Google Threat Intelligence

Google Threat Intelligence (GTI) provides indicators and context about adversaries and malware to enrich detection and hunting. PSOE covers leveraging GTI for detection and response.

Related Terms

All PSOE Terms

Google Security Operations

Google Security Operations (Google SecOps) is Google Cloud's platform for ingesting security telemetry, detecting threats, and orchestrating response.

Security Command Center

Security Command Center (SCC) is Google Cloud's security and risk-management platform that surfaces misconfigurations, vulnerabilities, and threats.

UDM

UDM (Unified Data Model) is the normalized schema Google SecOps uses to represent ingested security events.

YARA-L

YARA-L is the rules language used in Google SecOps to write single-event and multi-event detections over UDM data.

Detection rule

A detection rule is logic that identifies suspicious activity and generates alerts, written in YARA-L in Google SecOps.

Threat hunting

Threat hunting is the proactive search for threats that evade automated detections, using hypotheses and telemetry.

Google Threat Intelligence

Google Threat Intelligence (GTI) provides indicators and context about adversaries and malware to enrich detection and hunting.

IOC

An IOC (indicator of compromise) is an artifact such as a hash, domain, or IP that indicates malicious activity.

SOAR

SOAR (security orchestration, automation, and response) automates and coordinates incident-response workflows through playbooks.

Playbook

A playbook is an automated, repeatable response workflow that a SOAR platform runs to handle an incident.

Incident response

Incident response is the structured process of triaging, investigating, containing, and remediating security incidents.

MITRE ATT&CK

MITRE ATT&CK is a knowledge base of adversary tactics and techniques used to guide detection coverage.

Cloud IDS

Cloud IDS is a Google Cloud intrusion-detection service that inspects network traffic for threats.

Log ingestion

Log ingestion is the process of collecting and normalizing security logs into Google SecOps for analysis.