Google SecOps can accept and reference data that describes objects such as devices, users, machines, and file hashes. How can that dat a be used in YARA-L based Threat Detection?
- Using the entity graph syntax
- preprending ‘e’ to the field name
- referencing functions that use Google Threat Intel
- Using a join from an external database