Gemini in Google SecOps

Supported in:

For more information on Gemini, large language models, and responsible AI, see Gemini for Code . You can also see the Gemini documentation and release notes.

  • Availability: Gemini in Google SecOps is available globally. Gemini data is processed in the following regions: us-central1, asia-southeast1, and europe-west1. Customer requests are routed to the nearest region for processing.

  • Pricing: For information about pricing, see Google Security Operations pricing

  • Gemini security: For information on Gemini security features in Google Cloud, see Security with generative AI

  • Data governance: For information about Gemini data governance practices, see How Gemini for Google Cloud uses your data

  • Certifications: For information on Gemini certifications, see Certifications for Gemini

  • SecLM platform: Gemini for Google SecOps uses a range of large language models through the SecLM platform, including the specialized Sec-PaLM model. Sec-PaLM is trained on data including security blogs, threat intelligence reports, YARA and YARA-L detection rules, SOAR playbooks, malware scripts, vulnerability information, product documentation, and many other specialized datasets. For more information, see Security with generative AI

The following Google SecOps features are powered by Gemini:

Generate UDM search queries

Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts. Gemini can also help you iterate on a search, adjust the scope, expand the time range, and add filters. You can complete these tasks using natural language prompts entered into the Gemini pane. You can use Gemini to generate UDM search queries from the Gemini pane or when using UDM search. For more information, see Generate UDM search queries.

Generate a YARA-L rule using Gemini

Use a natural language prompt to generate a YARA-L rule. For more information, see Generate a YARA-L rule using Gemini.

Assistance with threat intelligence and security questions

Gemini can answer general security domain questions. Additionally, Gemini can answer specific threat intelligence questions and provide summaries about threat actors, IOCs, and other threat intelligence topics. For more information, see Assistance with threat intelligence.

Create and edit a playbook

Use Gemini to create and edit a playbook with prompts. For more information, see Create and edit a playbook with Gemini.

Gemini case summary widget

The case summary widget uses Gemini to present a summary of the case including suggestions to resolve the issue. For more information, see Using the Gemini Summary widget.