Event Threat Detection automatically scans Stackdriver logs for suspicious activity in your Google Cloud Platform environment. Using industry-leading threat intelligence, including Google Safe Browsing, you can quickly detect high-risk and costly threats such as malware, cryptomining, unauthorized access to GCP resources, outgoing DDoS attacks, port scanning, and brute-force SSH. By distilling volumes of log data, security teams can quickly identify high-risk incidents and focus on remediation.
Quickly detect the most worrisome cloud-based threats
Using Event Threat Detection, you can automatically scan Stackdriver security logs for high-profile indicators of compromise.
Powered by industry-leading threat intelligence
Event Threat Detection uncovers suspicious cloud-based activity using threat intelligence from Google Safe Browsing and GCP detectors. By applying this intelligence to cloud log data, you can uncover the most common threats to your cloud environment such as malware, cryptomining, malicious access to GCP resources, outgoing DDoS, port scanning, and brute-force SSH.
Optimize your SIEM and cut costs
Using Event Threat Detection, you can process your high-volume logs and send only high value incidents to a third-party security system. Store your parsed log data in BigQuery for forensic analysis.
Enable a single pane of glass with Cloud Security Command Center integration
When a threat is detected, Event Threat Detection surfaces the incident in Cloud Security Command Center. This enables users to correlate the finding with other suspicious activity that may be present in your GCP environment, such as application vulnerabilities or misconfigured access control policies.
Stackdriver Logging integration
Automatically analyze Stackdriver logs to detect suspicious security events. Support VPC Flow logs, Cloud Audit logs, SSH logs, and firewall logs.
Detect high-profile cloud threats
Leverage multiple detector rules to uncover suspicious activity such as malware, cryptomining, abusive IAM access, outgoing DDoS, port scanning, and brute-force SSH.
View findings in Cloud Security Command Center
Use the Cloud SCC dashboard to view, aggregate, prioritize, and escalate findings to Stackdriver Incident Response and Management (IRM). When a finding is generated, it is also automatically written to a Stackdriver Logging project.
Stream findings with Cloud Pub/Sub and Cloud Functions
Enable Event Threat Detection via the API with JSON support.
Event Threat Detection
Sign up for beta access and start uncovering security threats in Google Cloud Platform environments.
This product is in beta. For more information on our product launch stages, see here.