Conducting an investigation
-
Log in to Google Security Operations
Access the Google Security Operations application.
-
View Dashboards
View the Google Security Operations Dashboards to visualize the current security status of your Enterprise.
-
Investigate an asset
Start your investigation using an asset's hostname.
-
Asset namespaces
Start your investigation using an asset's namespace.
-
Investigate an IP address
Start your investigation using an IP address.
-
Investigate a domain
Start your investigation using a domain name.
-
Investigate a user
Start your investigation using user information, such as username or email address.
-
Investigate a file
Start your investigation using file information, such as file name or file hash.
-
Search raw logs
Start your investigation by searching raw logs using regular expression keywords.
Filtering search results
-
Overview of procedural filtering
Use procedural filtering to narrow results returned in an investigation.
-
Filter data in User view
Focus your investigation by narrowing search results in User view.
-
Filter data in Rule Detections view
Focus your investigation by filtering the detections displayed in Rule Detections view.
-
Filter data in Asset view
Focus your investigation by narrowing search results in Asset view.
-
Filter data in Domain view
Focus your investigation by narrowing search results in Domain view.
-
Filter data in IP Address view
Focus your investigation by narrowing search results in IP Address view.
-
Filter data in Hash view
Focus your investigation by narrowing search results in Hash view.
-
Filter data in Raw Log Scan view
Focus your investigation by narrowing search results returned from a raw log search.
Monitoring events using rules
-
View rules using the Rules Dashboard
View the status of all rules in the Rules Dashboard.
-
Run a rule against historical data
Run an existing rule against historical data using Retrohunt.
-
View previous versions of a rule
View the previously versions of a rule.
-
Manage rules using the Rules Editor
Create and edit rules using the Rules Editor.