Event Threat DetectionBeta

Uncover security threats in Google Cloud Platform environments.

View documentation for this product.

Event Threat Detection overview logo

Overview

Event Threat Detection automatically scans various types of logs for suspicious activity in your Google Cloud Platform environment. Using industry-leading threat intelligence, you can quickly detect high-risk and costly threats such as malware, cryptomining, unauthorized access to Google Cloud resources, outgoing DDoS attacks, and brute-force SSH. By distilling volumes of log data, security teams can quickly identify high-risk incidents and focus on remediation.

Quickly detect the most worrisome cloud-based threats logo

Quickly detect the most worrisome cloud-based threats

Using Event Threat Detection, you can automatically scan logs for high-profile indicators of compromise.

Powered by industry-leading threat intelligence logo

Powered by industry-leading threat intelligence

Event Threat Detection uncovers suspicious cloud-based activity using threat intelligence from Google’s internal threat investigation teams and technology. By applying this intelligence to cloud log data, you can uncover the most common threats to your cloud environment such as malware, cryptomining, malicious access to GCP resources, outgoing DDoS, and brute-force SSH.

Optimize your SIEM and cut costs logo

Optimize your SIEM and cut costs

Using Event Threat Detection, you can process your high-volume logs and send only high value incidents to a third-party security system. Store your parsed log data in BigQuery for forensic analysis.

Enable a single pane of glass with Cloud Security Command Center integration logo

Enable a single pane of glass with Cloud Security Command Center integration

When a threat is detected, Event Threat Detection surfaces the incident in Security Command Center. This enables users to correlate the finding with other suspicious activity that may be present in your Google Cloud environment, such as application vulnerabilities or misconfigured access control policies.

Features headline

Logging integration

Automatically analyze logs in Cloud Logging to detect suspicious security events. Ingest VPC Flow logs, Cloud Audit Logs, SSH logs, Cloud DNS logs, and firewall logs.

Detect high-profile cloud threats

Leverage multiple detector rules to uncover suspicious activity such as malware, cryptomining, abusive IAM access, outgoing DDoS, port scanning, and brute-force SSH.

View findings in Security Command Center

Use the Security Command Center dashboard to view, aggregate, and prioritize findings. When a finding is generated, it is can also be written to a Cloud Logging project.

Stream findings with Cloud Pub/Sub and Cloud Functions

Send findings to a third-party solution, such as a SIEM, using Pub/Sub and Cloud Functions.

Flexible API

Enable Event Threat Detection via the API with JSON support.

Resources

Pricing

You will be charged a flat fee of $0.25 per gibibyte of log data analyzed by Event Threat Detection. You may incur costs related to BigQuery, as well as Pub/Sub and Cloud Functions integrations.

Take the next step

Start uncovering security threats in Google Cloud environments.

Try it free
Need help getting started?
Work with a trusted partner
Continue browsing

This product is in beta. For more information on our product launch stages, see here.