Verify Integration
After deploying the Cyware Intel Exchange integration, it is important to confirm that data ingestion and mapping are working correctly. Verification ensures that IOCs from Cyware Intel Exchange are visible in Google SecOps and are correctly parsed for dashboards, detection rules, and searches.
You can verify that the integration is functioning correctly by searching for the ingested Cyware entities in the Google SecOps SIEM Search interface.
Steps
To view Cyware Intel Exchange entities in Google SecOps, follow these steps:
Log in to your Google SecOps instance.
From the top-left corner of the console, click Investigation, and select SIEM Search.
In the UDM Search section, apply the following filter:
graph.metadata.event_metadata.base_labels.log_types = "CTIX"
Review the results displayed in the Results section to view the Cyware Intel Exchange entities ingested into Google SecOps.
View UDM Mapping Sheet
The UDM Mapping Sheet lists the UDM entity types and the corresponding raw log fields that are mapped to UDM fields by the parser. You can use this reference to understand how Cyware Intel Exchange data fields appear and are structured in Google SecOps.
To view the complete field mappings, see UDM Mapping Sheet.