Event Threat Detection automatically scans various types of logs for suspicious activity in your Google Cloud Platform environment. Using industry-leading threat intelligence, you can quickly detect high-risk and costly threats such as malware, cryptomining, unauthorized access to Google Cloud resources, outgoing DDoS attacks, and brute-force SSH. By distilling volumes of log data, security teams can quickly identify high-risk incidents and focus on remediation.
Quickly detect the most worrisome cloud-based threats
Using Event Threat Detection, you can automatically scan logs for high-profile indicators of compromise.
Powered by industry-leading threat intelligence
Event Threat Detection uncovers suspicious cloud-based activity using threat intelligence from Google’s internal threat investigation teams and technology. By applying this intelligence to cloud log data, you can uncover the most common threats to your cloud environment such as malware, cryptomining, malicious access to GCP resources, outgoing DDoS, and brute-force SSH.
Optimize your SIEM and cut costs
Using Event Threat Detection, you can process your high-volume logs and send only high value incidents to a third-party security system. Store your parsed log data in BigQuery for forensic analysis.
Enable a single pane of glass with Cloud Security Command Center integration
When a threat is detected, Event Threat Detection surfaces the incident in Security Command Center. This enables users to correlate the finding with other suspicious activity that may be present in your Google Cloud environment, such as application vulnerabilities or misconfigured access control policies.
Automatically analyze logs in Cloud Logging to detect suspicious security events. Ingest VPC Flow logs, Cloud Audit Logs, SSH logs, Cloud DNS logs, and firewall logs.
Detect high-profile cloud threats
Leverage multiple detector rules to uncover suspicious activity such as malware, cryptomining, abusive IAM access, outgoing DDoS, port scanning, and brute-force SSH.
View findings in Security Command Center
Use the Security Command Center dashboard to view, aggregate, and prioritize findings. When a finding is generated, it is can also be written to a Cloud Logging project.
Stream findings with Cloud Pub/Sub and Cloud Functions
Enable Event Threat Detection via the API with JSON support.
Take the next step
This product is in beta. For more information on our product launch stages, see here.