Google SecOps 提供精选检测功能,可将高风险事件显示为提醒。这些精选检测内容包括对备份和备份资源的潜在威胁。精选检测无需额外配置。
系统还会将提醒汇总到案例中,以便进行分类和修复。
所有 Security Command Center 高级版和 Security Command Center 企业版客户均可使用适用于备份和灾难恢复服务的威胁检测功能。Google SecOps for Backup and DR Service 仅面向 Security Command Center Enterprise 客户提供。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003eThis guide explains how Security Command Center and Google Security Operations (SecOps) integrate with Backup and DR Service to provide enhanced security monitoring.\u003c/p\u003e\n"],["\u003cp\u003eThe integration allows for real-time alerts on high-risk actions within Backup and DR Service, such as deleting backups or removing workload protection, directly surfaced in Security Command Center and Google SecOps.\u003c/p\u003e\n"],["\u003cp\u003eSecurity Command Center and Google SecOps help to investigate threats, identify affected backup resources, and aggregate backup threats into cases for faster remediation.\u003c/p\u003e\n"],["\u003cp\u003eHigh-risk actions are monitored using Event Threat Detection, resulting in Security Command Center \u003cem\u003efindings\u003c/em\u003e and Google SecOps \u003cem\u003ealerts\u003c/em\u003e that are also aggregated into auto-curated \u003cem\u003ecases\u003c/em\u003e for easy triage.\u003c/p\u003e\n"],["\u003cp\u003eSecurity Command Center and Google SecOps offer built-in investigation tooling, including integrations with Cloud Logging, MITRE classifications, and Cloud Monitoring, to enable quick investigation and remediation of security findings.\u003c/p\u003e\n"]]],[],null,["# Security Command Center and Google SecOps for Backup and DR Service\n\nThis guide describes the integration between Security Command Center,\nGoogle Security Operations (Google SecOps), and Backup and DR Service.\nThis integration enables alerts for high risk actions that occur within\nBackup and DR Service that are surfaced in Security Command Center and Google SecOps.\n\nWith Security Command Center and Google SecOps for Backup and DR Service you can:\n\n- Receive instant alerts on high-risk actions, such as removing protection from a workload\n- Investigate threats and identify affected backup resources\n- Aggregate backup threats in cases for quick and systematic remediation\n\nSecurity Command Center ingests logs and events from across Google Cloud to identify\npotential security risks. Google SecOps, included as part of\nSecurity Command Center Enterprise, is a SIEM (security information and event management)\nand SOAR (security orchestration, automation, and response) tool that\nintelligently aggregates and correlates threats across multiple sources.\nGoogle SecOps also enables case management and remediation for\nthreats.\n\n**Before You Begin**\n\nActivate Security Command Center Premium if it is not already enabled. This can be done\nusing the Google Cloud console. For Security Command Center Enterprise, contact your Google Cloud\naccount team.\n\n**Generating a Finding**\n\nHigh risk actions taken by a user in Backup and DR Service are monitored using\nEvent Threat Detection (part of Security Command Center Premium and Security Command Center Enterprise).\nThese actions are monitored in real-time, correlated with other risk events\nacross Google Cloud, and surfaced as *findings* (Security Command Center), *alerts*\n(Google SecOps) and auto-curated *cases* (Google SecOps).\n\nThese actions include:\n\n- Deleting a backup\n- Deleting a Backup Plan\n- Removing backup protection from a workload\n- Removing backup infrastructure that may impact recovery\n\nA full list of detections are available in [Security Command Center documentation](/security-command-center/docs).\n\n**Real-time findings in Security Command Center**\n\nWhen an action is deemed a security risk by Security Command Center, a finding is\ngenerated. A security administrator can then take a closer look at the\nresources affected and take recommended next steps. Findings include details\non the resources affected, when the security event occurred, and what actions\nto take to remediate a threat.\n\nSecurity Command Center offers built-in investigation tooling for customers. Links to\nCloud Logging, MITRE indicator, and affected resources enable rapid\nremediation.\n\n- Cloud Logging integration lets you click through to a detailed Cloud Logging query.\n- Cloud Monitoring integration enables [creation of additional alerts](/logging/docs/alerting/log-based-alerts#lba-by-api) on similar events.\n- MITRE classifications indicate type of attack indicated by a finding as shown in this [example](https://attack.mitre.org/techniques/T1490/).\n\n**Case management and remediation in Google SecOps**\n\nGoogle SecOps features *curated detections* which surface high-risk\nevents as Alerts. Among these curated detections are potential threats to backups\nand backup resources. Curated detections require no additional configuration.\nAlerts are also aggregated into cases for triage and remediation.\n\nThreat detection for Backup and DR Service is available to all Security Command Center Premium\nand Security Command Center Enterprise customers. Google SecOps for\nBackup and DR Service is available exclusively to Security Command Center Enterprise customers."]]
