Google Security Operations
Google Security Operations (Google SecOps) is Google Cloud's platform for ingesting security telemetry, detecting threats, and orchestrating response. PSOE centers on operating Google SecOps and Security Command Center.
Google Security Operations (Google SecOps) is Google Cloud's platform for ingesting security telemetry, detecting threats, and orchestrating response. PSOE centers on operating Google SecOps and Security Command Center.
Google Security Operations (Google SecOps) is Google Cloud's platform for ingesting security telemetry, detecting threats, and orchestrating response.
Security Command Center (SCC) is Google Cloud's security and risk-management platform that surfaces misconfigurations, vulnerabilities, and threats.
UDM (Unified Data Model) is the normalized schema Google SecOps uses to represent ingested security events.
YARA-L is the rules language used in Google SecOps to write single-event and multi-event detections over UDM data.
A detection rule is logic that identifies suspicious activity and generates alerts, written in YARA-L in Google SecOps.
Threat hunting is the proactive search for threats that evade automated detections, using hypotheses and telemetry.
Google Threat Intelligence (GTI) provides indicators and context about adversaries and malware to enrich detection and hunting.
An IOC (indicator of compromise) is an artifact such as a hash, domain, or IP that indicates malicious activity.
SOAR (security orchestration, automation, and response) automates and coordinates incident-response workflows through playbooks.
A playbook is an automated, repeatable response workflow that a SOAR platform runs to handle an incident.
Incident response is the structured process of triaging, investigating, containing, and remediating security incidents.
MITRE ATT&CK is a knowledge base of adversary tactics and techniques used to guide detection coverage.
Cloud IDS is a Google Cloud intrusion-detection service that inspects network traffic for threats.
Log ingestion is the process of collecting and normalizing security logs into Google SecOps for analysis.