Generate a YARA-L rule using Gemini

Supported in:

  1. On the Gemini pane, use a natural language prompt to generate a rule (for example, Create a rule to count how many DNS responses were truncated per principal asset host.), and then click Enter. Gemini generates a rule to detect the behavior you've searched for in the Gemini pane.

  2. Click Open in rule editor to view and modify the new rule in the Rules Editor. You can only create single-event rules using this feature.

    For example, using the previous rule prompt, Gemini could generate the following rule:

    rule gemini_rule {
  meta:
    author = "Gemini in Google SecOps"
    description = "Prompt: Create a rule to count how many DNS responses were truncated per principal asset host."

  events:
    $e.metadata.event_type = "NETWORK_DNS"
    $e.network.dns.response = true
    $e.network.dns.truncated = true
    $ph_principal_asset_hostname = $e.principal.asset.hostname

  match:
    $ph_principal_asset_hostname over 1h

  outcome:
    $event_count = count($e.metadata.id)

  condition:
    $e
}

  3. To activate the rule, click Save New Rule. The rule appears in the list of rules to the left. Hold the pointer over the rule, click the menu icon, and toggle the Live Rule option to the right (green). For more information, see Manage rules using Rules Editor.

Delete a chat session

You can delete your chat conversation session or delete all chat sessions. Gemini maintains all user conversation histories privately and adheres to Google Cloud's responsible AI practices. User history is never used to train models.

  1. In the Gemini pane, select Delete chat from the menu at the top right.
  2. Click Delete chat at the bottom right to delete the current chat session.
  3. Optional: To delete all chat sessions, select Delete all chat sessions and then click Delete all chats.

Provide feedback

You can provide feedback to responses generated by the Gemini AI investigation assistance. Your feedback helps Google improve the feature and the output generated by Gemini.

  1. In the Gemini pane, click thumb_up Thumb Up or thumb_down Thumb Down.
  2. Optional: Click thumb_down Thumb Down and provide feedback.
  3. Click Send feedback.

Need more help? Get answers from Community members and Google SecOps professionals.