Access your security data programmatically.
Detection Engine API
Create, run, and manage Detection Engine rules.
Ingestion API, v1
Send device logs to Chronicle programmatically using Ingestion API, version 1.
Google Cloud Threat Intelligence API
Get and list your Google Cloud Threat Intelligence alerts from your Chronicle account programmatically.
YARA-L 2.0 language syntax
The YARA-L 2.0 syntax used to write rules in Chronicle.
YARA-L best practices
Chronicle's recommended best practices for YARA-L rules.
Unified Data Model field list
List of fields in the Unified Data Model (UDM).
Unified Data Model usage guide
More detailed descriptions of the Unified Data Model (UDM) fields, including the required and optional attributes depending on the event type.
Supported data sets
Supported vendor and device logs that can be ingested into Chronicle.
Supported default parsers
Vendor and device logs with default parsers in Chronicle.
Chronicle API feeds
Supported API feeds for ingesting log data into Chronicle.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.