicle/docs/investigation/investigate-asset)\n- [### Asset namespaces\n Start your investigation using an asset's namespace.](/chronicle/docs/investigation/asset-namespaces)\n- [### Investigate an IP address\n Start your investigation using an IP address.](/chronicle/docs/investigation/investigate-ipaddress)\n- [### Investigate a domain\n Start your investigation using a domain name.](/chronicle/docs/investigation/investigate-domain)\n- [### Investigate a user\n Start your investigation using user information, such as username or email address.](/chronicle/docs/investigation/investigate-user)\n- [### Investigate a file\n Start your investigation using file information, such as file name or file hash.](/chronicle/docs/investigation/investigate-file)\n- [### Search raw logs\nStart your investigation by searching raw logs using regular expression keywords.](/chronicle/docs/investigation/search-raw-logs) \n\nFiltering search results\n------------------------\n\n- [### Overview of procedural filtering\n Use procedural filtering to narrow results returned in an investigation.](/chronicle/docs/investigation/filtering-overview)\n- [### Filter data in User view\n Focus your investigation by narrowing search results in User view.](/chronicle/docs/investigation/filter-data-user-view)\n- [### Filter data in Rule Detections view\n Focus your investigation by filtering the detections displayed in Rule Detections view.](/chronicle/docs/investigation/filter-data-rule-detections)\n- [### Filter data in Asset view\n Focus your investigation by narrowing search results in Asset view.](/chronicle/docs/investigation/filter-data-asset-view)\n- [### Filter data in Domain view\n Focus your investigation by narrowing search results in Domain view.](/chronicle/docs/investigation/filter-data-domain-view)\n- [### Filter data in IP Address view\n Focus your investigation by narrowing search results in IP Address view.](/chronicle/docs/investigation/filter-data-ipaddress-view)\n- [### Filter data in Hash view\n Focus your investigation by narrowing search results in Hash view.](/chronicle/docs/investigation/filter-data-hash-view)\n- [### Filter data in Raw Log Scan view\nFocus your investigation by narrowing search results returned from a raw log search.](/chronicle/docs/investigation/filter-data-raw-log-scan-view) \n\nMonitoring events using rules\n-----------------------------\n\n- [### View rules using the Rules Dashboard\n View the status of all rules in the Rules Dashboard.](/chronicle/docs/detection/view-all-rules)\n- [### Run a rule against historical data\n Run an existing rule against historical data using Retrohunt.](/chronicle/docs/detection/run-rule-historical-data)\n- [### View previous versions of a rule\n View the previously versions of a rule.](/chronicle/docs/detection/view-rule-versions)\n- [### Manage rules using the Rules Editor\nCreate and edit rules using the Rules Editor.](/chronicle/docs/detection/manage-all-rules) \n\nInstalling Google SecOps forwarders\n-----------------------------------\n\n- [### Install the Google SecOps forwarder on Windows\n Install and run the Google SecOps forwarder on Microsoft Windows.](/chronicle/docs/install/forwarder-windows)\n- [### Install the Google SecOps forwarder on Linux\nInstall and run the Google SecOps forwarder in a Linux environment.](/chronicle/docs/install/forwarder-linux) \n\nUsing the Unified Data Model\n----------------------------\n\n- [### Format events as UDM\n Convert raw log events to the Google SecOps Unified Data Model (UDM).](/chronicle/docs/unified-data-model/format-events-as-udm)"]]
