Remote Agent overview

The Remote agent securely connects a cloud Google Security Operations instance to remote sites. This provides Managed Security Service Provider (MSSP) and enterprise SOC with the following capabilities:

• Execute actions and playbooks on remote sites directly from Google SecOps.
• Pull alerts and security data from remote sites with remote connectors.
• Connect to remote networks to pull data for incident response purposes.

Infrastructure

The Remote Agent infrastructure consists of the following two main components:

• Google SecOps platform: Deploy Google SecOps platform to consolidate all security alerts in one place, and orchestrate security and network products with automated workflows.
• Google SecOps agent: Deploy a Remote Agent on the remote site. The agent pulls new tasks from Google SecOps, executes remotely (on the remote or separate network) and updates Google SecOps with the results.

Agent notifications

Agent notifications, such as alerts for new agent versions and agent downtime, are enabled by default. Notifications for agent downtime trigger when a Remote Agent has been down for more than 90 seconds. You can opt out of these notifications at any time from your user preferences.

For more information about downtime notifications and high availability, see Deploy high availability in Remote Agents.

Opt out of notifications

To opt out of notifications, follow these steps:

1. Click your user avatar > User Preferences.
2. Click Notifications.
3. Optional: Clear the Remote Agent checkbox to stop receiving notification alerts.