備份和災難復原服務的 Security Command Center 和 Google SecOps
透過集合功能整理內容
你可以依據偏好儲存及分類內容。
本指南說明 Security Command Center、Google 資安營運 (Google SecOps) 和備份與災難復原服務之間的整合方式。這項整合功能可針對 Backup and DR Service 中發生的高度風險動作,在 Security Command Center 和 Google SecOps 中顯示快訊。
您可以透過 Security Command Center 和 Google SecOps for Backup and DR Service 執行下列操作:
接收高風險動作的即時快訊,例如從工作負載移除保護
調查威脅並找出受影響的備份資源
匯總案件中的備份威脅,以便快速且有系統地進行修復
Security Command Center 會擷取來自 Google Cloud 的記錄和事件,以識別潛在的安全性風險。Google SecOps 是 Security Command Center Enterprise 的一部分,是一項 SIEM (安全資訊與事件管理) 和 SOAR (資安調度管理、自動化與應變) 工具,可針對多個來源的威脅進行智慧匯總和關聯。Google SecOps 也支援案件管理和威脅修復功能。
事前準備
啟用 Security Command Center Premium (如尚未啟用)。您可以使用 Google Cloud 控制台完成這項操作。如要瞭解 Security Command Center Enterprise,請與 Google Cloud帳戶團隊聯絡。
產生發現事項
使用者在備份和災難復原服務中執行的高風險動作,會透過 Event Threat Detection 進行監控 (這是 Security Command Center Premium 和 Security Command Center Enterprise 的一部分)。這些動作會即時監控,並與 Google Cloud的其他風險事件相關聯,並顯示為發現項目 (Security Command Center)、快訊 (Google SecOps) 和自動挑選的個案 (Google SecOps)。
Google SecOps 提供精選偵測功能,可將高風險事件以警報的形式呈現。這些精選偵測項目中,包含備份和備份資源的潛在威脅。您不需要額外設定就能使用精選偵測功能。系統也會將警報匯總為案件,以便分類及修復。
所有 Security Command Center Premium 和 Security Command Center Enterprise 客戶都能使用備份和 DR 服務的威脅偵測功能。Google SecOps for Backup and DR Service 僅供 Security Command Center Enterprise 客戶使用。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[[["\u003cp\u003eThis guide explains how Security Command Center and Google Security Operations (SecOps) integrate with Backup and DR Service to provide enhanced security monitoring.\u003c/p\u003e\n"],["\u003cp\u003eThe integration allows for real-time alerts on high-risk actions within Backup and DR Service, such as deleting backups or removing workload protection, directly surfaced in Security Command Center and Google SecOps.\u003c/p\u003e\n"],["\u003cp\u003eSecurity Command Center and Google SecOps help to investigate threats, identify affected backup resources, and aggregate backup threats into cases for faster remediation.\u003c/p\u003e\n"],["\u003cp\u003eHigh-risk actions are monitored using Event Threat Detection, resulting in Security Command Center \u003cem\u003efindings\u003c/em\u003e and Google SecOps \u003cem\u003ealerts\u003c/em\u003e that are also aggregated into auto-curated \u003cem\u003ecases\u003c/em\u003e for easy triage.\u003c/p\u003e\n"],["\u003cp\u003eSecurity Command Center and Google SecOps offer built-in investigation tooling, including integrations with Cloud Logging, MITRE classifications, and Cloud Monitoring, to enable quick investigation and remediation of security findings.\u003c/p\u003e\n"]]],[],null,["# Security Command Center and Google SecOps for Backup and DR Service\n\nThis guide describes the integration between Security Command Center,\nGoogle Security Operations (Google SecOps), and Backup and DR Service.\nThis integration enables alerts for high risk actions that occur within\nBackup and DR Service that are surfaced in Security Command Center and Google SecOps.\n\nWith Security Command Center and Google SecOps for Backup and DR Service you can:\n\n- Receive instant alerts on high-risk actions, such as removing protection from a workload\n- Investigate threats and identify affected backup resources\n- Aggregate backup threats in cases for quick and systematic remediation\n\nSecurity Command Center ingests logs and events from across Google Cloud to identify\npotential security risks. Google SecOps, included as part of\nSecurity Command Center Enterprise, is a SIEM (security information and event management)\nand SOAR (security orchestration, automation, and response) tool that\nintelligently aggregates and correlates threats across multiple sources.\nGoogle SecOps also enables case management and remediation for\nthreats.\n\n**Before You Begin**\n\nActivate Security Command Center Premium if it is not already enabled. This can be done\nusing the Google Cloud console. For Security Command Center Enterprise, contact your Google Cloud\naccount team.\n\n**Generating a Finding**\n\nHigh risk actions taken by a user in Backup and DR Service are monitored using\nEvent Threat Detection (part of Security Command Center Premium and Security Command Center Enterprise).\nThese actions are monitored in real-time, correlated with other risk events\nacross Google Cloud, and surfaced as *findings* (Security Command Center), *alerts*\n(Google SecOps) and auto-curated *cases* (Google SecOps).\n\nThese actions include:\n\n- Deleting a backup\n- Deleting a Backup Plan\n- Removing backup protection from a workload\n- Removing backup infrastructure that may impact recovery\n\nA full list of detections are available in [Security Command Center documentation](/security-command-center/docs).\n\n**Real-time findings in Security Command Center**\n\nWhen an action is deemed a security risk by Security Command Center, a finding is\ngenerated. A security administrator can then take a closer look at the\nresources affected and take recommended next steps. Findings include details\non the resources affected, when the security event occurred, and what actions\nto take to remediate a threat.\n\nSecurity Command Center offers built-in investigation tooling for customers. Links to\nCloud Logging, MITRE indicator, and affected resources enable rapid\nremediation.\n\n- Cloud Logging integration lets you click through to a detailed Cloud Logging query.\n- Cloud Monitoring integration enables [creation of additional alerts](/logging/docs/alerting/log-based-alerts#lba-by-api) on similar events.\n- MITRE classifications indicate type of attack indicated by a finding as shown in this [example](https://attack.mitre.org/techniques/T1490/).\n\n**Case management and remediation in Google SecOps**\n\nGoogle SecOps features *curated detections* which surface high-risk\nevents as Alerts. Among these curated detections are potential threats to backups\nand backup resources. Curated detections require no additional configuration.\nAlerts are also aggregated into cases for triage and remediation.\n\nThreat detection for Backup and DR Service is available to all Security Command Center Premium\nand Security Command Center Enterprise customers. Google SecOps for\nBackup and DR Service is available exclusively to Security Command Center Enterprise customers."]]
