Event Threat DetectionBeta

Uncover security threats in Google Cloud Platform environments.


Event Threat Detection automatically scans various types of logs for suspicious activity in your Google Cloud Platform environment. Using industry-leading threat intelligence, you can quickly detect high-risk and costly threats such as malware, cryptomining, unauthorized access to GCP resources, outgoing DDoS attacks, and brute-force SSH. By distilling volumes of log data, security teams can quickly identify high-risk incidents and focus on remediation.

Quickly detect the most worrisome cloud-based threats

Using Event Threat Detection, you can automatically scan logs for high-profile indicators of compromise.

Powered by industry-leading threat intelligence

Event Threat Detection uncovers suspicious cloud-based activity using threat intelligence from Google’s internal threat investigation teams and technology. By applying this intelligence to cloud log data, you can uncover the most common threats to your cloud environment such as malware, cryptomining, malicious access to GCP resources, outgoing DDoS, and brute-force SSH.

Optimize your SIEM and cut costs

Using Event Threat Detection, you can process your high-volume logs and send only high value incidents to a third-party security system. Store your parsed log data in BigQuery for forensic analysis.

Enable a single pane of glass with Cloud Security Command Center integration

When a threat is detected, Event Threat Detection surfaces the incident in Cloud Security Command Center. This enables users to correlate the finding with other suspicious activity that may be present in your GCP environment, such as application vulnerabilities or misconfigured access control policies.


Logging integration

Automatically analyze logs in Stackdriver to detect suspicious security events. Ingest VPC Flow logs, Cloud Audit logs, SSH logs, Cloud DNS Logs, and Firewall logs.

Detect high-profile cloud threats

Leverage multiple detector rules to uncover suspicious activity such as malware, cryptomining, abusive IAM access, outgoing DDoS, port scanning, and brute-force SSH.

View findings in Cloud Security Command Center

Use the Cloud SCC dashboard to view, aggregate, and prioritize findings. When a finding is generated, it is can also be written to a Stackdriver Logging project.

Stream findings with Cloud Pub/Sub and Cloud Functions

Send findings to a third-party solution, such as a SIEM, using Cloud Pub/Sub and Cloud Functions.

Flexible API

Enable Event Threat Detection via the API with JSON support.



You will be charged a flat fee of $0.25 per gibibyte of log data analyzed by Event Threat Detection. You may incur costs related to BigQuery, as well as Cloud Pub/Sub and Cloud Functions integrations.

Google Cloud

Get started

Event Threat Detection

Start uncovering security threats in Google Cloud Platform environments.

This product is in beta. For more information on our product launch stages, see here.